psyc-mirrors/psyced
1
0
Fork 0
mirror of git://git.psyced.org/git/psyced synced 2024-08-15 03:25:10 +00:00
Code Issues 2 Releases Wiki Activity

challenge: expire the cookie diligently

Browse source
This commit is contained in:
psyc://loupsycedyglgamf.onion/~lynX 2018-08-01 21:35:05 +02:00
parent fbc563a94e
commit 5c859e6fef
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
world/net/include/place.gen
View file

@ -619,13 +619,14 @@ htget(prot, query, headers, qs) {
// maybe this all belongs into archetype.gen.. chesmo! // maybe this all belongs into archetype.gen.. chesmo!
htget(prot, query, headers, qs, data, noprocess) { htget(prot, query, headers, qs, data, noprocess) {
string item = headers[item] || "/@"+ MYNICK;
if (stringp(headers["cookie"]) && regmatch(headers["cookie"], if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
"challenge=complete&answer="+ md5(CHALLENGE_MATCH))) { "challenge=complete&answer="+ md5(CHALLENGE_MATCH))) {
CHALOG("completes"); CHALOG("completes");
htnotify(query, headers, "_accomplished_web", htnotify(query, headers, "_accomplished_web",
"Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from]."); "Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
# ifdef CHALLENGE_REDIRECT # ifdef CHALLENGE_REDIRECT
return htredirect(prot, CHALLENGE_REDIRECT); return htredirect(prot, CHALLENGE_REDIRECT, "There you go", 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
# else # else
# ifdef HTGET # ifdef HTGET
// you may want to output a player iframe instead of a redirect... // you may want to output a player iframe instead of a redirect...
@ -635,7 +636,6 @@ htget(prot, query, headers, qs, data, noprocess) {
# endif # endif
# endif # endif
} }
string item = headers[item] || "/@"+ MYNICK;
if (stringp(query["answer"]) && headers["cookie"] && if (stringp(query["answer"]) && headers["cookie"] &&
regmatch(headers["cookie"], "challenge=given") && regmatch(headers["cookie"], "challenge=given") &&
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) { regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) {
@ -644,14 +644,14 @@ htget(prot, query, headers, qs, data, noprocess) {
strlen(query["parameters"]) ? strlen(query["parameters"]) ?
item +"?"+ query["parameters"] : item; item +"?"+ query["parameters"] : item;
CHALOG("reloads"); CHALOG("reloads");
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; path="+ item +";\n"); htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
return 1; return 1;
} }
sTextPath(query["layout"], query["lang"], "html"); sTextPath(query["layout"], query["lang"], "html");
// using a non-psyced cookie here so that you can't construct a // using a non-psyced cookie here so that you can't construct a
// url that allows other people to bypass the challenge. // url that allows other people to bypass the challenge.
// could add a timeout here... // could add a timeout here...
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; path="+ item +";\n"); htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n");
CHALOG("challenges"); CHALOG("challenges");
w("_PAGES_group_challenge", 0, w("_PAGES_group_challenge", 0,
([ "_challenge" : htquote(CHALLENGE_QUESTION), ([ "_challenge" : htquote(CHALLENGE_QUESTION),