TeamPiped-mirror/piped-proxy
1
0
Fork 0
mirror of https://github.com/TeamPiped/piped-proxy.git synced 2024-08-14 23:50:45 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #116 from TeamPiped/blake3-query-hashing

Browse source 
Implement blake3 cryptographic hash verification for query string
This commit is contained in:
Kavin 2023-11-20 05:24:46 +00:00 committed by GitHub
commit 0a6feb88ae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 81 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

26
Cargo.lock generated
View file

@ -256,6 +256,12 @@ dependencies = [
"syn 2.0.39",
]
[[package]]
name = "arrayref"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545"
[[package]]
name = "arrayvec"
version = "0.7.4"
@ -349,6 +355,19 @@ version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02bef9e74b5908bed0360844109a55b62b07cc973274c11d3a577bda8cc1cf60"
[[package]]
name = "blake3"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0231f06152bf547e9c2b5194f247cd97aacf6dcd8b15d8e5ec0663f64580da87"
dependencies = [
"arrayref",
"arrayvec",
"cc",
"cfg-if",
"constant_time_eq",
]
[[package]]
name = "block-buffer"
version = "0.10.4"
@ -465,6 +484,12 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b"
[[package]]
name = "constant_time_eq"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
[[package]]
name = "convert_case"
version = "0.4.0"
@ -1380,6 +1405,7 @@ name = "piped-proxy"
version = "0.1.0"
dependencies = [
"actix-web",
"blake3",
"image",
"libwebp-sys",
"mimalloc",

5
Cargo.toml
View file

@ -23,9 +23,10 @@ rgb = { version = "0.8.37", optional = true }
once_cell = "1.18.0"
regex = "1.10.2"
blake3 = { version = "1.5.0", optional = true }
[features]
default = ["webp", "mimalloc", "reqwest-rustls"]
default = ["webp", "mimalloc", "reqwest-rustls", "qhash"]
reqwest-rustls = ["reqwest/rustls-tls"]
reqwest-native-tls = ["reqwest/default-tls"]
@ -37,5 +38,7 @@ mimalloc = ["dep:mimalloc"]
optimized = ["libwebp-sys?/sse41", "libwebp-sys?/avx2", "libwebp-sys?/neon"]
qhash = ["blake3"]
[profile.release]
lto = true

51
src/main.rs
View file

@ -137,6 +137,57 @@ async fn index(req: HttpRequest) -> Result<HttpResponse, Box<dyn Error>> {
// parse query string
let query = QString::from(req.query_string());
#[cfg(feature = "qhash")]
{
use std::collections::BTreeSet;
let secret = env::var("HASH_SECRET");
if let Ok(secret) = secret {
let qhash = query.get("qhash");
if qhash.is_none() {
return Err("No qhash provided".into());
}
let qhash = qhash.unwrap();
if qhash.len() != 8 {
return Err("Invalid qhash provided".into());
}
// Store sorted key-value pairs
let mut set = BTreeSet::new();
{
let pairs = query.to_pairs();
for (key, value) in &pairs {
if matches!(*key, "qhash" | "range" | "rewrite") {
continue;
}
set.insert((key.as_bytes().to_owned(), value.as_bytes().to_owned()));
}
}
let hash = spawn_blocking(move || {
let mut hasher = blake3::Hasher::new();
for (key, value) in set {
hasher.update(&key);
hasher.update(&value);
}
hasher.update(secret.as_bytes());
let hash = hasher.finalize().to_hex();
let hash = hash[..8].to_owned();
hash
}).await.unwrap();
if hash != qhash {
return Err("Invalid qhash provided".into());
}
}
}
let res = query.get("host");
let res = res.map(|s| s.to_string());