opensource/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash.git synced 2025-10-30 17:46:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

improve (crypto): derivate secret_key for each usage to reduce attack surface in the worst case scenario

Browse Source
This commit is contained in:
Mickael KERJEAN
2019-01-18 13:48:04 +11:00
parent 7af12753ca
commit ec6eb0e8fa
10 changed files with 53 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/ctrl/admin.go
View File

@ -22,7 +22,7 @@ func AdminSessionGet(ctx App, res http.ResponseWriter, req *http.Request) {
return c.Value
}()
str, err := DecryptString(SECRET_KEY, obfuscate);
str, err := DecryptString(SECRET_KEY_DERIVATE_FOR_ADMIN, obfuscate);
if err != nil {
SendSuccessResult(res, false)
return
@ -61,7 +61,7 @@ func AdminSessionAuthenticate(ctx App, res http.ResponseWriter, req *http.Reques
// Step 3: Send response to the client
body, _ := json.Marshal(NewAdminToken())
obfuscate, err := EncryptString(SECRET_KEY, string(body))
obfuscate, err := EncryptString(SECRET_KEY_DERIVATE_FOR_ADMIN, string(body))
if err != nil {
SendErrorResult(res, err)
return
@ -85,7 +85,7 @@ func AdminBackend(ctx App, res http.ResponseWriter, req *http.Request) {
}
if c, err := json.Marshal(backends); err == nil {
hash := Hash(string(c))
hash := Hash(string(c), 20)
if req.Header.Get("If-None-Match") == hash {
res.WriteHeader(http.StatusNotModified)
return