Forbid long submissions

1 files changed, 7 insertions, 2 deletions

diff --git a/main.go b/main.go
index 06d43c2..c689165 100644
--- a/main.go
+++ b/main.go
@@ -68,11 +68,11 @@ func init() {
 {{- if .Message }}
 <p><strong>{{ .Message }}</strong></p>
 {{- end }}
-<p>Select a value, such that when it is appended to the decoded form of the following base64 string, and a SHA-256 hash is taken as a whole, the first {{ .NeedBits }} bits of the SHA-256 hash are zeros. Within one octet, higher bits are considered to be in front of lower bits.</p>
+<p>Select an nonce shorter than or equal to 32 bytes, such that when it is appended to the decoded form of the following base64 string, and a SHA-256 hash is taken as a whole, the first {{ .NeedBits }} bits of the SHA-256 hash are zeros. Within one octet, higher bits are considered to be in front of lower bits.</p>
 <p>{{ .UnsignedTokenBase64 }}</p>
 <form method="POST">
 <p>
-Encode your selected value in base64 and submit it below:
+Encode your selected nonce in base64 and submit it below:
 </p>
 <input name="powxy" type="text" />
 <input type="submit" value="Submit" />
@@ -221,6 +221,11 @@ func main() {
 			return
 		}
 
+		if len(nonce) > 32 {
+			authPage("Your submission was too long.")
+			return
+		}
+
 		h := sha256.New()
 		h.Write(expectedToken[:sha256.Size])
 		h.Write(nonce)