add timestamps to management requests

2024-04-11 19:06:53 +01:00
parent 11ecfe7cb0
commit 53af0e1087
4 changed files with 59 additions and 18 deletions
--- a/main.go
+++ b/main.go
@@ -24,6 +24,8 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strconv"
+	"time"

 	"github.com/go-redis/redis/v8"
 	"github.com/gorilla/mux"
@@ -38,6 +40,7 @@ var client = redis.NewClient(&redis.Options{

 var SECRET string
 var INDEX_GET_REDIRECT = "http://alv.cx"
+var MAX_AGE_MS int64 = 500

 func main() {
 	r := mux.NewRouter()
@@ -59,6 +62,14 @@ func main() {
 		INDEX_GET_REDIRECT = p
 	}

+	if p, ok := os.LookupEnv("MAX_AGE_MS"); ok {
+		if v, err := strconv.ParseInt(p, 10, 64); err != nil {
+			fmt.Printf("Unable to parse environment variable MAX_AGE_MS: %v\n", p)
+		} else {
+			MAX_AGE_MS = v
+		}
+	}
+
 	log.Fatal(http.ListenAndServe(listenAddress, r))
 }

@@ -74,16 +85,29 @@ func indexHandler(w http.ResponseWriter, r *http.Request) {
 	command := r.PostForm.Get("Command")
 	shortlink := r.PostForm.Get("Shortlink")
 	value := r.PostForm.Get("Value")
-	fmt.Printf("command: %v, shortlink: %v, value: %v\n", command, shortlink, value)
-	fmt.Println(shortlink)
-	fmt.Println(value)
+	req_timestamp := r.PostForm.Get("Timestamp")
+	req_timestamp_int, err := strconv.ParseInt(req_timestamp, 10, 64)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Bad request"))
+		return
+	}
+
+	cur_timestamp := time.Now().UnixNano()
+	if req_timestamp_int+MAX_AGE_MS*1000*1000 < cur_timestamp {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Bad request"))
+		return
+	}
+
+	fmt.Printf("req_timestamp: %v, command: %v, shortlink: %v, value: %v\n", req_timestamp, command, shortlink, value)

 	signature := r.Header.Get("Signature")
 	calculatedSignature := fmt.Sprintf(
 		"SUS-SIGNATURE-%v",
 		getSha256HMACSignature(
 			[]byte(SECRET),
-			command+":"+shortlink+":"+value,
+			req_timestamp+":"+command+":"+shortlink+":"+value,
 		),
 	)