diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2017-07-26 21:09:57 +0300 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2017-07-26 21:09:57 +0300 |
commit | bb31be8f6072e4dd72c8630c019f7ab5e0bc9fa9 (patch) | |
tree | d7b4194f8b6b5e7af76cf59b4130a08153ae44da /src/Sproxy/Application/State.hs | |
parent | 1123c543bdd438ad40428e7814325a53c819cee2 (diff) | |
download | sproxy2-bb31be8f6072e4dd72c8630c019f7ab5e0bc9fa9.tar.gz |
[WIP] State in OAuth2 callback should be short-livedstate
Diffstat (limited to 'src/Sproxy/Application/State.hs')
-rw-r--r-- | src/Sproxy/Application/State.hs | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/src/Sproxy/Application/State.hs b/src/Sproxy/Application/State.hs index 29d9252..8ddbedf 100644 --- a/src/Sproxy/Application/State.hs +++ b/src/Sproxy/Application/State.hs @@ -6,6 +6,8 @@ module Sproxy.Application.State ( import Data.ByteString (ByteString) import Data.ByteString.Lazy (fromStrict, toStrict) import Data.Digest.Pure.SHA (hmacSha1, bytestringDigest) +import Foreign.C.Types (CTime(..)) +import System.Posix.Time (epochTime) import qualified Data.ByteString.Base64 as Base64 import qualified Data.Serialize as DS @@ -13,16 +15,24 @@ import qualified Data.Serialize as DS -- FIXME: Compress / decompress ? -encode :: ByteString -> ByteString -> ByteString -encode key payload = Base64.encode . DS.encode $ (payload, digest key payload) - - -decode :: ByteString -> ByteString -> Either String ByteString -decode key d = do - (payload, dgst) <- DS.decode =<< Base64.decode d - if dgst /= digest key payload - then Left "junk" - else Right payload +encode :: ByteString -> Int -> ByteString -> IO (ByteString, CTime) +encode key shelflife payload = do + now <- epochTime + let expiry = now + (CTime . fromIntegral $ shelflife) + d = DS.encode (payload, (\(CTime i64) -> i64) expiry) + return (Base64.encode . DS.encode $ (d, digest key d), expiry) + + +decode :: ByteString -> ByteString -> IO (Either String ByteString) +decode key raw = do + (CTime now) <- epochTime + return $ do + (d, dgst) <- DS.decode =<< Base64.decode raw + if dgst /= digest key d then Left "junk" + else do + (payload, expiry) <- DS.decode d + if expiry < now then Left "expired" + else Right payload digest :: ByteString -> ByteString -> ByteString |