diff options
| author | Joris Guyonvarch | 2026-04-17 22:53:02 +0200 |
|---|---|---|
| committer | Joris Guyonvarch | 2026-04-17 22:53:02 +0200 |
| commit | 648d073e1b8f4838f147c0520024bd453921a25c (patch) | |
| tree | 3a477d88c3f80a68d6477d9fe5644cc475c0cd81 /src/utils | |
| parent | 2a6bcee45086bca9128489de19908984ea1be0da (diff) | |
Remove signing login token
It’s enough to use a safe crypto lib. But augment the token size to
upper bound.
Diffstat (limited to 'src/utils')
| -rw-r--r-- | src/utils/cookie.rs | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/src/utils/cookie.rs b/src/utils/cookie.rs index e21e7d4..1ca3b73 100644 --- a/src/utils/cookie.rs +++ b/src/utils/cookie.rs @@ -1,25 +1,27 @@ use hex; use rand_core::{OsRng, TryRngCore}; -use crate::crypto::signed; use crate::model::config::Config; -const TOKEN_BYTES: usize = 20; +// We consider that it’s unfeasible to guess a token from 128 bit long (=16 bytes) to 256 bit (=32 bytes) with safe margin. +const TOKEN_BYTES: usize = 32; pub fn login(config: &Config, token: &str) -> Result<String, String> { - let signed_token = signed::sign(&config.auth_secret, token)?; - Ok(cookie(config, &signed_token, 365 * 24 * 60 * 60)) + Ok(cookie(config, &token, 365 * 24 * 60 * 60)) } pub fn logout(config: &Config) -> String { cookie(config, "", 0) } -pub fn extract_token(config: &Config, cookie: &str) -> Result<String, String> { +pub fn extract_token(cookie: &str) -> Result<String, String> { let mut xs = cookie.split('='); - xs.next(); - let signed_cookie = xs.next().ok_or("Error extracting cookie")?; - signed::verify(&config.auth_secret, signed_cookie) + if xs.next() != Some("TOKEN") { + Err("Error extracting cookie".to_string()) + } else { + let token = xs.next().ok_or("Error extracting cookie")?; + Ok(token.to_string()) + } } pub fn generate_token() -> Result<String, String> { |