aboutsummaryrefslogtreecommitdiff
path: root/www/logged_in_p.pl
diff options
context:
space:
mode:
Diffstat (limited to 'www/logged_in_p.pl')
-rwxr-xr-xwww/logged_in_p.pl20
1 files changed, 15 insertions, 5 deletions
diff --git a/www/logged_in_p.pl b/www/logged_in_p.pl
index 73c9d1c..b076618 100755
--- a/www/logged_in_p.pl
+++ b/www/logged_in_p.pl
@@ -10,6 +10,8 @@ use JSON;
use File::Slurp;
+use Crypt::OpenSSL::RSA;
+
use CGI;
use CGI::Fast;
use CGI::Session;
@@ -18,24 +20,32 @@ do "common.pl";
while (my $cgi = new CGI::Fast) {
+ $::MULKONF = {}; # to silence a warning
load_config();
print $cgi->header(-content_type => 'application/json; charset=UTF-8');
- my $cookie = $cgi->cookie('mulkid_session');
+ my $cookie = $cgi->cookie('mulkyid_session');
+
unless ($cookie) {
say encode_json({logged_in_p => 0});
exit(0);
}
- my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"});
- unless ($session) {
+ my $key = Crypt::OpenSSL::RSA->new_private_key(scalar read_file($::MULKONF->{pemfile}));
+ $key->use_pkcs1_padding();
+ $key->use_sha256_hash();
+
+ my $reverse_encrypted_user_session = decode_base64_url($cookie);
+ my $plain_user_session = $key->public_decrypt($reverse_encrypted_user_session);
+ my ($session_user, $timestamp) = split /#/, $plain_user_session;
+
+ if ($timestamp < time - 24*3600) {
say encode_json({logged_in_p => 0});
exit(0);
}
- my $email = $cgi->param('email') or die "No email address supplied";
- my $session_user = $session->param('user');
+ my $email = $cgi->param('email') or die "No email address supplied";
if (any(email_users($email)) eq $session_user) {
say encode_json({logged_in_p => 1});
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 20:47:18 +0000