# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1432051016 -28800
# Node ID bde53484df3ceb6fec533549cc7a4f2e328400db
# Parent  0f665a84b5812c5cb1446055306b63c5835460c8
sha256 hmac now

diff -r 0f665a84b581 -r bde53484df3c web/templog.py
--- a/web/templog.py	Sun May 10 21:13:49 2015 +0800
+++ b/web/templog.py	Tue May 19 23:56:56 2015 +0800
@@ -11,6 +11,7 @@
 import os
 import traceback
 import fcntl
+import hashlib
 
 import bottle
 from bottle import route, request, response
@@ -38,7 +39,8 @@
     js_enc = request.forms.data
     mac = request.forms.hmac
 
-    if hmac.new(config.HMAC_KEY, js_enc).hexdigest() != mac:
+    h = hmac.new(config.HMAC_KEY, js_enc.strip(), hashlib.sha256).hexdigest()
+    if h != mac:
         raise bottle.HTTPError(code = 403, output = "Bad key")
 
     js = zlib.decompress(binascii.a2b_base64(js_enc))