36 lines
851 B
JavaScript
36 lines
851 B
JavaScript
module.exports = () => {
|
|
const config = require("../../config"),
|
|
crypto = require("crypto"),
|
|
moment = require("moment");
|
|
|
|
const skey = config.get("core.machinekey");
|
|
const trustInterval = 5 * 60 * 1000;
|
|
|
|
function check(token) {
|
|
if (!token || typeof token !== "string") return false;
|
|
|
|
const splitted = token.split(":");
|
|
if (splitted.length < 3) return false;
|
|
|
|
const pkey = splitted[0].substr(4);
|
|
const date = splitted[1];
|
|
const orighash = splitted[2];
|
|
|
|
const timestamp = moment.utc(date, "YYYYMMDDHHmmss");
|
|
if (moment.utc() - timestamp > trustInterval) {
|
|
return false;
|
|
}
|
|
|
|
const hasher = crypto.createHmac("sha1", skey);
|
|
const hash = hasher.update(date + "\n" + pkey);
|
|
|
|
if (hash.digest("base64") !== orighash) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
return check;
|
|
};
|