From 4f0692e955ae7f7ef8d102342e20f03e874cf061 Mon Sep 17 00:00:00 2001
From: "Jannis M. Hoffmann" <jannis@fehcom.de>
Date: Sat, 9 Sep 2023 13:59:40 +0200
Subject: updated changelog and added missing files

---
 script/mojocookiecheck.pl | 85 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
 create mode 100755 script/mojocookiecheck.pl

(limited to 'script/mojocookiecheck.pl')

diff --git a/script/mojocookiecheck.pl b/script/mojocookiecheck.pl
new file mode 100755
index 0000000..a078b8c
--- /dev/null
+++ b/script/mojocookiecheck.pl
@@ -0,0 +1,85 @@
+#!/usr/bin/env perl
+
+use v5.34;
+use warnings;
+use utf8;
+use autodie;
+
+use Digest::SHA 'hmac_sha256_hex';
+use JSON::PP 'decode_json';
+use MIME::Base64 'decode_base64';
+use Pod::Usage 'pod2usage';
+
+
+sub main {
+    pod2usage if !@ARGV || $ARGV[0] eq '-h' || $ARGV[0] eq '--help';
+
+    die 'invalid number of args' unless @ARGV == 1 || @ARGV == 3;
+    my @check_args = $ARGV[0];
+    if (@ARGV == 3) {
+        push @check_args, $ARGV[1], $ARGV[2];
+    }
+
+    my ($match, $res) = check_cookie(@check_args);
+
+    if (defined $match && !$match) {
+        say STDERR 'mismatched mac';
+        exit 1;
+    }
+
+    my $json = decode_json $res;
+    print JSON::PP->new()->pretty(1)->canonical(1)->encode($json);
+}
+
+sub check_cookie {
+    my $cookie = shift;
+
+    # split
+    my $splitAt = rindex $cookie, '--';
+    die 'invalid format' if $splitAt == -1;
+    my $val = substr $cookie, 0, $splitAt;
+    my $sig = substr $cookie, $splitAt+2;
+
+    my $match;
+    if (@_) {
+        my ($cookie_name, $secret) = @_;
+        # hmac
+        my $check = hmac_sha256_hex "$cookie_name=$val", $secret;
+        $match = $sig eq $check;
+    }
+
+    # change base64 padding
+    $val =~ s/-*$/'=' x length $&/e;
+
+    # base64
+    my $res = decode_base64 $val;
+
+    # cookie content padding
+    $res =~ s/Z*$//;
+
+    return $match, $res;
+}
+
+main unless caller;
+
+1
+
+__END__
+
+=encoding utf-8
+
+=head1 NAME
+
+mojocookiecheck - Prints out a Signed Cookie of Mojolicious
+
+=head1 SYNOPSIS
+
+mojocookiecheck.pl [OPTIONS] COOKIE_BODY [COOKIE_NAME SECRET]
+
+  Options:
+    -h  --help    print this help
+
+=head1 DESCRIPTION
+
+This is a cookie checker for Mojolicious that converts them from an opaque
+character string to something nicely readable. It also can check the HMAC.
-- 
cgit v1.2.3