mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2025-12-16 09:58:50 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Move DB queries related to session tokens in a separate module

Browse Source
This commit is contained in:
Samantaz Fox
2021-12-02 23:57:13 +01:00
parent c021b93b5c
commit 92eea3b18b
8 changed files with 140 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/invidious/helpers/handlers.cr
View File

@@ -99,7 +99,7 @@ class AuthHandler < Kemal::Handler
session = URI.decode_www_form(token["session"].as_s)
scopes, expire, signature = validate_request(token, session, env.request, HMAC_KEY, PG_DB, nil)
if email = PG_DB.query_one?("SELECT email FROM session_ids WHERE id = $1", session, as: String)
if email = Invidious::Database::SessionIDs.select_email(session)
user = PG_DB.query_one("SELECT * FROM users WHERE email = $1", email, as: User)
end
elsif sid = env.request.cookies["SID"]?.try &.value
@@ -107,7 +107,7 @@ class AuthHandler < Kemal::Handler
raise "Cannot use token as SID"
end
if email = PG_DB.query_one?("SELECT email FROM session_ids WHERE id = $1", sid, as: String)
if email = Invidious::Database::SessionIDs.select_email(sid)
user = PG_DB.query_one("SELECT * FROM users WHERE email = $1", email, as: User)
end

8
src/invidious/helpers/tokens.cr
View File

@@ -2,7 +2,7 @@ require "crypto/subtle"
def generate_token(email, scopes, expire, key, db)
session = "v1:#{Base64.urlsafe_encode(Random::Secure.random_bytes(32))}"
PG_DB.exec("INSERT INTO session_ids VALUES ($1, $2, $3)", session, email, Time.utc)
Invidious::Database::SessionIDs.insert(session, email)
token = {
"session" => session,
@@ -30,7 +30,7 @@ def generate_response(session, scopes, key, db, expire = 6.hours, use_nonce = fa
if use_nonce
nonce = Random::Secure.hex(16)
db.exec("INSERT INTO nonces VALUES ($1, $2) ON CONFLICT DO NOTHING", nonce, expire)
Invidious::Database::Nonces.insert(nonce, expire)
token["nonce"] = nonce
end
@@ -92,9 +92,9 @@ def validate_request(token, session, request, key, db, locale = nil)
raise InfoException.new("Invalid signature")
end
if token["nonce"]? && (nonce = db.query_one?("SELECT * FROM nonces WHERE nonce = $1", token["nonce"], as: {String, Time}))
if token["nonce"]? && (nonce = Invidious::Database::Nonces.select(token["nonce"].as_s))
if nonce[1] > Time.utc
db.exec("UPDATE nonces SET expire = $1 WHERE nonce = $2", Time.utc(1990, 1, 1), nonce[0])
Invidious::Database::Nonces.update_set_expired(nonce[0])
else
raise InfoException.new("Erroneous token")
end