From 19b9998f8c42918430f7c41ebd40b8339b9d7cd7 Mon Sep 17 00:00:00 2001 From: default Date: Tue, 12 Nov 2024 09:01:30 +0100 Subject: [PATCH] The proxy token seed is created on startup and never stored. --- data.c | 17 ++++------------- html.c | 2 +- snac.c | 1 + snac.h | 1 + 4 files changed, 7 insertions(+), 14 deletions(-) diff --git a/data.c b/data.c index 30cff0a..1cd69a5 100644 --- a/data.c +++ b/data.c @@ -165,21 +165,12 @@ int srv_open(const char *basedir, int auto_upgrade) write_default_css(); } - /* if proxy_media is set but there is no token seed, create one */ - if (xs_is_true(xs_dict_get(srv_config, "proxy_media")) && - xs_is_null(xs_dict_get(srv_config, "proxy_token_seed"))) { + /* create the proxy token seed */ + { char rnd[16]; xs_rnd_buf(rnd, sizeof(rnd)); - xs *pts = xs_hex_enc(rnd, sizeof(rnd)); - xs_dict_set(srv_config, "proxy_token_seed", pts); - - if ((f = fopen(cfg_file, "w")) != NULL) { - xs_json_dump(srv_config, 4, f); - fclose(f); - - srv_log(xs_fmt("Created proxy_token_seed")); - } + srv_proxy_token_seed = xs_hex_enc(rnd, sizeof(rnd)); } return ret; @@ -3679,7 +3670,7 @@ xs_str *make_url(const char *href, const char *proxy, int by_token) xs *p = NULL; if (by_token) { - xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), proxy); + xs *tks = xs_fmt("%s:%s", srv_proxy_token_seed, proxy); xs *tk = xs_md5_hex(tks, strlen(tks)); p = xs_fmt("%s/y/%s/", proxy, tk); diff --git a/html.c b/html.c index ce4c0a8..d344745 100644 --- a/html.c +++ b/html.c @@ -3208,7 +3208,7 @@ int html_get_handler(const xs_dict *req, const char *q_path, } else { /* proxy usage authorized by proxy_token */ - xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), snac.actor); + xs *tks = xs_fmt("%s:%s", srv_proxy_token_seed, snac.actor); xs *tk = xs_md5_hex(tks, strlen(tks)); xs *p = xs_fmt("y/%s/", tk); diff --git a/snac.c b/snac.c index b9f1032..1ce563b 100644 --- a/snac.c +++ b/snac.c @@ -33,6 +33,7 @@ xs_str *srv_basedir = NULL; xs_dict *srv_config = NULL; xs_str *srv_baseurl = NULL; +xs_str *srv_proxy_token_seed = NULL; int dbglevel = 0; diff --git a/snac.h b/snac.h index 9658fc9..4fa2b46 100644 --- a/snac.h +++ b/snac.h @@ -26,6 +26,7 @@ extern double disk_layout; extern xs_str *srv_basedir; extern xs_dict *srv_config; extern xs_str *srv_baseurl; +extern xs_str *srv_proxy_token_seed; extern int dbglevel;