deblan
/
nextcloud-spreed-signaling
mirror of https://github.com/strukturag/nextcloud-spreed-signaling
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

proxy: Generate random session hash keys. 

This is to ensure that session ids are only valid until the proxy is restarted.
pull/50/head
Joachim Bauch 10 months ago
parent
73903315a9
commit
bde0301637
Failed to extract signature
2 changed files with 8 additions and 27 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      proxy.conf.in
  2. 25
      src/proxy/proxy_server.go

10
proxy.conf.in
View File

@ -20,16 +20,6 @@
# - etcd: Token information are retrieved from an etcd cluster (see below).
tokentype = static
[sessions]
# Secret value used to generate checksums of sessions. This should be a random
# string of 32 or 64 bytes.
hashkey = secret-for-session-checksums
# Optional key for encrypting data in the sessions. Must be either 16, 24 or
# 32 bytes.
# If no key is specified, data will not be encrypted (not recommended).
blockkey = -encryption-key-
[nats]
# Url of NATS backend to use. This can also be a list of URLs to connect to
# multiple backends. For local development, this can be set to ":loopback:"

25
src/proxy/proxy_server.go
View File

@ -23,6 +23,7 @@ package main
import (
"context"
"crypto/rand"
"encoding/json"
"fmt"
"log"
@ -108,24 +109,14 @@ type ProxyServer struct {
}
func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, nats signaling.NatsClient) (*ProxyServer, error) {
hashKey, _ := config.GetString("sessions", "hashkey")
switch len(hashKey) {
case 32:
case 64:
default:
log.Printf("WARNING: The sessions hash key should be 32 or 64 bytes but is %d bytes", len(hashKey))
hashKey := make([]byte, 64)
if _, err := rand.Read(hashKey); err != nil {
return nil, fmt.Errorf("Could not generate random hash key: %s", err)
}
blockKey, _ := config.GetString("sessions", "blockkey")
blockBytes := []byte(blockKey)
switch len(blockKey) {
case 0:
blockBytes = nil
case 16:
case 24:
case 32:
default:
return nil, fmt.Errorf("The sessions block key must be 16, 24 or 32 bytes but is %d bytes", len(blockKey))
blockKey := make([]byte, 32)
if _, err := rand.Read(blockKey); err != nil {
return nil, fmt.Errorf("Could not generate random block key: %s", err)
}
var tokens ProxyTokens
@ -191,7 +182,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, na
tokens: tokens,
statsAllowedIps: statsAllowedIps,
cookie: securecookie.New([]byte(hashKey), blockBytes).MaxAge(0),
cookie: securecookie.New(hashKey, blockKey).MaxAge(0),
sessions: make(map[uint64]*ProxySession),
clients: make(map[string]signaling.McuClient),

Write Preview
Loading…
Cancel
Save