diff options
Diffstat (limited to 'script/mojocookiecheck.pl')
| -rwxr-xr-x | script/mojocookiecheck.pl | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/script/mojocookiecheck.pl b/script/mojocookiecheck.pl deleted file mode 100755 index a078b8c..0000000 --- a/script/mojocookiecheck.pl +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/env perl - -use v5.34; -use warnings; -use utf8; -use autodie; - -use Digest::SHA 'hmac_sha256_hex'; -use JSON::PP 'decode_json'; -use MIME::Base64 'decode_base64'; -use Pod::Usage 'pod2usage'; - - -sub main { - pod2usage if !@ARGV || $ARGV[0] eq '-h' || $ARGV[0] eq '--help'; - - die 'invalid number of args' unless @ARGV == 1 || @ARGV == 3; - my @check_args = $ARGV[0]; - if (@ARGV == 3) { - push @check_args, $ARGV[1], $ARGV[2]; - } - - my ($match, $res) = check_cookie(@check_args); - - if (defined $match && !$match) { - say STDERR 'mismatched mac'; - exit 1; - } - - my $json = decode_json $res; - print JSON::PP->new()->pretty(1)->canonical(1)->encode($json); -} - -sub check_cookie { - my $cookie = shift; - - # split - my $splitAt = rindex $cookie, '--'; - die 'invalid format' if $splitAt == -1; - my $val = substr $cookie, 0, $splitAt; - my $sig = substr $cookie, $splitAt+2; - - my $match; - if (@_) { - my ($cookie_name, $secret) = @_; - # hmac - my $check = hmac_sha256_hex "$cookie_name=$val", $secret; - $match = $sig eq $check; - } - - # change base64 padding - $val =~ s/-*$/'=' x length $&/e; - - # base64 - my $res = decode_base64 $val; - - # cookie content padding - $res =~ s/Z*$//; - - return $match, $res; -} - -main unless caller; - -1 - -__END__ - -=encoding utf-8 - -=head1 NAME - -mojocookiecheck - Prints out a Signed Cookie of Mojolicious - -=head1 SYNOPSIS - -mojocookiecheck.pl [OPTIONS] COOKIE_BODY [COOKIE_NAME SECRET] - - Options: - -h --help print this help - -=head1 DESCRIPTION - -This is a cookie checker for Mojolicious that converts them from an opaque -character string to something nicely readable. It also can check the HMAC. |