snowykami/meilisearch
1
0
Fork 0
mirror of https://github.com/meilisearch/meilisearch.git synced 2025-10-31 07:56:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Wrap sha256 in HMAC instead of directly use sha256

Browse Source
This commit is contained in:
ManyTheFish
2022-06-08 14:04:45 +02:00
parent 0928f3d41c
commit 987a7f8926
3 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meilisearch-auth/Cargo.toml
View File

@@ -6,6 +6,7 @@ edition = "2021"
[dependencies]
base64 = "0.13.0"
enum-iterator = "0.7.0"
hmac = "0.12.1"
meilisearch-error = { path = "../meilisearch-error" }
milli = { git = "https://github.com/meilisearch/milli.git", tag = "v0.28.0" }
rand = "0.8.4"

11
meilisearch-auth/src/store.rs
View File

@@ -8,9 +8,10 @@ use std::str;
use std::sync::Arc;
use enum_iterator::IntoEnumIterator;
use hmac::{Hmac, Mac};
use milli::heed::types::{ByteSlice, DecodeIgnore, SerdeJson};
use milli::heed::{Database, Env, EnvOpenOptions, RwTxn};
use sha2::{Digest, Sha256};
use sha2::Sha256;
use time::OffsetDateTime;
use uuid::Uuid;
@@ -242,9 +243,11 @@ impl<'a> milli::heed::BytesEncode<'a> for KeyIdActionCodec {
}
pub fn generate_key_as_base64(uid: &[u8], master_key: &[u8]) -> String {
let key = [uid, master_key].concat();
let sha = Sha256::digest(&key);
base64::encode_config(sha, base64::URL_SAFE_NO_PAD)
let mut mac = Hmac::<Sha256>::new_from_slice(master_key).unwrap();
mac.update(uid);
let result = mac.finalize();
base64::encode_config(result.into_bytes(), base64::URL_SAFE_NO_PAD)
}
/// Divides one slice into two at an index, returns `None` if mid is out of bounds.