mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 18:02:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

used a repeated portion of their sucess token

Browse source
This commit is contained in:
kim 2025-04-24 11:15:43 +01:00
commit f9da51e6c5
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/middleware/nollamas.go
View file

@ -122,12 +122,15 @@ func (m *nollamas) Serve(c *gin.Context) {
token := m.token(c, &hash) token := m.token(c, &hash)
// For unique challenge string just use a // For unique challenge string just use a
// portion of their unique 'success' token. // repeated portion of their 'success' token.
// SHA256 is not yet cracked, this is not an // SHA256 is not yet cracked, this is not an
// application of a hash requiring serious // application of a hash requiring serious
// cryptographic security and it rotates on // cryptographic security and it rotates on
// a TTL basis, so it should be fine. // a TTL basis, so it should be fine.
challenge := token[:len(token)/2] challenge := token[:len(token)/4] +
token[:len(token)/4] +
token[:len(token)/4] +
token[:len(token)/4]
// Prepare new log entry with challenge. // Prepare new log entry with challenge.
l := log.WithContext(c.Request.Context()) l := log.WithContext(c.Request.Context())