From c296a63e974e04c3c31f531747594d9e82723f45 Mon Sep 17 00:00:00 2001
From: Nat Lasseter <user@4574.co.uk>
Date: Wed, 19 Feb 2025 23:14:40 +0000
Subject: [4.2] Authenticators have lifespans now. All done!

---
 4.2/mail.rb | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100755 4.2/mail.rb

(limited to '4.2/mail.rb')

diff --git a/4.2/mail.rb b/4.2/mail.rb
new file mode 100755
index 0000000..f0be986
--- /dev/null
+++ b/4.2/mail.rb
@@ -0,0 +1,45 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+require 'securerandom'
+require 'sinatra'
+
+set :port, 4568
+
+Service = "Mail"
+ServicePassword = "{FvM<kgG}VpHxKJO;6Zo"
+
+def decrypt(obj, key)
+  ticket = [obj].pack("H*").unpack("C*").pack("c*")
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+  cipher.key = Digest::SHA2.digest(key)
+  cipher.update(ticket) + cipher.final
+end
+
+post '/login' do
+  request.body.rewind
+  data = JSON.parse(request.body.read)
+  next "Invalid request\n" unless data.keys.sort == %w(authenticator ticket username)
+  sk, un, ws, sn, ls, ts = decrypt(data["ticket"], ServicePassword).split(?\0)
+  ls = ls.to_i
+  ts = ts.to_i
+  next "Invalid ticket\n" unless sn == Service
+  next "Invalid ticket\n" unless un == data["username"]
+  next "Invalid ticket\n" unless ws == request.ip
+  next "Invalid ticket\n" unless Time.now.to_i >= ts
+  next "Ticket expired\n" unless Time.now.to_i < (ts + ls)
+
+  begin
+    aun, aws, als, ats = decrypt(data["authenticator"], sk).split(?,)
+    als = als.to_i
+    ats = ats.to_i
+  rescue OpenSSL::Cipher::CipherError
+    next "Invalid session key\n"
+  end
+  next "Invalid authenticator\n" unless aun == un
+  next "Invalid authenticator\n" unless aws == ws
+  next "Invalid authenticator\n" unless Time.now.to_i >= ats
+  next "Authenticator expired\n" unless Time.now.to_i < (ats + als)
+
+  "Login okay! You have no mail.\n"
+end
-- 
cgit v1.2.1