From f9da51e6c5cc9520dbb30fa9a7484fcfca8622a7 Mon Sep 17 00:00:00 2001
From: kim <grufwub@gmail.com>
Date: Thu, 24 Apr 2025 11:15:43 +0100
Subject: [PATCH] used a repeated portion of their sucess token

---
 internal/middleware/nollamas.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/internal/middleware/nollamas.go b/internal/middleware/nollamas.go
index 9cf33669b..aa6e896fb 100644
--- a/internal/middleware/nollamas.go
+++ b/internal/middleware/nollamas.go
@@ -122,12 +122,15 @@ func (m *nollamas) Serve(c *gin.Context) {
 	token := m.token(c, &hash)
 
 	// For unique challenge string just use a
-	// portion of their unique 'success' token.
+	// repeated portion of their 'success' token.
 	// SHA256 is not yet cracked, this is not an
 	// application of a hash requiring serious
 	// cryptographic security and it rotates on
 	// a TTL basis, so it should be fine.
-	challenge := token[:len(token)/2]
+	challenge := token[:len(token)/4] +
+		token[:len(token)/4] +
+		token[:len(token)/4] +
+		token[:len(token)/4]
 
 	// Prepare new log entry with challenge.
 	l := log.WithContext(c.Request.Context())