forest_admin_rpc_agent 1.4.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c41c96adbed57c2146f5e9c6ef71faecd39f1a7544a03637a1ee693d81429f9a
|
|
4
|
+
data.tar.gz: cf07504184989d2962c3df1101ee2dfc180d9e1d75ad538894019d6f4b8528c1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7ec6bb5197fc7720ecf593e207141343ae29fb873e01ea2e68c00aa744fb1ba86aa8d8906e647ab27799f336d90cba01f5a45b3939a9abf0c5930340ece1b531
|
|
7
|
+
data.tar.gz: 037b674c70759f540e6cfea09fb86ffdfbce66faa060bd827857e49b2c113713dc9534963b64f1f4e580eb741d6637810e309d4641109655b1982c33852cfeb7
|
|
@@ -4,6 +4,7 @@ module ForestAdminRpcAgent
|
|
|
4
4
|
ALLOWED_TIME_DIFF = 300
|
|
5
5
|
SIGNATURE_REUSE_WINDOW = 5
|
|
6
6
|
@@used_signatures = {}
|
|
7
|
+
@@signatures_mutex = Mutex.new
|
|
7
8
|
|
|
8
9
|
def initialize(app)
|
|
9
10
|
@app = app
|
|
@@ -32,33 +33,45 @@ module ForestAdminRpcAgent
|
|
|
32
33
|
return false unless Rack::Utils.secure_compare(signature, expected_signature)
|
|
33
34
|
|
|
34
35
|
# check if this signature has already been used (replay attack)
|
|
35
|
-
if
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
@@
|
|
36
|
+
# Reject if signature was used recently (within SIGNATURE_REUSE_WINDOW seconds)
|
|
37
|
+
# Use mutex to prevent race conditions in multi-threaded environments
|
|
38
|
+
now = current_time_in_seconds
|
|
39
|
+
|
|
40
|
+
@@signatures_mutex.synchronize do
|
|
41
|
+
if @@used_signatures.key?(signature)
|
|
42
|
+
last_used = @@used_signatures[signature]
|
|
43
|
+
time_since_last_use = now - last_used
|
|
44
|
+
return false if time_since_last_use <= SIGNATURE_REUSE_WINDOW
|
|
45
|
+
end
|
|
46
|
+
@@used_signatures[signature] = now
|
|
40
47
|
|
|
41
|
-
|
|
48
|
+
cleanup_old_signatures
|
|
49
|
+
end
|
|
42
50
|
|
|
43
51
|
true
|
|
44
52
|
end
|
|
45
53
|
|
|
46
54
|
def valid_timestamp?(timestamp)
|
|
47
55
|
time = begin
|
|
48
|
-
Time.iso8601(timestamp)
|
|
49
|
-
rescue
|
|
56
|
+
Time.iso8601(timestamp).utc
|
|
57
|
+
rescue ArgumentError
|
|
50
58
|
nil
|
|
51
59
|
end
|
|
52
60
|
return false if time.nil?
|
|
53
61
|
|
|
54
|
-
(
|
|
62
|
+
(current_time_in_seconds - time.to_i).abs <= ALLOWED_TIME_DIFF
|
|
55
63
|
end
|
|
56
64
|
|
|
57
65
|
def cleanup_old_signatures
|
|
58
|
-
|
|
66
|
+
# Should be called within mutex synchronize block
|
|
67
|
+
now = current_time_in_seconds
|
|
59
68
|
@@used_signatures.delete_if { |_signature, last_used| now - last_used > ALLOWED_TIME_DIFF }
|
|
60
69
|
end
|
|
61
70
|
|
|
71
|
+
def current_time_in_seconds
|
|
72
|
+
defined?(Time.current) ? Time.current.to_i : Time.now.utc.to_i
|
|
73
|
+
end
|
|
74
|
+
|
|
62
75
|
def auth_secret
|
|
63
76
|
ForestAdminRpcAgent.config.auth_secret
|
|
64
77
|
end
|