diff --git a/crmpixel.go b/crmpixel.go index 7e92f47..8730eac 100644 --- a/crmpixel.go +++ b/crmpixel.go @@ -194,13 +194,6 @@ func crmpixelLead(id string) (info crmdLead, err error) { //redirect user to a URL "/pages/dashboard" // func setTrackingCookieAndRecirect(w http.ResponseWriter, r *http.Request) { - - //check signature and then perform redirect - if !checkSignatureByToken(r, IntraAPIConfig.CRMSecrete) { - response403Handler(w) - return - } - m, err := url.ParseQuery(r.URL.RawQuery) if err != nil { response400Handler(w) @@ -213,8 +206,22 @@ func setTrackingCookieAndRecirect(w http.ResponseWriter, r *http.Request) { return } - //set cookie if any + //check request leadID - lid and my cookie lead id leadID, ok := m["lid"] + myLeadID, found := getLeadIDFromCookie(r) //existing cookie + + expireInSeconds := 120 //default 2minute + if found && ok && myLeadID == leadID[0] { //our cookie match the request lid + expireInSeconds = 86400 //extended to 1 day + } + + //check signature, prevent unauthorized request + if !checkSignatureByTokenWithExpireSeconds(r, IntraAPIConfig.CRMSecrete, expireInSeconds) { + response403Handler(w) + return + } + + //set cookie if any if ok { log.Println("setlead cookie :" + leadID[0]) cookie := cookieFromLeadID(leadID[0]) diff --git a/server.go b/server.go index a980df2..559e42a 100644 --- a/server.go +++ b/server.go @@ -139,7 +139,7 @@ func checkSignature(r *http.Request) bool { return checkSignatureByToken(r, APIConfig.Token) } -func checkSignatureByToken(r *http.Request, token string) bool { +func checkSignatureByTokenWithExpireSeconds(r *http.Request, token string, expireSeconds int) bool { rq := r.URL.RawQuery m, _ := url.ParseQuery(rq) @@ -148,33 +148,37 @@ func checkSignatureByToken(r *http.Request, token string) bool { nonce, nok := m["nonce"] token = strings.TrimSpace(token) if sok && tok && nok && token != "" { - return verifySignature(signature[0], timestamp[0], nonce[0], token) + return verifySignature(signature[0], timestamp[0], nonce[0], token, expireSeconds) } return false } -func checkCookieSignatureBytoken(r *http.Request, token string) bool { - signature := "" - nonce := "" - timestamp := "" - for _, c := range r.Cookies() { - switch c.Name { - case "signature": - signature = c.Value - case "nonce": - nonce = c.Value - case "timestamp": - timestamp = c.Value - } - } - if signature != "" && nonce != "" && timestamp != "" && token != "" { - return verifySignature(signature, timestamp, nonce, IntraAPIConfig.CRMSecrete) - } - return false +func checkSignatureByToken(r *http.Request, token string) bool { + return checkSignatureByTokenWithExpireSeconds(r, token, 180) //180=3minutes } -func verifySignature(signature, timestamp, nonce, token string) bool { - if timestampTooOldStr(timestamp) { +// func checkCookieSignatureBytoken(r *http.Request, token string) bool { +// signature := "" +// nonce := "" +// timestamp := "" +// for _, c := range r.Cookies() { +// switch c.Name { +// case "signature": +// signature = c.Value +// case "nonce": +// nonce = c.Value +// case "timestamp": +// timestamp = c.Value +// } +// } +// if signature != "" && nonce != "" && timestamp != "" && token != "" { +// return verifySignature(signature, timestamp, nonce, IntraAPIConfig.CRMSecrete, expireSeconds) +// } +// return false +// } + +func verifySignature(signature, timestamp, nonce, token string, expireSeconds int) bool { + if timestampTooOldStr(timestamp, expireSeconds) { return false } return signature == calculateSignature(timestamp, nonce, token) @@ -197,22 +201,22 @@ func strSHA1(s string) string { return calculated } -func timestampTooOldStr(timestamp string) bool { +func timestampTooOldStr(timestamp string, expireSeconds int) bool { ts, err := strconv.Atoi(timestamp) if err != nil { return true } - return timestampTooOld(int32(ts)) + return timestampTooOld(int32(ts), expireSeconds) } -func timestampTooOld(ts int32) bool { +func timestampTooOld(ts int32, expireSeconds int) bool { //diff > 3min from now now := int32(time.Now().Unix()) diff := now - ts if diff < 0 { diff = -diff } - return diff > 180 //3 minutes, 180 seconds + return diff > int32(expireSeconds) //3 minutes, 180 seconds } func timestampOldThan(ts int32, sec int32) bool {