]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8e966b7)
Fix TOTP validation for overpass
authorTom Hughes <tom@compton.nu>
Thu, 13 Oct 2022 18:33:18 +0000 (19:33 +0100)
committerTom Hughes <tom@compton.nu>
Thu, 13 Oct 2022 18:33:18 +0000 (19:33 +0100)
cookbooks/overpass/templates/default/apache.erb patch | blob | history
cookbooks/overpass/templates/default/totp-filter.erb patch | blob | history

diff --git a/cookbooks/overpass/templates/default/apache.erb b/cookbooks/overpass/templates/default/apache.erb
index 47e1363813592d994d51f03fd2bf48a30e33ae65..0aefcf85a2c8f931a26be4ca9192ac3953657c96 100644 (file)
--- a/cookbooks/overpass/templates/default/apache.erb
+++ b/cookbooks/overpass/templates/default/apache.erb
@@ -29,6 +29,7 @@
 
         DocumentRoot <%= @directory %>
 
 
         DocumentRoot <%= @directory %>
 
+        RewriteEngine on
         RewriteMap totp prg:/srv/query.openstreetmap.org/apache/totp-filter
         RewriteCond ${totp:%{HTTP_COOKIE}} =0
         RewriteRule ^.*$ - [F,L]
         RewriteMap totp prg:/srv/query.openstreetmap.org/apache/totp-filter
         RewriteCond ${totp:%{HTTP_COOKIE}} =0
         RewriteRule ^.*$ - [F,L]
@@ -39,6 +40,7 @@
         # Remove Origin so Overpass does not interfere.
         RequestHeader unset Origin
         Header always add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
         # Remove Origin so Overpass does not interfere.
         RequestHeader unset Origin
         Header always add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
+        Header always add Access-Control-Allow-Credentials true
 <% else -%>
         ScriptAlias /api/ <%= @script_directory %>/
 <% end -%>
 <% else -%>
         ScriptAlias /api/ <%= @script_directory %>/
 <% end -%>
diff --git a/cookbooks/overpass/templates/default/totp-filter.erb b/cookbooks/overpass/templates/default/totp-filter.erb
index 75145c63213d0121a3f2b96f103801a3c5f4449a..8245f2ae3ace64ecf753526b3829313ca95e8675 100644 (file)
--- a/cookbooks/overpass/templates/default/totp-filter.erb
+++ b/cookbooks/overpass/templates/default/totp-filter.erb
@@ -1,17 +1,21 @@
 #!/usr/bin/ruby
 
 #!/usr/bin/ruby
 
-requrie "cgi"
+require "cgi"
 require "rotp"
 
 totp = ROTP::TOTP.new("<%= @totp_key %>", :interval => 3600)
 
 STDIN.each_line do |header|
 require "rotp"
 
 totp = ROTP::TOTP.new("<%= @totp_key %>", :interval => 3600)
 
 STDIN.each_line do |header|
-  cookies = CGI::Cookie.parse(header)
+  cookies = CGI::Cookie.parse(header.chomp)
 
 
-  if totp.verify(cookies["_osm_totp_token"], :drift_behind => 3600, :drift_ahead => 3600)
-    puts "1"
+  if cookie = cookies.fetch("_osm_totp_token", nil)
+    if totp.verify(cookie.value.first, :drift_behind => 3600, :drift_ahead => 3600)
+      STDOUT.syswrite("1\n")
+    else
+      STDOUT.syswrite("0\n")
+    end
   else
   else
-    puts "0"
+    STDOUT.syswrite("0\n")
   end
 end
 
   end
 end
 
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.