~mdw / hippotat / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
replace plaintext secret transmission with time-limited hmac-based bearer tokens
[hippotat] / hippotat
diff --git a/hippotat b/hippotat
index 56e3e45..a6ec7ae 100755 (executable)
--- a/hippotat
+++ b/hippotat
@@ -185,13 +185,15 @@ class Client():
 
       d = mime_translate(d)
 
+      token = authtoken_make(cl.c.secret)
+
       crlf = b'\r\n'
       lf   =   b'\n'
       mime = (b'--b'                                        + crlf +
               b'Content-Type: text/plain; charset="utf-8"'  + crlf +
               b'Content-Disposition: form-data; name="m"'   + crlf + crlf +
               str(cl.c.client)            .encode('ascii')  + crlf +
-              cl.c.secret                                   + crlf +
+              token                                         + crlf +
               str(cl.c.target_requests_outstanding)
                                           .encode('ascii')  + crlf +
               str(cl.c.http_timeout)      .encode('ascii')  + crlf +
Local modifications for Ian Jackson's `Asinine IP Over HTTP' proxy: https://www.chiark.greenend.org.uk/ucgi/~ian/git/hippotat.git/