3 лет назад · 4b68b9abef
--- a/ebin/n4u.app
+++ b/ebin/n4u.app
@@ -2,7 +2,7 @@
 
				   {description, "N4U WebSocket Application Server"},
			
 
				   {vsn, "4.4.20"},
			
 
				   {applications, [kernel, stdlib, asn1, public_key, ssl, crypto, ranch, cowboy, fs, active, sh, gproc, nitro]},
			
 
				-  {modules, [n2o, n4u_app, n4u_sup, n4u_async, n2o_xhr, n4u_cx, n2o_cowboy, n2o_multipart, n2o_static, n2o_stream, n4u_document, n2o_proto, n2o_relay, n4u_error, n4u_io, n4u_log, n4u_mq, n4u_pickle, n4u_query, n2o_secret, n2o_session, n4u_syn, n4u_client, n4u_file, n4u_heart, n4u_http, n4u_nitrogen, n4u_text, wf, wf_convert, wf_utils]},
			
 
				+  {modules, [n2o, n4u_app, n4u_sup, n4u_async, n2o_xhr, n4u_cx, n2o_cowboy, n2o_multipart, n2o_static, n2o_stream, n4u_document, n2o_proto, n2o_relay, n4u_error, n4u_io, n4u_log, n4u_mq, n4u_pickle, n4u_query, n4u_secret, n2o_session, n4u_syn, n4u_client, n4u_file, n4u_heart, n4u_http, n4u_nitrogen, n4u_text, wf, wf_convert, wf_utils]},
			
 
				   {registered, [n4u_sup]},
			
 
				   {mod, {n4u_app, []}},
			
 
				   {env, []}
			
--- a/src/handlers/n2o_secret.erl
+++ b/src/handlers/n2o_secret.erl
@@ -1,23 +0,0 @@
 
				--module(n2o_secret).
			
 
				--include_lib("n4u/include/n4u.hrl").
			
 
				--compile([export_all, nowarn_export_all]).
			
 
				--export([pickle/1, depickle/1]).
			
 
				-
			
 
				-pickle(Data) ->
			
 
				-    Message = term_to_binary({Data,os:timestamp()}),
			
 
				-    Padding = size(Message) rem 16,
			
 
				-    Bits = (16-Padding)*8, Key = secret(), IV = crypto:strong_rand_bytes(16),
			
 
				-    Cipher = crypto:block_encrypt(aes_cbc128,Key,IV,<<Message/binary,0:Bits>>),
			
 
				-    Signature = crypto:hmac(sha256,Key,<<Cipher/binary,IV/binary>>),
			
 
				-    base64:encode(<<IV/binary,Signature/binary,Cipher/binary>>).
			
 
				-
			
 
				-secret() -> wf:config(n2o,secret,<<"ThisIsClassified">>).
			
 
				-
			
 
				-depickle(PickledData) ->
			
 
				-    try Key = secret(),
			
 
				-        Decoded = base64:decode(wf:to_binary(PickledData)),
			
 
				-        <<IV:16/binary,Signature:32/binary,Cipher/binary>> = Decoded,
			
 
				-        Signature = crypto:hmac(sha256,Key,<<Cipher/binary,IV/binary>>),
			
 
				-        {Data,_Time} = binary_to_term(crypto:block_decrypt(aes_cbc128,Key,IV,Cipher),[safe]),
			
 
				-        Data
			
 
				-    catch E:R -> wf:info(?MODULE,"Depicke Error: ~p",[{E,R}]), undefined end.
			
--- a/src/handlers/n2o_session.erl
+++ b/src/handlers/n2o_session.erl
@@ -78,8 +78,8 @@ till(Now,TTL) ->
 
				 session_id() -> get(session_id).
			
 
				 
			
 
				 new_sid() ->
			
 
				-    wf_convert:hex(binary:part(crypto:hmac(wf:config(n2o,hmac,sha256),
			
 
				-         n2o_secret:secret(),term_to_binary(os:timestamp())),0,16)).
			
 
				+    wf_convert:hex(binary:part(crypto:hmac(wf:config(n4u, hmac, sha256),
			
 
				+         n4u_secret:secret(),term_to_binary(os:timestamp())),0,16)).
			
 
				 
			
 
				 new_cookie_value(From) -> new_cookie_value(new_sid(), From).
			
 
				 new_cookie_value(undefined, From) -> new_cookie_value(new_sid(), From);
			
--- a/src/handlers/n4u_pickle.erl
+++ b/src/handlers/n4u_pickle.erl
@@ -13,7 +13,8 @@ depickle(Serialized_Data) ->
 
				   try
			
 
				     {Data, _PickleTime} = erlang:binary_to_term(base64:decode(nitro:to_binary(Serialized_Data))),
			
 
				     Data
			
 
				-  catch _:_ ->
			
 
				+  catch _E:_R ->
			
 
				+    %wf:info(?MODULE, "Depicke Error: ~p ~p", [_E, _R]),
			
 
				     undefined
			
 
				   end.
			
 
				 
			
--- a/src/handlers/n4u_secret.erl
+++ b/src/handlers/n4u_secret.erl
@@ -0,0 +1,41 @@
 
				+-module(n4u_secret).
			
 
				+
			
 
				+-export([pickle/1, depickle/1, secret/0]).
			
 
				+
			
 
				+
			
 
				+% n4u hmac aes/cbc-128 && aes/gcm-256
			
 
				+
			
 
				+pickle(Data) ->
			
 
				+  %Message = erlang:term_to_binary({Data, os:timestamp()}),
			
 
				+  Message = erlang:term_to_binary(Data),
			
 
				+  Padding = erlang:size(Message) rem 16,
			
 
				+  Bits = (16 - Padding) * 8,
			
 
				+  Key = secret(),
			
 
				+  IV = crypto:strong_rand_bytes(16),
			
 
				+  Cipher = crypto:crypto_one_time(aes_128_cbc, Key, IV, <<Message/binary, 0:Bits>>, true), % encrypt
			
 
				+  Signature = crypto:mac(application:get_env(n4u, mac_type, hmac),
			
 
				+                         application:get_env(n4u, mac_subtype, sha256),
			
 
				+                         Key, <<Cipher/binary, IV/binary>>),
			
 
				+  %base64:encode(<<IV/binary, Signature/binary, Cipher/binary>>).
			
 
				+  nitro:hex(<<IV/binary, Signature/binary, Cipher/binary>>).
			
 
				+
			
 
				+
			
 
				+depickle(PickledData) ->
			
 
				+  try Key = secret(),
			
 
				+    %Decoded = base64:decode(nitro:to_binary(PickledData)),
			
 
				+    Decoded = nitro:unhex(erlang:iolist_to_binary(PickledData)),
			
 
				+    <<IV:16/binary, Signature:32/binary, Cipher/binary>> = Decoded,
			
 
				+    Signature = crypto:mac(application:get_env(n4u, mac_type, hmac),
			
 
				+                           application:get_env(n4u, mac_subtype, sha256),
			
 
				+                           Key, <<Cipher/binary, IV/binary>>),
			
 
				+    %{Data, _Time} = erlang:binary_to_term(crypto:block_decrypt(aes_cbc128, Key, IV, Cipher), [safe]),
			
 
				+    %Data
			
 
				+    erlang:binary_to_term(crypto:crypto_one_time(aes_128_cbc, Key, IV, Cipher, false), [safe]) % decrypt
			
 
				+  catch _E:_R ->
			
 
				+    %wf:info(?MODULE, "Depicke Error: ~p ~p", [_E, _R]),
			
 
				+    <<"">>
			
 
				+  end.
			
 
				+
			
 
				+
			
 
				+secret() -> application:get_env(n4u, secret, <<"ThisIsClassified">>).
			
 
				+