LeonMMcoset/leonwww
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cant have enough security

Browse Source
This commit is contained in:
Face
2025-08-22 18:38:46 +03:00
parent e01b44f7ab
commit 762161ff93
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
dns/src/gurt_server/routes.rs
View File

@@ -2,6 +2,7 @@ use super::{models::*, AppState};
use crate::auth::Claims; use crate::auth::Claims;
use crate::discord_bot::{send_domain_approval_request, DomainRegistration}; use crate::discord_bot::{send_domain_approval_request, DomainRegistration};
use gurt::prelude::*; use gurt::prelude::*;
use rand::{rngs::OsRng, Rng};
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use std::time::{SystemTime, UNIX_EPOCH}; use std::time::{SystemTime, UNIX_EPOCH};
use std::{collections::HashMap, env}; use std::{collections::HashMap, env};
@@ -1098,9 +1099,16 @@ fn generate_challenge_data(domain: &str, token: &str) -> Result<String> {
.map_err(|_| GurtError::invalid_message("System time error"))? .map_err(|_| GurtError::invalid_message("System time error"))?
.as_nanos(); .as_nanos();
let entropy = uuid::Uuid::new_v4().to_string(); let mut rng = OsRng;
let random_bytes: [u8; 32] = rng.gen();
let secure_entropy = base64::encode(random_bytes);
let data = format!("{}:{}:{}:{}", domain, token, timestamp, entropy); let uuid_entropy = uuid::Uuid::new_v4().to_string();
let data = format!(
"{}:{}:{}:{}:{}",
domain, token, timestamp, secure_entropy, uuid_entropy
);
let mut hasher = Sha256::new(); let mut hasher = Sha256::new();
hasher.update(data.as_bytes()); hasher.update(data.as_bytes());
let hash = hasher.finalize(); let hash = hasher.finalize();