verify signature

LiterMC · Jan 30, 2024 · 9733273 · 9733273
1 parent d7d2d59
commit 9733273
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/handler.go b/handler.go
@@ -211,6 +211,12 @@ func (cr *Cluster) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 			return
 		}
 
+		query := req.URL.Query()
+		if !checkQuerySign(hash, cr.password, query) {
+			http.Error(rw, "Cannot verify signature", http.StatusForbidden)
+			return
+		}
+
 		if _, ok := emptyHashes[hash]; ok {
 			name := req.URL.Query().Get("name")
 			rw.Header().Set("Cache-Control", "max-age=2592000") // 30 days

diff --git a/util.go b/util.go
@@ -23,11 +23,13 @@ import (
 	"context"
 	"crypto"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
 	"math/rand"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -248,3 +250,27 @@ func getFileSize(r io.Reader) (n int64, err error) {
 	}
 	return
 }
+
+func checkQuerySign(hash string, secret string, query url.Values) bool {
+	sign, e := query.Get("s"), query.Get("e")
+	if len(sign) == 0 || len(e) == 0 {
+		return false
+	}
+	before, err := strconv.ParseInt(e, 36, 64)
+	if err != nil {
+		return false
+	}
+	hs := crypto.SHA1.New()
+	io.WriteString(hs, secret)
+	io.WriteString(hs, hash)
+	io.WriteString(hs, e)
+	var (
+		buf  [20]byte
+		sbuf [27]byte
+	)
+	base64.RawURLEncoding.Encode(sbuf[:], hs.Sum(buf[:0]))
+	if (string)(sbuf[:]) != sign {
+		return false
+	}
+	return time.Now().UnixMilli() < before
+}