Add hmacKey config field for video signing

This commit is contained in:
Zed 2019-10-24 00:17:38 +02:00
parent a56f217074
commit e91e7bcc1e
6 changed files with 18 additions and 9 deletions

View file

@ -71,10 +71,10 @@ $ nimble scss
$ mkdir ./tmp $ mkdir ./tmp
``` ```
Set your hostname, port and page title in `nitter.conf`, then run Nitter by Set your hostname, port, page title and HMAC key in `nitter.conf`, then run
executing `./nitter`. You should run Nitter behind a reverse proxy such as Nitter by executing `./nitter`. You should run Nitter behind a reverse proxy
[Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for better such as [Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for
security. better security.
To build and run Nitter in Docker: To build and run Nitter in Docker:
```bash ```bash

View file

@ -12,3 +12,4 @@ profileMinutes = 10 # how long to cache profiles
[Config] [Config]
defaultTheme = "Dark" defaultTheme = "Dark"
hmacKey = "secretkey" # for signing video urls

View file

@ -23,5 +23,6 @@ proc getConfig*(path: string): Config =
cacheDir: cfg.get("Cache", "directory", "/tmp/nitter"), cacheDir: cfg.get("Cache", "directory", "/tmp/nitter"),
profileCacheTime: cfg.get("Cache", "profileMinutes", 10), profileCacheTime: cfg.get("Cache", "profileMinutes", 10),
defaultTheme: cfg.get("Config", "defaultTheme", "Dark") defaultTheme: cfg.get("Config", "defaultTheme", "Dark"),
hmacKey: cfg.get("Config", "hmacKey", "secretkey")
) )

View file

@ -11,6 +11,8 @@ import routes/[
const configPath {.strdefine.} = "./nitter.conf" const configPath {.strdefine.} = "./nitter.conf"
let cfg = getConfig(configPath) let cfg = getConfig(configPath)
setHmacKey(cfg.hmacKey)
createUnsupportedRouter(cfg) createUnsupportedRouter(cfg)
createPrefRouter(cfg) createPrefRouter(cfg)
createTimelineRouter(cfg) createTimelineRouter(cfg)

View file

@ -178,6 +178,7 @@ type
cacheDir*: string cacheDir*: string
profileCacheTime*: int profileCacheTime*: int
defaultTheme*: string defaultTheme*: string
hmacKey*: string
proc contains*(thread: Chain; tweet: Tweet): bool = proc contains*(thread: Chain; tweet: Tweet): bool =
thread.content.anyIt(it.id == tweet.id) thread.content.anyIt(it.id == tweet.id)

View file

@ -1,8 +1,11 @@
import strutils, strformat, sequtils, uri, tables import strutils, strformat, sequtils, uri, tables
import nimcrypto, regex import nimcrypto, regex
var hmacKey = "secretkey"
const const
key = "supersecretkey" badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"]
badPngExts = @["pngn", "png:", "png_"]
twitterDomains = @[ twitterDomains = @[
"twitter.com", "twitter.com",
"twimg.com", "twimg.com",
@ -10,11 +13,12 @@ const
"pbs.twimg.com", "pbs.twimg.com",
"video.twimg.com" "video.twimg.com"
] ]
badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"]
badPngExts = @["pngn", "png:", "png_"] proc setHmacKey*(key: string) =
hmacKey = key
proc getHmac*(data: string): string = proc getHmac*(data: string): string =
($hmac(sha256, key, data))[0 .. 12] ($hmac(sha256, hmacKey, data))[0 .. 12]
proc getVidUrl*(link: string): string = proc getVidUrl*(link: string): string =
let let