mirror of
https://github.com/rejetto/hfs2.git
synced 2025-12-19 10:03:56 +01:00
new version of copy url with password
This commit is contained in:
Massimo Melina
parent
6125e8a63b
commit
0a7c30dd06
49
main.pas
49
main.pas
@ -301,6 +301,7 @@ type
|
||||
procedure setVar(const k,v:string);
|
||||
function getVar(const k:string):string;
|
||||
procedure keepAlive();
|
||||
procedure setTTL(t:Tdatetime);
|
||||
end;
|
||||
Tsessions = Tdictionary<string,Tsession>;
|
||||
|
||||
@ -2294,6 +2295,12 @@ end;
|
||||
procedure Tsession.keepAlive();
|
||||
begin expires:=now() + ttl end;
|
||||
|
||||
procedure Tsession.setTTL(t:Tdatetime);
|
||||
begin
|
||||
ttl:=t;
|
||||
keepAlive();
|
||||
end;
|
||||
|
||||
function Tsession.getVar(const k:string):string;
|
||||
begin
|
||||
try result:=vars.values[k];
|
||||
@ -5224,6 +5231,32 @@ var
|
||||
result:=(s > '') and (s = func(func(acc.pwd)+data.session.id))
|
||||
end;
|
||||
|
||||
// parameters: u(username), e(?expiration_UTC), s2(sha256(rest+pwd))
|
||||
function urlAuth():string;
|
||||
var
|
||||
s, sign: string;
|
||||
begin
|
||||
result:='';
|
||||
if mode <> 'auth' then
|
||||
exit;
|
||||
acc:=getAccount(data.urlVars.values['u']);
|
||||
if acc = NIL then
|
||||
exit('username not found');
|
||||
sign:=conn.request.url;
|
||||
chop('?',sign);
|
||||
s:=chop('&s2=',sign);
|
||||
if strSHA256(s+acc.pwd)<>sign then
|
||||
exit('bad sign');
|
||||
try data.session.setTTL(TTimeZone.Local.ToLocalTime(StrToFloat(data.urlvars.Values['e'])) - now() )
|
||||
except end;
|
||||
|
||||
if data.session.ttl < 0 then
|
||||
exit('expired');
|
||||
data.account:=acc;
|
||||
data.session.user:=acc.user;
|
||||
data.session.redirect:=getAccountRedirect(acc);
|
||||
end; //urlAuth
|
||||
|
||||
var
|
||||
b: boolean;
|
||||
s: string;
|
||||
@ -5338,6 +5371,13 @@ var
|
||||
replyWithString(s);
|
||||
exit;
|
||||
end;
|
||||
s:=urlAuth();
|
||||
if s > '' then
|
||||
begin
|
||||
conn.reply.mode:=HRM_DENY;
|
||||
replyWithString(s);
|
||||
exit;
|
||||
end;
|
||||
|
||||
conn.ignoreSpeedLimit:=noLimitsFor(data.account);
|
||||
|
||||
@ -10471,7 +10511,7 @@ end;
|
||||
procedure Tmainfrm.copyURLwithPasswordMenuClick(sender:TObject);
|
||||
var
|
||||
a: Paccount;
|
||||
user, pwd: string;
|
||||
user, pwd, s: string;
|
||||
f: Tfile;
|
||||
begin
|
||||
if selectedFile = NIL then exit;
|
||||
@ -10489,10 +10529,10 @@ else
|
||||
if assigned(a) then pwd:=a.pwd
|
||||
else pwd:='';
|
||||
end;
|
||||
if encodePwdUrlChk.checked then pwd:=totallyEncoded(pwd)
|
||||
else pwd:=encodeURL(pwd);
|
||||
|
||||
setClip( selectedFile.fullURL( encodeURL(user)+':'+pwd ) )
|
||||
s:='mode=auth&u='+encodeURL(user);
|
||||
setClip( selectedFile.fullURL()+'?'+s
|
||||
+'&s2='+strSHA256(s+pwd) ) // sign with password
|
||||
end; // copyURLwithPasswordMenuClick
|
||||
|
||||
procedure Tmainfrm.copyURLwithAddressMenuClick(sender:Tobject);
|
||||
@ -12585,7 +12625,6 @@ tempScriptFilename:=getTempDir()+'hfs script.tmp';
|
||||
logfile.apacheZoneString:=if_(GMToffset < 0, '-','+')
|
||||
+format('%.2d%.2d', [abs(GMToffset div 60), abs(GMToffset mod 60)]);
|
||||
|
||||
|
||||
FINALIZATION
|
||||
|
||||
progFrm.free;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user