NTab仓库
fjmwkj
/
searxng
mirror of https://github.com/searxng/searxng
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[mod] implement is_hmac_of() in webutils / close to new_hmac()

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>, Alexandre Flament
Markus Heiser 3 years ago
parent
7d4834ac4d
commit
8f3a7feb47
2 changed files with 7 additions and 3 deletions
Split View Show Diff Stats
  1. 2 3
      searx/webapp.py
  2. 5 0
      searx/webutils.py

+ 2 - 3
searx/webapp.py
View File 

@@ -71,6 +71,7 @@ from searx.webutils import (
 
     get_themes,
 
     prettify_url,
 
     new_hmac,
 
+    is_hmac_of,
 
     is_flask_run_cmdline,
 
 )
 
 from searx.webadapter import (
 
@@ -1067,9 +1068,7 @@ def image_proxy():
 
     if not url:
 
         return '', 400
 
 
-    h_url = new_hmac(settings['server']['secret_key'], url.encode())
 
-    h_args = request.args.get('h')
 
-    if len(h_url) != len(h_args) or not hmac.compare_digest(h_url, h_args):
 
+    if not is_hmac_of(settings['server']['secret_key'], url.encode(), request.args.get('h', '')):
 
         return '', 400
 
 
     maximum_size = 5 * 1024 * 1024

+ 5 - 0
searx/webutils.py
View File 

@@ -80,6 +80,11 @@ def new_hmac(secret_key, url):
 
     return hmac.new(secret_key.encode(), url, hashlib.sha256).hexdigest()
 
 
 
+def is_hmac_of(secret_key, value, hmac_to_check):
 
+    hmac_of_value = new_hmac(secret_key, value)
 
+    return len(hmac_of_value) == len(hmac_to_check) and hmac.compare_digest(hmac_of_value, hmac_to_check)
 
+
 
+
 
 def prettify_url(url, max_length=74):
 
     if len(url) > max_length:
 
         chunk_len = int(max_length / 2 + 1)

© 2025 NTab仓库
Page: 41ms Template: 11ms 微信 微信二维码 哔哩哔哩 Sina Weibo Javascript Licenses Website