From e91e7bcc1e179524cfd4c03d93ca22b9bf852e14 Mon Sep 17 00:00:00 2001 From: Zed Date: Thu, 24 Oct 2019 00:17:38 +0200 Subject: [PATCH] Add hmacKey config field for video signing --- README.md | 8 ++++---- nitter.conf | 1 + src/config.nim | 3 ++- src/nitter.nim | 2 ++ src/types.nim | 1 + src/utils.nim | 12 ++++++++---- 6 files changed, 18 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 62e882b..6086281 100644 --- a/README.md +++ b/README.md @@ -71,10 +71,10 @@ $ nimble scss $ mkdir ./tmp ``` -Set your hostname, port and page title in `nitter.conf`, then run Nitter by -executing `./nitter`. You should run Nitter behind a reverse proxy such as -[Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for better -security. +Set your hostname, port, page title and HMAC key in `nitter.conf`, then run +Nitter by executing `./nitter`. You should run Nitter behind a reverse proxy +such as [Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for +better security. To build and run Nitter in Docker: ```bash diff --git a/nitter.conf b/nitter.conf index e957e68..dde133f 100644 --- a/nitter.conf +++ b/nitter.conf @@ -12,3 +12,4 @@ profileMinutes = 10 # how long to cache profiles [Config] defaultTheme = "Dark" +hmacKey = "secretkey" # for signing video urls diff --git a/src/config.nim b/src/config.nim index 359d872..f0405ad 100644 --- a/src/config.nim +++ b/src/config.nim @@ -23,5 +23,6 @@ proc getConfig*(path: string): Config = cacheDir: cfg.get("Cache", "directory", "/tmp/nitter"), profileCacheTime: cfg.get("Cache", "profileMinutes", 10), - defaultTheme: cfg.get("Config", "defaultTheme", "Dark") + defaultTheme: cfg.get("Config", "defaultTheme", "Dark"), + hmacKey: cfg.get("Config", "hmacKey", "secretkey") ) diff --git a/src/nitter.nim b/src/nitter.nim index 9df8309..02f636e 100644 --- a/src/nitter.nim +++ b/src/nitter.nim @@ -11,6 +11,8 @@ import routes/[ const configPath {.strdefine.} = "./nitter.conf" let cfg = getConfig(configPath) +setHmacKey(cfg.hmacKey) + createUnsupportedRouter(cfg) createPrefRouter(cfg) createTimelineRouter(cfg) diff --git a/src/types.nim b/src/types.nim index c0d9492..3b34e16 100644 --- a/src/types.nim +++ b/src/types.nim @@ -178,6 +178,7 @@ type cacheDir*: string profileCacheTime*: int defaultTheme*: string + hmacKey*: string proc contains*(thread: Chain; tweet: Tweet): bool = thread.content.anyIt(it.id == tweet.id) diff --git a/src/utils.nim b/src/utils.nim index 3c2167b..b913395 100644 --- a/src/utils.nim +++ b/src/utils.nim @@ -1,8 +1,11 @@ import strutils, strformat, sequtils, uri, tables import nimcrypto, regex +var hmacKey = "secretkey" + const - key = "supersecretkey" + badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"] + badPngExts = @["pngn", "png:", "png_"] twitterDomains = @[ "twitter.com", "twimg.com", @@ -10,11 +13,12 @@ const "pbs.twimg.com", "video.twimg.com" ] - badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"] - badPngExts = @["pngn", "png:", "png_"] + +proc setHmacKey*(key: string) = + hmacKey = key proc getHmac*(data: string): string = - ($hmac(sha256, key, data))[0 .. 12] + ($hmac(sha256, hmacKey, data))[0 .. 12] proc getVidUrl*(link: string): string = let