From 54f3f82de310075a3419462dc18c098a57585d31 Mon Sep 17 00:00:00 2001 From: Emile Date: Sun, 22 Mar 2020 15:53:07 +0100 Subject: hash and salt (could be a doom soundtrack) --- src/http/http.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/http') diff --git a/src/http/http.go b/src/http/http.go index 7f4eb60..d124480 100644 --- a/src/http/http.go +++ b/src/http/http.go @@ -227,6 +227,18 @@ func pathHandler(w http.ResponseWriter, r *http.Request) { fileCount++ } + // Hash the file using the salt defined in the config making is + // possible to give the file to the /view handler without an + // interception being possible. + // The salted file name is hashed again on the reciever side + // making sure that the file to be downloaded is really the file + // specified. + // Overall: this makes sure that only we can provide files that + // can be downloaded + salted := fmt.Sprintf("%s%s", url, viper.GetString("hash.salt")) + hash := fmt.Sprintf("%x", sha256.Sum256([]byte(salted))) + item.SaltedHash = hash + items = append(items, item) } -- cgit 1.4.1