diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-03-23 14:25:55 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-03-23 14:31:19 +0800 |
| commit | 079e9d2730c5429c2b31f75df9c4ff5b451f6efe (patch) | |
| tree | c82c49bd06f35d453abe7330b458c2fa3948f0b4 /token.go | |
| parent | Disable the readonly input box (diff) | |
| download | powxy-079e9d2730c5429c2b31f75df9c4ff5b451f6efe.tar.gz powxy-079e9d2730c5429c2b31f75df9c4ff5b451f6efe.tar.zst powxy-079e9d2730c5429c2b31f75df9c4ff5b451f6efe.zip | |
Cut half of the cookie, the HMAC is enough
Diffstat (limited to '')
| -rw-r--r-- | token.go | 19 |
1 files changed, 10 insertions, 9 deletions
@@ -11,8 +11,9 @@ import ( "time" ) -func makeSignedToken(request *http.Request) []byte { - buf := make([]byte, 0, 2*sha256.Size) +func makeSignedToken(request *http.Request) (identifier []byte, mac []byte) { + identifier = make([]byte, 0, sha256.Size) + mac = make([]byte, 0, sha256.Size) timeBuf := make([]byte, binary.MaxVarintLen64) binary.PutVarint(timeBuf, time.Now().Unix()/604800) @@ -26,17 +27,17 @@ func makeSignedToken(request *http.Request) []byte { h.Write(stringToBytes(request.Header.Get("Accept-Encoding"))) h.Write(stringToBytes(request.Header.Get("Accept-Language"))) h.Write(privkeyHash) - buf = h.Sum(buf) - if len(buf) != sha256.Size { + identifier = h.Sum(identifier) + if len(identifier) != sha256.Size { panic("unexpected buffer length after hashing contents") } - mac := hmac.New(sha256.New, privkey) - mac.Write(buf) - buf = mac.Sum(buf) - if len(buf) != 2*sha256.Size { + m := hmac.New(sha256.New, privkey) + m.Write(identifier) + mac = m.Sum(mac) + if len(mac) != sha256.Size { panic("unexpected buffer length after hmac") } - return buf + return } |