diff options
author | Erich Eckner <git@eckner.net> | 2022-12-22 19:07:56 +0100 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2022-12-22 19:07:56 +0100 |
commit | f2a75bf0fc91ad08597d6eb25450e5638c0bd698 (patch) | |
tree | df60cdb817aee4485b26b685a248a496bc6632ef | |
parent | 683a6becbb82bef536b7bb0df328e17a2d2e330e (diff) | |
download | wordle-backend-f2a75bf0fc91ad08597d6eb25450e5638c0bd698.tar.xz |
do not rely on tornado's cookie encryption functionality
this way, we can present (and decode!) the riddle in json, too
-rwxr-xr-x | server.py | 16 |
1 files changed, 10 insertions, 6 deletions
@@ -5,20 +5,26 @@ import tornado.web import random import string import os +from cryptography.fernet import Fernet root_dir = os.path.dirname(os.path.realpath(__file__)) with open(root_dir + '/german-5.dic', encoding='utf-8') as f: dictionary = [ word.lower() for word in f.read().split('\n') ] +fernet = Fernet(Fernet.generate_key()) + class BaseHandler(tornado.web.RequestHandler): def get_current_riddle(self): - return self.get_secure_cookie('riddle') + riddle = self.get_argument('riddle', self.get_cookie('riddle')) + if riddle: + return fernet.decrypt(riddle.encode('utf-8')) + return False class CreateHandler(BaseHandler): def get(self): self.set_header('Access-Control-Allow-Origin','*') - cookie_value = self.create_signed_value('riddle', random.SystemRandom().choice(dictionary).lower()) - self.set_cookie('riddle', cookie_value); + cookie_value = fernet.encrypt(random.SystemRandom().choice(dictionary).lower().encode('utf-8')) + self.set_cookie('riddle', cookie_value) for redirection in self.get_arguments('next'): self.redirect(redirection) return @@ -74,9 +80,7 @@ def make_app(): (r'/', ReadmeHandler), (r'/create', CreateHandler), (r'/try/(.+)', TrialHandler), - ], - cookie_secret = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(64)) - ) + ]) if __name__ == "__main__": app = make_app() |