Add hmacKey config field for video signing

This commit is contained in:
Zed 2019-10-24 00:17:38 +02:00
parent a56f217074
commit e91e7bcc1e
6 changed files with 18 additions and 9 deletions

View file

@ -71,10 +71,10 @@ $ nimble scss
$ mkdir ./tmp
```
Set your hostname, port and page title in `nitter.conf`, then run Nitter by
executing `./nitter`. You should run Nitter behind a reverse proxy such as
[Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for better
security.
Set your hostname, port, page title and HMAC key in `nitter.conf`, then run
Nitter by executing `./nitter`. You should run Nitter behind a reverse proxy
such as [Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for
better security.
To build and run Nitter in Docker:
```bash

View file

@ -12,3 +12,4 @@ profileMinutes = 10 # how long to cache profiles
[Config]
defaultTheme = "Dark"
hmacKey = "secretkey" # for signing video urls

View file

@ -23,5 +23,6 @@ proc getConfig*(path: string): Config =
cacheDir: cfg.get("Cache", "directory", "/tmp/nitter"),
profileCacheTime: cfg.get("Cache", "profileMinutes", 10),
defaultTheme: cfg.get("Config", "defaultTheme", "Dark")
defaultTheme: cfg.get("Config", "defaultTheme", "Dark"),
hmacKey: cfg.get("Config", "hmacKey", "secretkey")
)

View file

@ -11,6 +11,8 @@ import routes/[
const configPath {.strdefine.} = "./nitter.conf"
let cfg = getConfig(configPath)
setHmacKey(cfg.hmacKey)
createUnsupportedRouter(cfg)
createPrefRouter(cfg)
createTimelineRouter(cfg)

View file

@ -178,6 +178,7 @@ type
cacheDir*: string
profileCacheTime*: int
defaultTheme*: string
hmacKey*: string
proc contains*(thread: Chain; tweet: Tweet): bool =
thread.content.anyIt(it.id == tweet.id)

View file

@ -1,8 +1,11 @@
import strutils, strformat, sequtils, uri, tables
import nimcrypto, regex
var hmacKey = "secretkey"
const
key = "supersecretkey"
badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"]
badPngExts = @["pngn", "png:", "png_"]
twitterDomains = @[
"twitter.com",
"twimg.com",
@ -10,11 +13,12 @@ const
"pbs.twimg.com",
"video.twimg.com"
]
badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"]
badPngExts = @["pngn", "png:", "png_"]
proc setHmacKey*(key: string) =
hmacKey = key
proc getHmac*(data: string): string =
($hmac(sha256, key, data))[0 .. 12]
($hmac(sha256, hmacKey, data))[0 .. 12]
proc getVidUrl*(link: string): string =
let