commit e87267a981390b4a076a0d4287d757c546c596ba
parent 78aa0c7719c3978e4cb28a6724d9bde7e92d3508
Author: srfsh <dev@srf.sh>
Date: Wed, 6 Jul 2022 23:00:07 +0200
admin: switch using restroom for byte comparison
Diffstat:
5 files changed, 27 insertions(+), 16 deletions(-)
diff --git a/src/zenflows/admin.ex b/src/zenflows/admin.ex
@@ -3,27 +3,15 @@ defmodule Zenflows.Admin do
Functionality to authenticate of admin-related calls.
"""
+alias Zenflows.Restroom
+
def auth(key) do
with {:ok, key_given} <- Base.decode16(key, case: :lower),
key_want = Application.fetch_env!(:zenflows, Zenflows.Admin)[:admin_key],
- true <- keys_match?(key_given, key_want) do
+ true <- Restroom.byte_equal?(key_given, key_want) do
:ok
else _ ->
{:error, "you are not authorized"}
end
end
-
-# TODO: replace with `:crypto.hash_equals/2` when we require OTP 25.
-defp keys_match?(left, right) do
- byte_size(left) == byte_size(right) and keys_match?(left, right, 0)
-end
-
-defp keys_match?(<<x, left::binary>>, <<y, right::binary>>, acc) do
- xorred = Bitwise.bxor(x, y)
- keys_match?(left, right, Bitwise.bor(acc, xorred))
-end
-
-defp keys_match?(<<>>, <<>>, acc) do
- acc === 0
-end
end
diff --git a/src/zenflows/restroom.ex b/src/zenflows/restroom.ex
@@ -4,9 +4,12 @@ A module to interact with Restroom instances over (for now) HTTP.
"""
@doc """
+Returns `true` when `left` and `right` are equal, `false` otherwise.
+"""
@spec byte_equal?(binary(), binary()) :: boolean()
def byte_equal?(left, right) do
- case exec("byte_equal", %{left: left, right: right}) do
+ data = %{left: Base.encode64(left), right: Base.encode64(right)}
+ case exec("byte_equal", data) do
{:ok, %{"output" => ["1"]}} -> true
_ -> false
end
diff --git a/test/restroom.test.exs b/test/restroom.test.exs
@@ -0,0 +1,13 @@
+defmodule ZenflowsTest.Restroom do
+use ExUnit.Case, async: true
+
+import Zenflows.Restroom
+
+test "`byte_equal?/2` returns `true` when the two matches" do
+ assert byte_equal?("42", "42")
+end
+
+test "`byte_equal?/2` returns `false` when the two doesn't match" do
+ refute byte_equal?("42", "41")
+end
+end
diff --git a/zencode/byte_equal.zen b/zencode/byte_equal.zen
@@ -0,0 +1,5 @@
+Given I have a 'base64' named 'left'
+and I have a 'base64' named 'right'
+When I verify 'left' is equal to 'right'
+Then print the string '1'
+# else, zenroom exits non-zero
diff --git a/zencode/test.sh b/zencode/test.sh
@@ -55,6 +55,8 @@ keyring='{"bitcoin_address":"bc1qlsqa5rgnrma4agtjar4q5jv9pe4pxze7vsyvp7","ethere
testzen keygen "${keyring}"
+testzen byte_equal '{"output":["1"]}' '{"left":"dGhpcyBpcyBhIGJhc2U2NCBzdHJpbmcK","right":"dGhpcyBpcyBhIGJhc2U2NCBzdHJpbmcK"}' > /dev/null
+
gql64=`mktemp`
# example graphql with most allowed characters used