mirror of
https://github.com/iv-org/invidious.git
synced 2024-10-01 01:25:56 -04:00
Add 'expire' to filter invalid tokens
This commit is contained in:
parent
b535de690e
commit
ad20d6359b
@ -4,7 +4,8 @@
|
||||
|
||||
CREATE TABLE public.nonces
|
||||
(
|
||||
nonce text
|
||||
nonce text,
|
||||
expire timestamp with time zone,
|
||||
)
|
||||
WITH (
|
||||
OIDS=FALSE
|
||||
|
@ -203,7 +203,7 @@ end
|
||||
def create_response(user_id, operation, key, db, expire = 6.hours)
|
||||
expire = Time.now + expire
|
||||
nonce = Random::Secure.hex(16)
|
||||
db.exec("INSERT INTO nonces VALUES ($1) ON CONFLICT DO NOTHING", nonce)
|
||||
db.exec("INSERT INTO nonces VALUES ($1, $2) ON CONFLICT DO NOTHING", nonce, expire)
|
||||
|
||||
challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
|
||||
token = OpenSSL::HMAC.digest(:sha256, key, challenge)
|
||||
|
Loading…
Reference in New Issue
Block a user