summaryrefslogtreecommitdiff
path: root/script/cookiecheck.pl
diff options
context:
space:
mode:
Diffstat (limited to 'script/cookiecheck.pl')
-rwxr-xr-xscript/cookiecheck.pl85
1 files changed, 85 insertions, 0 deletions
diff --git a/script/cookiecheck.pl b/script/cookiecheck.pl
new file mode 100755
index 0000000..a078b8c
--- /dev/null
+++ b/script/cookiecheck.pl
@@ -0,0 +1,85 @@
+#!/usr/bin/env perl
+
+use v5.34;
+use warnings;
+use utf8;
+use autodie;
+
+use Digest::SHA 'hmac_sha256_hex';
+use JSON::PP 'decode_json';
+use MIME::Base64 'decode_base64';
+use Pod::Usage 'pod2usage';
+
+
+sub main {
+ pod2usage if !@ARGV || $ARGV[0] eq '-h' || $ARGV[0] eq '--help';
+
+ die 'invalid number of args' unless @ARGV == 1 || @ARGV == 3;
+ my @check_args = $ARGV[0];
+ if (@ARGV == 3) {
+ push @check_args, $ARGV[1], $ARGV[2];
+ }
+
+ my ($match, $res) = check_cookie(@check_args);
+
+ if (defined $match && !$match) {
+ say STDERR 'mismatched mac';
+ exit 1;
+ }
+
+ my $json = decode_json $res;
+ print JSON::PP->new()->pretty(1)->canonical(1)->encode($json);
+}
+
+sub check_cookie {
+ my $cookie = shift;
+
+ # split
+ my $splitAt = rindex $cookie, '--';
+ die 'invalid format' if $splitAt == -1;
+ my $val = substr $cookie, 0, $splitAt;
+ my $sig = substr $cookie, $splitAt+2;
+
+ my $match;
+ if (@_) {
+ my ($cookie_name, $secret) = @_;
+ # hmac
+ my $check = hmac_sha256_hex "$cookie_name=$val", $secret;
+ $match = $sig eq $check;
+ }
+
+ # change base64 padding
+ $val =~ s/-*$/'=' x length $&/e;
+
+ # base64
+ my $res = decode_base64 $val;
+
+ # cookie content padding
+ $res =~ s/Z*$//;
+
+ return $match, $res;
+}
+
+main unless caller;
+
+1
+
+__END__
+
+=encoding utf-8
+
+=head1 NAME
+
+mojocookiecheck - Prints out a Signed Cookie of Mojolicious
+
+=head1 SYNOPSIS
+
+mojocookiecheck.pl [OPTIONS] COOKIE_BODY [COOKIE_NAME SECRET]
+
+ Options:
+ -h --help print this help
+
+=head1 DESCRIPTION
+
+This is a cookie checker for Mojolicious that converts them from an opaque
+character string to something nicely readable. It also can check the HMAC.