Browse Source

proxy: Generate random session hash keys.

This is to ensure that session ids are only valid until the proxy is restarted.
pull/50/head
Joachim Bauch 5 months ago
parent
commit
bde0301637
Failed to extract signature
2 changed files with 8 additions and 27 deletions
  1. +0
    -10
      proxy.conf.in
  2. +8
    -17
      src/proxy/proxy_server.go

+ 0
- 10
proxy.conf.in View File

@ -20,16 +20,6 @@
# - etcd: Token information are retrieved from an etcd cluster (see below).
tokentype = static
[sessions]
# Secret value used to generate checksums of sessions. This should be a random
# string of 32 or 64 bytes.
hashkey = secret-for-session-checksums
# Optional key for encrypting data in the sessions. Must be either 16, 24 or
# 32 bytes.
# If no key is specified, data will not be encrypted (not recommended).
blockkey = -encryption-key-
[nats]
# Url of NATS backend to use. This can also be a list of URLs to connect to
# multiple backends. For local development, this can be set to ":loopback:"


+ 8
- 17
src/proxy/proxy_server.go View File

@ -23,6 +23,7 @@ package main
import (
"context"
"crypto/rand"
"encoding/json"
"fmt"
"log"
@ -108,24 +109,14 @@ type ProxyServer struct {
}
func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, nats signaling.NatsClient) (*ProxyServer, error) {
hashKey, _ := config.GetString("sessions", "hashkey")
switch len(hashKey) {
case 32:
case 64:
default:
log.Printf("WARNING: The sessions hash key should be 32 or 64 bytes but is %d bytes", len(hashKey))
hashKey := make([]byte, 64)
if _, err := rand.Read(hashKey); err != nil {
return nil, fmt.Errorf("Could not generate random hash key: %s", err)
}
blockKey, _ := config.GetString("sessions", "blockkey")
blockBytes := []byte(blockKey)
switch len(blockKey) {
case 0:
blockBytes = nil
case 16:
case 24:
case 32:
default:
return nil, fmt.Errorf("The sessions block key must be 16, 24 or 32 bytes but is %d bytes", len(blockKey))
blockKey := make([]byte, 32)
if _, err := rand.Read(blockKey); err != nil {
return nil, fmt.Errorf("Could not generate random block key: %s", err)
}
var tokens ProxyTokens
@ -191,7 +182,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile, na
tokens: tokens,
statsAllowedIps: statsAllowedIps,
cookie: securecookie.New([]byte(hashKey), blockBytes).MaxAge(0),
cookie: securecookie.New(hashKey, blockKey).MaxAge(0),
sessions: make(map[uint64]*ProxySession),
clients: make(map[string]signaling.McuClient),


Loading…
Cancel
Save