diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-03-24 21:47:40 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-03-24 22:02:18 +0800 |
| commit | dbfadc5a7e5bd3163b49878994063cd6d869fe6a (patch) | |
| tree | 5200e50de2b41a1f7e4da805fea1234141174e04 /identifier.go | |
| parent | csolver: Remove, it's not needed anymore (diff) | |
| download | powxy-dbfadc5a7e5bd3163b49878994063cd6d869fe6a.tar.gz powxy-dbfadc5a7e5bd3163b49878994063cd6d869fe6a.tar.zst powxy-dbfadc5a7e5bd3163b49878994063cd6d869fe6a.zip | |
Refactorv0.1.13
Diffstat (limited to 'identifier.go')
| -rw-r--r-- | identifier.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/identifier.go b/identifier.go index 4b15f0f..88d2be3 100644 --- a/identifier.go +++ b/identifier.go @@ -6,11 +6,15 @@ package main import ( "crypto/hmac" "crypto/sha256" + "crypto/subtle" + "encoding/base64" "encoding/binary" "net/http" "time" ) +// makeIdentifierMAC generates an identifier that semi-uniquely identifies the client, +// and generates a MAC for that identifier. func makeIdentifierMAC(request *http.Request) (identifier []byte, mac []byte) { identifier = make([]byte, 0, sha256.Size) mac = make([]byte, 0, sha256.Size) @@ -37,3 +41,18 @@ func makeIdentifierMAC(request *http.Request) (identifier []byte, mac []byte) { return } + +// validateCookie checks if the cookie is valid by comparing the base64-decoded +// value of the cookie with an expected MAC. +func validateCookie(cookie *http.Cookie, expectedMAC []byte) bool { + if cookie == nil { + return false + } + + gotMAC, err := base64.StdEncoding.DecodeString(cookie.Value) + if err != nil { + return false + } + + return subtle.ConstantTimeCompare(gotMAC, expectedMAC) == 1 +} |