-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.go
88 lines (73 loc) · 2.31 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package main
import (
"encoding/base64"
"net/http"
"net/url"
"log"
"fmt"
)
const keysize = 16
var key []byte = RandomKey(keysize)
// Challenge 12
// Appends an unknown string to user data from the GET variable "input".
// Encrypts the result and returns it.
func SecretPhrase(w http.ResponseWriter, r *http.Request) {
unknown := "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg\n" +
"aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq\n" +
"dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg\n" +
"YnkK"
getVars, err := url.ParseQuery(r.URL.RawQuery)
if err != nil {
panic(err)
}
data := getVars.Get("input")
fmt.Println("Input:", data)
decoded, _ := base64.StdEncoding.DecodeString(unknown)
amended := append([]byte(data), decoded...)
padded := AddPadding(amended, keysize)
w.Write(ECBEncrypt(key, padded))
}
// Challenge 13
// Create a user profile based on the GET variable "email".
// Encrypt the encoded profile and store it in the "profile" cookie.
// Note: We use "zole" instead of "role" because Go alphabetizes encoded parameters
// which breaks this.
func CreateSession(w http.ResponseWriter, r *http.Request) {
getVars, err := url.ParseQuery(r.URL.RawQuery)
if err != nil {
panic(err)
}
email := getVars.Get("email")
profile := url.Values{}
profile.Set("email", email)
profile.Set("uid", "10")
profile.Set("zole", "user")
padded := AddPadding([]byte(profile.Encode()), keysize)
encoded := base64.StdEncoding.EncodeToString(ECBEncrypt(key, padded))
cookie := &http.Cookie{Name: "profile", Value: encoded}
http.SetCookie(w, cookie)
w.Write([]byte("Created"))
}
// Challenge 13
// Return the decrypted profile cookie
func GetSession(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("profile")
if err != nil {
fmt.Println("Cookie not set")
return
}
decoded, err := base64.StdEncoding.DecodeString(cookie.Value)
if err != nil {
panic(err)
}
profile := ECBDecrypt(key, decoded)
stripped := StripPadding(profile)
w.Write(stripped)
}
func main() {
http.HandleFunc("/secret", SecretPhrase)
http.HandleFunc("/profile", CreateSession)
http.HandleFunc("/verify", GetSession)
fmt.Println("Waiting for connections...")
log.Fatal(http.ListenAndServe(":8080", nil))
}