From bb31be8f6072e4dd72c8630c019f7ab5e0bc9fa9 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Wed, 26 Jul 2017 21:09:57 +0300 Subject: [WIP] State in OAuth2 callback should be short-lived --- src/Sproxy/Application/State.hs | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'src/Sproxy/Application/State.hs') diff --git a/src/Sproxy/Application/State.hs b/src/Sproxy/Application/State.hs index 29d9252..8ddbedf 100644 --- a/src/Sproxy/Application/State.hs +++ b/src/Sproxy/Application/State.hs @@ -6,6 +6,8 @@ module Sproxy.Application.State ( import Data.ByteString (ByteString) import Data.ByteString.Lazy (fromStrict, toStrict) import Data.Digest.Pure.SHA (hmacSha1, bytestringDigest) +import Foreign.C.Types (CTime(..)) +import System.Posix.Time (epochTime) import qualified Data.ByteString.Base64 as Base64 import qualified Data.Serialize as DS @@ -13,16 +15,24 @@ import qualified Data.Serialize as DS -- FIXME: Compress / decompress ? -encode :: ByteString -> ByteString -> ByteString -encode key payload = Base64.encode . DS.encode $ (payload, digest key payload) - - -decode :: ByteString -> ByteString -> Either String ByteString -decode key d = do - (payload, dgst) <- DS.decode =<< Base64.decode d - if dgst /= digest key payload - then Left "junk" - else Right payload +encode :: ByteString -> Int -> ByteString -> IO (ByteString, CTime) +encode key shelflife payload = do + now <- epochTime + let expiry = now + (CTime . fromIntegral $ shelflife) + d = DS.encode (payload, (\(CTime i64) -> i64) expiry) + return (Base64.encode . DS.encode $ (d, digest key d), expiry) + + +decode :: ByteString -> ByteString -> IO (Either String ByteString) +decode key raw = do + (CTime now) <- epochTime + return $ do + (d, dgst) <- DS.decode =<< Base64.decode raw + if dgst /= digest key d then Left "junk" + else do + (payload, expiry) <- DS.decode d + if expiry < now then Left "expired" + else Right payload digest :: ByteString -> ByteString -> ByteString -- cgit v1.2.3