From dbfadc5a7e5bd3163b49878994063cd6d869fe6a Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Mon, 24 Mar 2025 21:47:40 +0800
Subject: Refactor

---
 identifier.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'identifier.go')

diff --git a/identifier.go b/identifier.go
index 4b15f0f..88d2be3 100644
--- a/identifier.go
+++ b/identifier.go
@@ -6,11 +6,15 @@ package main
 import (
 	"crypto/hmac"
 	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/base64"
 	"encoding/binary"
 	"net/http"
 	"time"
 )
 
+// makeIdentifierMAC generates an identifier that semi-uniquely identifies the client,
+// and generates a MAC for that identifier.
 func makeIdentifierMAC(request *http.Request) (identifier []byte, mac []byte) {
 	identifier = make([]byte, 0, sha256.Size)
 	mac = make([]byte, 0, sha256.Size)
@@ -37,3 +41,18 @@ func makeIdentifierMAC(request *http.Request) (identifier []byte, mac []byte) {
 
 	return
 }
+
+// validateCookie checks if the cookie is valid by comparing the base64-decoded
+// value of the cookie with an expected MAC.
+func validateCookie(cookie *http.Cookie, expectedMAC []byte) bool {
+	if cookie == nil {
+		return false
+	}
+
+	gotMAC, err := base64.StdEncoding.DecodeString(cookie.Value)
+	if err != nil {
+		return false
+	}
+
+	return subtle.ConstantTimeCompare(gotMAC, expectedMAC) == 1
+}
-- 
cgit v1.2.3