VID-11: Token Minter

Git Commit Handler
Permalink
2019-04-16 17:11:44

Repo: videos.bentasker.co.uk
Host:Rimmer

commit d9391f7812fb995e3f81eb745911bc17d60c4bfc
Author: B Tasker <github@<Domain Hidden>>
Date: Tue Apr 16 16:57:24 2019 +0100

Commit Message: VID-11 Start creating a token minter in LUA

It doesn't currently perform any auth checks, it simply mints a token using hardcoded values

resources/tokenisation/minter/example.nginx.conf | 4 +
resources/tokenisation/minter/lib/json.lua | 400 ++++++++++++
resources/tokenisation/minter/lib/sha256.lua | 745 ++++++++++++++++++++++
resources/tokenisation/minter/token_gen.lua | 105 +++
4 files changed, 1254 insertions(+), 0 deletions(-)

View Commit | View Changes

Git Commit Handler
Permalink
2019-04-16 17:31:45

Repo: videos.bentasker.co.uk
Host:Rimmer

commit af9ff64378b5dae8df705c2fd602a66b182708a8
Author: B Tasker <github@<Domain Hidden>>
Date: Tue Apr 16 17:29:03 2019 +0100

Commit Message: VID-11 Check for black listed IPs

If the user's IP is in the table blacklisted_ips refuse to serve them a token and include error message "Users IP is blacklisted"

resources/tokenisation/minter/token_gen.lua | 37 +++++++++++++++++++++-----
1 files changed, 30 insertions(+), 7 deletions(-)

View Commit | View Changes

Git Commit Handler
Permalink
2019-04-16 17:51:45

Repo: videos.bentasker.co.uk
Host:Rimmer

commit b73752c488fb0ed9872658f62e09dcc87adbd4db
Author: B Tasker <github@<Domain Hidden>>
Date: Tue Apr 16 17:49:15 2019 +0100

Commit Message: VID-11 insert basic referrer check.

If the HTTP referer header is present, ensure it's domain matches that specified in the query string. Deny access if they differ

resources/tokenisation/minter/token_gen.lua | 41 +++++++++++++++++++++++++++
1 files changed, 41 insertions(+), 0 deletions(-)

View Commit | View Changes

Git Commit Handler
Permalink
2019-04-16 18:03:44

Repo: videos.bentasker.co.uk
Host:Rimmer

commit 5f5d82d0ea58eb07ad156b169854aecfd24bc408
Author: B Tasker <github@<Domain Hidden>>
Date: Tue Apr 16 18:00:36 2019 +0100

Commit Message: VID-11 Introduce referrer check

The domain specified as the referrer in the query string will be compared to those specified in permitted_referrers

If there's a match, the token will be issued. If not, it won't.

permitted_referrers will also accept wildcards (like SSL certs, they only run one label deep), so *.bentasker.co.uk can be whitelisted to apply to snippets.bentasker.co.uk, but not to foo.snippets.bentasker.co.uk

resources/tokenisation/minter/token_gen.lua | 34 ++++++++++++++++++++++++--
1 files changed, 31 insertions(+), 3 deletions(-)

View Commit | View Changes

Git Commit Handler
Permalink
2019-04-16 18:05:45

Repo: videos.bentasker.co.uk
Host:Rimmer

commit 0f9a779bc9fc44cc1418ffff1788be918b23e691
Author: B Tasker <github@<Domain Hidden>>
Date: Tue Apr 16 18:05:00 2019 +0100

Commit Message: VID-11 Switch to using ngx vars ready for a test deployment

Will commit any bugfixes that result after

resources/tokenisation/minter/token_gen.lua | 24 ++++++++++++------------
1 files changed, 12 insertions(+), 12 deletions(-)

View Commit | View Changes

Ben Tasker
Permalink
2019-04-16 18:15:24

Current implementation works well enough

ben@milleniumfalcon:~/Documents/src.old/videos.bentasker.co.uk/resources/tokenisation$ curl -k -H "Host: videos.bentasker.co.uk" "https://mikasa.sys.bentasker.co.uk/gimme_a_token?ref=https%3A%2F%2Fvideos.bentasker.co.uk%2Fresources%2Ftests%2FPlayer_VNext.html%3Furl%3D2019%2F04%2F201604_puzzle_solution%2F201604_puzzle_solution.mp4_master.m3u8&vidpath=https%3A%2F%2Fvideos.bentasker.co.uk%2F2019%2F04%2F201604_puzzle_solution%2F201604_puzzle_solution.mp4_master.m3u8" 
{"d":["https%3A%2F%2Fvideos.bentasker.co.uk%2F2019%2F04%2F201604_puzzle_solution%2F201604_puzzle_solution.mp4_master.m3u8","86.175.47.235",1555438473],"token":"58abbd9bc61df8ce0f9c42c3b5f2a9c90512ce2a14e9a245e0e1cf16da4a64ed","status":true,"exp":1555438473}

It's fairly broad in its application though, it's not possible to whitelist on a per-path basis (for example), though I'm not sure I necessarily need that functionality at this point in time

Git Commit Handler
Permalink
2019-04-16 18:15:44

Repo: videos.bentasker.co.uk
Host:Rimmer

commit 68cc737c2241cbe6a6f694dc4d659afce75b67a0
Author: B Tasker <github@<Domain Hidden>>
Date: Tue Apr 16 18:13:20 2019 +0100

Commit Message: VID-11 URL unencode the referrer taken from the query string before using in comparisons

resources/tokenisation/minter/token_gen.lua | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)

View Commit | View Changes

Unassigned
Permalink
2019-04-18 14:01:05

btasker added 'Ben Tasker' to assignee

Git Commit Handler
Permalink
2019-04-18 14:01:45

Repo: videos.bentasker.co.uk
Host:Rimmer

commit e28a2dbc37fdf72c126e16efe8eb2c50d95a8031
Author: B Tasker <github@<Domain Hidden>>
Date: Thu Apr 18 14:00:29 2019 +0100

Commit Message: VID-11 Only send debug information when debug is present in querystring

resources/tokenisation/minter/token_gen.lua | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)

View Commit | View Changes

Git Commit Handler
Permalink
2019-04-18 14:43:44

Repo: videos.bentasker.co.uk
Host:Rimmer

commit 6e124f8e3d7df5e5d20981a42c901d28993b5844
Author: B Tasker <github@<Domain Hidden>>
Date: Thu Apr 18 14:41:33 2019 +0100

Commit Message: VID-11 Adjust so that can be run from the CLI for build/debug purposes

resources/tokenisation/minter/token_gen.lua | 77 +++++++++++++++-----------
1 files changed, 44 insertions(+), 33 deletions(-)

View Commit | View Changes

Unassigned
Permalink
2019-04-18 18:10:36

btasker changed status from 'Open' to 'Resolved'

Unassigned
Permalink
2019-04-18 18:10:36

btasker added 'Done' to resolution

Unassigned
Permalink
2019-04-18 18:10:40

btasker changed status from 'Resolved' to 'Closed'

relates to		~~VID-10:~~ Tokenisation Support
relates to		~~VID-12:~~ Token Checker
relates to		~~VID-13:~~ Issue and validate tokens against containing directory not specific file

VID-11: Token Minter

Issue Information

Issue Links

Activity