Mercurial > templog
comparison web/templog.py @ 240:c90190a380c6
sha256 hmac now
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 19 May 2015 23:56:56 +0800 |
| parents | 509a1be16456 |
| children | 2071d939e4ff |
comparison
equal
deleted
inserted
replaced
| 238:509a1be16456 | 240:c90190a380c6 |
|---|---|
| 9 import urllib | 9 import urllib |
| 10 import sys | 10 import sys |
| 11 import os | 11 import os |
| 12 import traceback | 12 import traceback |
| 13 import fcntl | 13 import fcntl |
| 14 import hashlib | |
| 14 | 15 |
| 15 import bottle | 16 import bottle |
| 16 from bottle import route, request, response | 17 from bottle import route, request, response |
| 17 | 18 |
| 18 import config | 19 import config |
| 36 @route('/update', method='post') | 37 @route('/update', method='post') |
| 37 def update(): | 38 def update(): |
| 38 js_enc = request.forms.data | 39 js_enc = request.forms.data |
| 39 mac = request.forms.hmac | 40 mac = request.forms.hmac |
| 40 | 41 |
| 41 if hmac.new(config.HMAC_KEY, js_enc).hexdigest() != mac: | 42 h = hmac.new(config.HMAC_KEY, js_enc.strip(), hashlib.sha256).hexdigest() |
| 43 if h != mac: | |
| 42 raise bottle.HTTPError(code = 403, output = "Bad key") | 44 raise bottle.HTTPError(code = 403, output = "Bad key") |
| 43 | 45 |
| 44 js = zlib.decompress(binascii.a2b_base64(js_enc)) | 46 js = zlib.decompress(binascii.a2b_base64(js_enc)) |
| 45 | 47 |
| 46 params = json.loads(js) | 48 params = json.loads(js) |