MBonaldo/hfs2
1
0
Fork 0
mirror of https://github.com/rejetto/hfs2.git synced 2025-12-19 10:03:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

new version of copy url with password

Browse Source
This commit is contained in:
Massimo Melina 2020-05-15 16:15:31 +02:00
parent 6125e8a63b
commit 0a7c30dd06
1 changed files with 44 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
main.pas
View File

@ -301,6 +301,7 @@ type
procedure setVar(const k,v:string); procedure setVar(const k,v:string);
function getVar(const k:string):string; function getVar(const k:string):string;
procedure keepAlive(); procedure keepAlive();
procedure setTTL(t:Tdatetime);
end; end;
Tsessions = Tdictionary<string,Tsession>; Tsessions = Tdictionary<string,Tsession>;
@ -2294,6 +2295,12 @@ end;
procedure Tsession.keepAlive(); procedure Tsession.keepAlive();
begin expires:=now() + ttl end; begin expires:=now() + ttl end;
procedure Tsession.setTTL(t:Tdatetime);
begin
ttl:=t;
keepAlive();
end;
function Tsession.getVar(const k:string):string; function Tsession.getVar(const k:string):string;
begin begin
try result:=vars.values[k]; try result:=vars.values[k];
@ -5224,6 +5231,32 @@ var
result:=(s > '') and (s = func(func(acc.pwd)+data.session.id)) result:=(s > '') and (s = func(func(acc.pwd)+data.session.id))
end; end;
// parameters: u(username), e(?expiration_UTC), s2(sha256(rest+pwd))
function urlAuth():string;
var
s, sign: string;
begin
result:='';
if mode <> 'auth' then
exit;
acc:=getAccount(data.urlVars.values['u']);
if acc = NIL then
exit('username not found');
sign:=conn.request.url;
chop('?',sign);
s:=chop('&s2=',sign);
if strSHA256(s+acc.pwd)<>sign then
exit('bad sign');
try data.session.setTTL(TTimeZone.Local.ToLocalTime(StrToFloat(data.urlvars.Values['e'])) - now() )
except end;
if data.session.ttl < 0 then
exit('expired');
data.account:=acc;
data.session.user:=acc.user;
data.session.redirect:=getAccountRedirect(acc);
end; //urlAuth
var var
b: boolean; b: boolean;
s: string; s: string;
@ -5338,6 +5371,13 @@ var
replyWithString(s); replyWithString(s);
exit; exit;
end; end;
s:=urlAuth();
if s > '' then
begin
conn.reply.mode:=HRM_DENY;
replyWithString(s);
exit;
end;
conn.ignoreSpeedLimit:=noLimitsFor(data.account); conn.ignoreSpeedLimit:=noLimitsFor(data.account);
@ -10471,7 +10511,7 @@ end;
procedure Tmainfrm.copyURLwithPasswordMenuClick(sender:TObject); procedure Tmainfrm.copyURLwithPasswordMenuClick(sender:TObject);
var var
a: Paccount; a: Paccount;
user, pwd: string; user, pwd, s: string;
f: Tfile; f: Tfile;
begin begin
if selectedFile = NIL then exit; if selectedFile = NIL then exit;
@ -10489,10 +10529,10 @@ else
if assigned(a) then pwd:=a.pwd if assigned(a) then pwd:=a.pwd
else pwd:=''; else pwd:='';
end; end;
if encodePwdUrlChk.checked then pwd:=totallyEncoded(pwd)
else pwd:=encodeURL(pwd);
setClip( selectedFile.fullURL( encodeURL(user)+':'+pwd ) ) s:='mode=auth&u='+encodeURL(user);
setClip( selectedFile.fullURL()+'?'+s
+'&s2='+strSHA256(s+pwd) ) // sign with password
end; // copyURLwithPasswordMenuClick end; // copyURLwithPasswordMenuClick
procedure Tmainfrm.copyURLwithAddressMenuClick(sender:Tobject); procedure Tmainfrm.copyURLwithAddressMenuClick(sender:Tobject);
@ -12585,7 +12625,6 @@ tempScriptFilename:=getTempDir()+'hfs script.tmp';
logfile.apacheZoneString:=if_(GMToffset < 0, '-','+') logfile.apacheZoneString:=if_(GMToffset < 0, '-','+')
+format('%.2d%.2d', [abs(GMToffset div 60), abs(GMToffset mod 60)]); +format('%.2d%.2d', [abs(GMToffset div 60), abs(GMToffset mod 60)]);
FINALIZATION FINALIZATION
progFrm.free; progFrm.free;