about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorEmile <hanemile@protonmail.com>2020-03-22 15:53:07 +0100
committerEmile <hanemile@protonmail.com>2020-03-22 15:53:07 +0100
commit54f3f82de310075a3419462dc18c098a57585d31 (patch)
tree40c83a8eafc43045dfccb0e9b67c15f9af7736b9 /src
parent2d73776198cbda37c95cd8b50f735d2b59cb5a45 (diff)
hash and salt (could be a doom soundtrack)
Diffstat (limited to 'src')
-rw-r--r--src/http/http.go12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/http/http.go b/src/http/http.go
index 7f4eb60..d124480 100644
--- a/src/http/http.go
+++ b/src/http/http.go
@@ -227,6 +227,18 @@ func pathHandler(w http.ResponseWriter, r *http.Request) {
 			fileCount++
 		}
 
+		// Hash the file using the salt defined in the config making is
+		// possible to give the file to the /view handler without an
+		// interception being possible.
+		// The salted file name is hashed again on the reciever side
+		// making sure that the file to be downloaded is really the file
+		// specified.
+		// Overall: this makes sure that only we can provide files that
+		// can be downloaded
+		salted := fmt.Sprintf("%s%s", url, viper.GetString("hash.salt"))
+		hash := fmt.Sprintf("%x", sha256.Sum256([]byte(salted)))
+		item.SaltedHash = hash
+
 		items = append(items, item)
 	}