diff options
| author | Jannis M. Hoffmann <jannis@fehcom.de> | 2023-09-09 13:59:40 +0200 |
|---|---|---|
| committer | Jannis M. Hoffmann <jannis@fehcom.de> | 2023-09-09 13:59:40 +0200 |
| commit | 4f0692e955ae7f7ef8d102342e20f03e874cf061 (patch) | |
| tree | e5c8c0572b944bd2cff67f7bf3d4d617cfc3983f /script/mojocookiecheck.pl | |
| parent | 60b340f898db847ab6e72ed70de6c3a81314570b (diff) | |
updated changelog and added missing files
Diffstat (limited to 'script/mojocookiecheck.pl')
| -rwxr-xr-x | script/mojocookiecheck.pl | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/script/mojocookiecheck.pl b/script/mojocookiecheck.pl new file mode 100755 index 0000000..a078b8c --- /dev/null +++ b/script/mojocookiecheck.pl @@ -0,0 +1,85 @@ +#!/usr/bin/env perl + +use v5.34; +use warnings; +use utf8; +use autodie; + +use Digest::SHA 'hmac_sha256_hex'; +use JSON::PP 'decode_json'; +use MIME::Base64 'decode_base64'; +use Pod::Usage 'pod2usage'; + + +sub main { + pod2usage if !@ARGV || $ARGV[0] eq '-h' || $ARGV[0] eq '--help'; + + die 'invalid number of args' unless @ARGV == 1 || @ARGV == 3; + my @check_args = $ARGV[0]; + if (@ARGV == 3) { + push @check_args, $ARGV[1], $ARGV[2]; + } + + my ($match, $res) = check_cookie(@check_args); + + if (defined $match && !$match) { + say STDERR 'mismatched mac'; + exit 1; + } + + my $json = decode_json $res; + print JSON::PP->new()->pretty(1)->canonical(1)->encode($json); +} + +sub check_cookie { + my $cookie = shift; + + # split + my $splitAt = rindex $cookie, '--'; + die 'invalid format' if $splitAt == -1; + my $val = substr $cookie, 0, $splitAt; + my $sig = substr $cookie, $splitAt+2; + + my $match; + if (@_) { + my ($cookie_name, $secret) = @_; + # hmac + my $check = hmac_sha256_hex "$cookie_name=$val", $secret; + $match = $sig eq $check; + } + + # change base64 padding + $val =~ s/-*$/'=' x length $&/e; + + # base64 + my $res = decode_base64 $val; + + # cookie content padding + $res =~ s/Z*$//; + + return $match, $res; +} + +main unless caller; + +1 + +__END__ + +=encoding utf-8 + +=head1 NAME + +mojocookiecheck - Prints out a Signed Cookie of Mojolicious + +=head1 SYNOPSIS + +mojocookiecheck.pl [OPTIONS] COOKIE_BODY [COOKIE_NAME SECRET] + + Options: + -h --help print this help + +=head1 DESCRIPTION + +This is a cookie checker for Mojolicious that converts them from an opaque +character string to something nicely readable. It also can check the HMAC. |