Move HMAC tokens into users.cr

2018-11-11 09:44:16 -06:00 · 2018-11-11 09:44:16 -06:00 · 1465cefa17
--- a/src/invidious/helpers/helpers.cr
+++ b/src/invidious/helpers/helpers.cr
@ -389,55 +389,3 @@ def extract_items(nodeset, ucid = nil)

  return items
 end
-
-def create_response(user_id, operation, key, expire = 6.hours)
-  expire = Time.now + expire
-  nonce = Random::Secure.hex(4)
-
-  challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
-  token = OpenSSL::HMAC.digest(:sha256, key, challenge)
-
-  challenge = Base64.urlsafe_encode(challenge)
-  token = Base64.urlsafe_encode(token)
-
-  return challenge, token
-end
-
-def validate_response(challenge, token, user_id, operation, key)
-  if !challenge
-    raise "Hidden field \"challenge\" is a required field"
-  end
-
-  if !token
-    raise "Hidden field \"token\" is a required field"
-  end
-
-  challenge = Base64.decode_string(challenge)
-  if challenge.split("-").size == 4
-    expire, nonce, challenge_user_id, challenge_operation = challenge.split("-")
-
-    expire = expire.to_i?
-    expire ||= 0
-  else
-    raise "Invalid challenge"
-  end
-
-  challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge)
-  challenge = Base64.urlsafe_encode(challenge)
-
-  if challenge != token
-    raise "Invalid token"
-  end
-
-  if challenge_operation != operation
-    raise "Invalid token"
-  end
-
-  if challenge_user_id != user_id
-    raise "Invalid token"
-  end
-
-  if expire < Time.now.to_unix
-    raise "Token is expired, please try again"
-  end
-end
--- a/src/invidious/users.cr
+++ b/src/invidious/users.cr
@ -195,3 +195,55 @@ def create_user(sid, email, password)

  return user
 end
+
+def create_response(user_id, operation, key, expire = 6.hours)
+  expire = Time.now + expire
+  nonce = Random::Secure.hex(4)
+
+  challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
+  token = OpenSSL::HMAC.digest(:sha256, key, challenge)
+
+  challenge = Base64.urlsafe_encode(challenge)
+  token = Base64.urlsafe_encode(token)
+
+  return challenge, token
+end
+
+def validate_response(challenge, token, user_id, operation, key)
+  if !challenge
+    raise "Hidden field \"challenge\" is a required field"
+  end
+
+  if !token
+    raise "Hidden field \"token\" is a required field"
+  end
+
+  challenge = Base64.decode_string(challenge)
+  if challenge.split("-").size == 4
+    expire, nonce, challenge_user_id, challenge_operation = challenge.split("-")
+
+    expire = expire.to_i?
+    expire ||= 0
+  else
+    raise "Invalid challenge"
+  end
+
+  challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge)
+  challenge = Base64.urlsafe_encode(challenge)
+
+  if challenge != token
+    raise "Invalid token"
+  end
+
+  if challenge_operation != operation
+    raise "Invalid token"
+  end
+
+  if challenge_user_id != user_id
+    raise "Invalid token"
+  end
+
+  if expire < Time.now.to_unix
+    raise "Token is expired, please try again"
+  end
+end