teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull requests 4 Releases Activity

Fix HMAC calculation
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
nemunaire 2022-02-19 15:30:26 +01:00
parent 173964a6fc
commit 21ef2f1372
5 changed files with 20 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
token-validator/handler.go
View file

@ -28,8 +28,13 @@ type DispatchFunction func(httprouter.Params, []byte) (interface{}, error)
func remoteValidatorHandler(f func(http.ResponseWriter, *http.Request, httprouter.Params)) func(http.ResponseWriter, *http.Request, httprouter.Params) {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
expectedMAC := hmac.New(sha512.New, []byte(adlin.SharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
previousMAC := hmac.New(sha512.New, []byte(adlin.SharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10-1)))
h := hmac.New(sha512.New, []byte(adlin.SharedSecret))
h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
expectedMAC := h.Sum(nil)
h = hmac.New(sha512.New, []byte(adlin.SharedSecret))
h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10-1)))
previousMAC := h.Sum(nil)
if aauth, err := base64.StdEncoding.DecodeString(r.Header.Get("X-ADLIN-Authentication")); err != nil {
http.Error(w, fmt.Sprintf("{\"errmsg\":%q}\n", err), http.StatusUnauthorized)