mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-05-02 22:03:09 +02:00
proxy: Generate random session hash keys.
This is to ensure that session ids are only valid until the proxy is restarted.
This commit is contained in:
parent
73903315a9
commit
bde0301637
|
@ -20,16 +20,6 @@
|
|||
# - etcd: Token information are retrieved from an etcd cluster (see below).
|
||||
tokentype = static
|
||||
|
||||
[sessions]
|
||||
# Secret value used to generate checksums of sessions. This should be a random
|
||||
# string of 32 or 64 bytes.
|
||||
hashkey = secret-for-session-checksums
|
||||
|
||||
# Optional key for encrypting data in the sessions. Must be either 16, 24 or
|
||||
# 32 bytes.
|
||||
# If no key is specified, data will not be encrypted (not recommended).
|
||||
blockkey = -encryption-key-
|
||||
|
||||
[nats]
|
||||
# Url of NATS backend to use. This can also be a list of URLs to connect to
|
||||
# multiple backends. For local development, this can be set to ":loopback:"
|
||||
|
|
|
@ -23,6 +23,7 @@ package main
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
|
@ -108,24 +109,14 @@ type ProxyServer struct {
|
|||
}
|
||||
|
||||
func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, nats signaling.NatsClient) (*ProxyServer, error) {
|
||||
hashKey, _ := config.GetString("sessions", "hashkey")
|
||||
switch len(hashKey) {
|
||||
case 32:
|
||||
case 64:
|
||||
default:
|
||||
log.Printf("WARNING: The sessions hash key should be 32 or 64 bytes but is %d bytes", len(hashKey))
|
||||
hashKey := make([]byte, 64)
|
||||
if _, err := rand.Read(hashKey); err != nil {
|
||||
return nil, fmt.Errorf("Could not generate random hash key: %s", err)
|
||||
}
|
||||
|
||||
blockKey, _ := config.GetString("sessions", "blockkey")
|
||||
blockBytes := []byte(blockKey)
|
||||
switch len(blockKey) {
|
||||
case 0:
|
||||
blockBytes = nil
|
||||
case 16:
|
||||
case 24:
|
||||
case 32:
|
||||
default:
|
||||
return nil, fmt.Errorf("The sessions block key must be 16, 24 or 32 bytes but is %d bytes", len(blockKey))
|
||||
blockKey := make([]byte, 32)
|
||||
if _, err := rand.Read(blockKey); err != nil {
|
||||
return nil, fmt.Errorf("Could not generate random block key: %s", err)
|
||||
}
|
||||
|
||||
var tokens ProxyTokens
|
||||
|
@ -191,7 +182,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, na
|
|||
tokens: tokens,
|
||||
statsAllowedIps: statsAllowedIps,
|
||||
|
||||
cookie: securecookie.New([]byte(hashKey), blockBytes).MaxAge(0),
|
||||
cookie: securecookie.New(hashKey, blockKey).MaxAge(0),
|
||||
sessions: make(map[uint64]*ProxySession),
|
||||
|
||||
clients: make(map[string]signaling.McuClient),
|
||||
|
|
Loading…
Reference in a new issue