Renaming + changelog

This commit is contained in:
carbotaniuman 2020-07-02 16:50:50 -05:00
parent 3f237c690d
commit 14d9515d2a
3 changed files with 7 additions and 6 deletions
CHANGELOG.md
src/main/kotlin/mdnet/base

View file

@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- [2020-06-28] Fixed various state transition bugs by [@carbotaniuman].
### Security
- [2020-07-02] Added option to enforce strict checks on tokens to prevent hotlinking [@carbotaniuman].
## [1.0.0] - 2020-06-22
### Added

View file

@ -99,12 +99,12 @@ class ImageServer(private val cache: DiskLruCache, private val statistics: Atomi
"/data"
} + "/$chapterHash/$fileName"
if (tokenized || serverSettings.forceToken) {
if (tokenized || serverSettings.forceTokens) {
val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request))
val token = JACKSON.readValue<Token>(
try {
sodium.cryptoBoxOpenEasyAfterNm(
tokenArr.sliceArray(24 until tokenArr.size), tokenArr.sliceArray(0 until 24), serverSettings.sharedKey
tokenArr.sliceArray(24 until tokenArr.size), tokenArr.sliceArray(0 until 24), serverSettings.tokenKey
)
} catch (_: SodiumException) {
if (LOGGER.isInfoEnabled) {

View file

@ -27,10 +27,10 @@ data class ServerSettings(
val imageServer: String,
val latestBuild: Int,
val url: String,
val sharedKey: ByteArray,
val tokenKey: ByteArray,
val compromised: Boolean,
val paused: Boolean,
val forceToken: Boolean = false,
val forceTokens: Boolean = false,
val tls: TlsCert?
) {
override fun equals(other: Any?): Boolean {
@ -42,7 +42,7 @@ data class ServerSettings(
if (imageServer != other.imageServer) return false
if (latestBuild != other.latestBuild) return false
if (url != other.url) return false
if (!sharedKey.contentEquals(other.sharedKey)) return false
if (!tokenKey.contentEquals(other.tokenKey)) return false
if (compromised != other.compromised) return false
if (paused != other.paused) return false
if (tls != other.tls) return false
@ -54,7 +54,7 @@ data class ServerSettings(
var result = imageServer.hashCode()
result = 31 * result + latestBuild
result = 31 * result + url.hashCode()
result = 31 * result + sharedKey.contentHashCode()
result = 31 * result + tokenKey.contentHashCode()
result = 31 * result + compromised.hashCode()
result = 31 * result + paused.hashCode()
result = 31 * result + (tls?.hashCode() ?: 0)