diff --git a/server/common/crypto.go b/server/common/crypto.go index 2027faba..394f5203 100644 --- a/server/common/crypto.go +++ b/server/common/crypto.go @@ -16,6 +16,7 @@ import ( mathrand "math/rand" "os" "runtime" + "sort" "sync" ) @@ -192,42 +193,28 @@ func verify(something []byte) ([]byte, error) { // Create a unique ID that can be use to identify different session func GenerateID(ctx *App) string { p := "" - params := ctx.Session - if params["type"] != "" { - p += "type =>" + params["type"] - } - if params["host"] != "" { - p += "host =>" + params["host"] - } - if params["hostname"] != "" { - p += "hostname =>" + params["hostname"] - } - if params["username"] != "" { - p += "username =>" + params["username"] - } - if params["user"] != "" { - p += "user =>" + params["user"] - } - if params["repo"] != "" { - p += "repo =>" + params["repo"] - } - if params["access_key_id"] != "" { - p += "access_key_id =>" + params["access_key_id"] - } - if params["endpoint"] != "" { - p += "endpoint =>" + params["endpoint"] - } - if params["bearer"] != "" { - p += "bearer =>" + params["bearer"] - } - if params["token"] != "" { - p += "token =>" + params["token"] - } - if p == "" { - return Hash("N/A", 20) + orderedKeys := make([]string, len(ctx.Session)) + for key, _ := range ctx.Session { + orderedKeys = append(orderedKeys, key) } - p += "salt => " + SECRET_KEY + sort.Strings(orderedKeys) + + for _, key := range orderedKeys { + switch key { + case "timestamp": + case "password": + case "path": + default: + if val := ctx.Session[key]; val != "" { + p += key + "=>" + ctx.Session[key] + ", " + } + } + } + if p == "" { + return "na" + } + p += "salt=>" + SECRET_KEY return Hash(p, 20) } diff --git a/server/middleware/session.go b/server/middleware/session.go index eb1f7476..85352779 100644 --- a/server/middleware/session.go +++ b/server/middleware/session.go @@ -131,6 +131,7 @@ func CanManageShare(fn func(*App, http.ResponseWriter, *http.Request)) func(ctx // the user that's currently logged in can manage the link. 2 scenarios here: // 1) scenario 1: the user is the very same one that generated the shared link in the first place ctx.Share = Share{} + ctx.Authorization = _extractAuthorization(req) if ctx.Session, err = _extractSession(req, ctx); err != nil { Log.Debug("middleware::session::share 'cannot extract session - %s'", err.Error()) SendErrorResult(res, err) @@ -147,6 +148,7 @@ func CanManageShare(fn func(*App, http.ResponseWriter, *http.Request)) func(ctx SendErrorResult(res, err) return } + ctx.Authorization = _extractAuthorization(req) if ctx.Session, err = _extractSession(req, ctx); err != nil { Log.Debug("middleware::session::share 'cannot extract session 2 - %s'", err.Error()) SendErrorResult(res, err)