mirror of
https://gitea.invidious.io/iv-org/invidious
synced 2025-06-05 23:29:12 +02:00
Add 'expire' to filter invalid tokens
This commit is contained in:
@ -203,7 +203,7 @@ end
|
||||
def create_response(user_id, operation, key, db, expire = 6.hours)
|
||||
expire = Time.now + expire
|
||||
nonce = Random::Secure.hex(16)
|
||||
db.exec("INSERT INTO nonces VALUES ($1) ON CONFLICT DO NOTHING", nonce)
|
||||
db.exec("INSERT INTO nonces VALUES ($1, $2) ON CONFLICT DO NOTHING", nonce, expire)
|
||||
|
||||
challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
|
||||
token = OpenSSL::HMAC.digest(:sha256, key, challenge)
|
||||
|
Reference in New Issue
Block a user