|
|
@ -34,7 +34,7 @@ sub add { |
|
|
|
eval { |
|
|
|
eval { |
|
|
|
my $sectoken = $self->session('c_sectoken') |
|
|
|
my $sectoken = $self->session('c_sectoken') |
|
|
|
or die("missing security token\n"); |
|
|
|
or die("missing security token\n"); |
|
|
|
my ($ip, $upto) = ($sectoken =~ m{^[0-9a-f\.:]+-\d+$}io) |
|
|
|
my ($ip, $upto) = ($sectoken =~ m{^([0-9a-f\.:]+)-(\d+)$}io) |
|
|
|
or die("malformed security token\n"); |
|
|
|
or die("malformed security token\n"); |
|
|
|
($upto > time()) |
|
|
|
($upto > time()) |
|
|
|
or die("expired security token\n"); |
|
|
|
or die("expired security token\n"); |
|
|
@ -103,10 +103,11 @@ sub create { |
|
|
|
|
|
|
|
|
|
|
|
eval { |
|
|
|
eval { |
|
|
|
die("request error\n") |
|
|
|
die("request error\n") |
|
|
|
unless $self->req->is_xnr; |
|
|
|
unless $self->req->is_xhr; |
|
|
|
my $ip = $self->tx->remote_address |
|
|
|
my $ip = $self->tx->remote_address |
|
|
|
or die("can't find remote ip\n"); |
|
|
|
or die("can't find remote ip\n"); |
|
|
|
$self->session({c_sectoken => $ip . '-' . time() + 60 * 7}); |
|
|
|
my $sectoken = sprintf "%s-%d", $ip, time() + 60 * 7; |
|
|
|
|
|
|
|
$self->session(c_sectoken => $sectoken); |
|
|
|
my $pageid = $self->_gen_pageid() |
|
|
|
my $pageid = $self->_gen_pageid() |
|
|
|
or die("can't get pageid\n"); |
|
|
|
or die("can't get pageid\n"); |
|
|
|
$self->stash({pageid => $pageid}); |
|
|
|
$self->stash({pageid => $pageid}); |
|
|
|