tangled.org
+16
-1
knotserver/middleware.go
+16
-1
knotserver/middleware.go
···
5
5
"crypto/sha256"
6
6
"encoding/hex"
7
7
"net/http"
8
+
"time"
8
9
)
9
10
10
11
func (h *Handle) VerifySignature(next http.Handler) http.Handler {
···
20
21
21
22
func (h *Handle) verifyHMAC(signature string, r *http.Request) bool {
22
23
secret := h.c.Secret
23
-
message := r.Method + r.URL.Path + r.URL.RawQuery
24
+
timestamp := r.Header.Get("X-Timestamp")
25
+
if timestamp == "" {
26
+
return false
27
+
}
28
+
29
+
// Verify that the timestamp is not older than a minute
30
+
reqTime, err := time.Parse(time.RFC3339, timestamp)
31
+
if err != nil {
32
+
return false
33
+
}
34
+
if time.Since(reqTime) > time.Minute {
35
+
return false
36
+
}
37
+
38
+
message := r.Method + r.URL.Path + timestamp
24
39
25
40
mac := hmac.New(sha256.New, []byte(secret))
26
41
mac.Write([]byte(message))