project Websites / videos.bentasker.co.uk avatar

Websites / videos.bentasker.co.uk: e01baa0b

It's no longer a TODO so move to file header

It's no longer a TODO so move to file header

Commit e01baa0b.

Authored 2019-04-16T18:03:46.000+01:00 by B Tasker in project Websites / videos.bentasker.co.uk

+10 lines -11 lines

Changes

diff --git a/resources/tokenisation/minter/token_gen.lua b/resources/tokenisation/minter/token_gen.lua
--- a/resources/tokenisation/minter/token_gen.lua
+++ b/resources/tokenisation/minter/token_gen.lua
# @@ -1,5 +1,15 @@
# -- VID-11 Token Generator
# +--
# -- Generate a sha256_hmac based token to allow user to authenticate
# +--
# +-- Auth Checks are:
# +--
# +-- - is referer in permitted_referrers?
# +-- - if httpref is not null, is the domain the same as in referrer?
# +-- - Is ip not in blacklisted_ips?
# +--
# +-- If the above passes, or the ip is in excluded_ips, then we should mint the token
# +-- otherwise, call sendFailed()
#
# local table = table
# local require = require
# @@ -158,17 +168,6 @@ local httpref = 'https://snippets.bentasker.co.uk/foobar'
#
#
#
# --- TODO: Authentication checks
# ---
# --- At this point we should check
# ---
# --- - is referer in permitted_referrers?
# --- - if httpref is not null, is the domain the same as in referrer?
# --- - Is ip not in blacklisted_ips?
# ---
# --- If the above passes, or the ip is in excluded_ips, then we should mint the token
# --- otherwise, call sendFailed()
# -
# if table.contains(blacklisted_ips,ip)
# then
# sendFailed("Users IP is blacklisted")
#