Add 'expire' to filter invalid tokens
This commit is contained in:
parent
b535de690e
commit
ad20d6359b
@ -4,7 +4,8 @@
|
|||||||
|
|
||||||
CREATE TABLE public.nonces
|
CREATE TABLE public.nonces
|
||||||
(
|
(
|
||||||
nonce text
|
nonce text,
|
||||||
|
expire timestamp with time zone,
|
||||||
)
|
)
|
||||||
WITH (
|
WITH (
|
||||||
OIDS=FALSE
|
OIDS=FALSE
|
||||||
|
@ -203,7 +203,7 @@ end
|
|||||||
def create_response(user_id, operation, key, db, expire = 6.hours)
|
def create_response(user_id, operation, key, db, expire = 6.hours)
|
||||||
expire = Time.now + expire
|
expire = Time.now + expire
|
||||||
nonce = Random::Secure.hex(16)
|
nonce = Random::Secure.hex(16)
|
||||||
db.exec("INSERT INTO nonces VALUES ($1) ON CONFLICT DO NOTHING", nonce)
|
db.exec("INSERT INTO nonces VALUES ($1, $2) ON CONFLICT DO NOTHING", nonce, expire)
|
||||||
|
|
||||||
challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
|
challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
|
||||||
token = OpenSSL::HMAC.digest(:sha256, key, challenge)
|
token = OpenSSL::HMAC.digest(:sha256, key, challenge)
|
||||||
|
Loading…
Reference in New Issue
Block a user