izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hash cookies

Browse Source
This commit is contained in:
Yukino Song
2025-01-18 15:08:44 +08:00
parent 2a173239f6
commit 57171c3316
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/confighttp.cpp
+4 -3
View File
@@ -194,7 +194,7 @@ namespace confighttp {
} }
auto authCookie = getCookieValue(cookies->second, "auth"); auto authCookie = getCookieValue(cookies->second, "auth");
if (authCookie.empty() || authCookie != sessionCookie) { if (authCookie.empty() || util::hex(crypto::hash(authCookie + config::sunshine.salt)).to_string() != sessionCookie) {
return false; return false;
} }
@@ -949,11 +949,12 @@ namespace confighttp {
return; return;
} }
sessionCookie = crypto::rand_alphabet(64); std::string sessionCookieRaw = crypto::rand_alphabet(64);
sessionCookie = util::hex(crypto::hash(sessionCookieRaw + config::sunshine.salt)).to_string();
cookie_creation_time = std::chrono::steady_clock::now(); cookie_creation_time = std::chrono::steady_clock::now();
const SimpleWeb::CaseInsensitiveMultimap headers { const SimpleWeb::CaseInsensitiveMultimap headers {
{ "Set-Cookie", "auth=" + sessionCookie + "; Secure; Max-Age=2592000; Path=/" } { "Set-Cookie", "auth=" + sessionCookieRaw + "; Secure; Max-Age=2592000; Path=/" }
}; };
response->write(headers); response->write(headers);