config: add token_valid_for

2025-05-10 19:50:22 +01:00
parent 467d19d8c3
commit 5afa967338
3 changed files with 8 additions and 5 deletions
--- a/example/config.jsonc
+++ b/example/config.jsonc
@@ -81,5 +81,8 @@

        // Where to save the logfile. Each run will continue appending to this file. It may grow HUGE! No automatic pruning / compression is done.
        "traffic_log_file": "./traffic.csv"
-    }
+    },
+
+    // how long the token (solved challenge) should be valid for before showing a new challenge, in minutes
+    "token_valid_for": 60 // 1 hour
 }
--- a/src/config/Config.hpp
+++ b/src/config/Config.hpp
@@ -35,6 +35,7 @@ class CConfig {
        bool                     trace_logging                = false;
        std::vector<SConfigRule> rules                        = {};
        int                      default_challenge_difficulty = 4;
+        int                      token_valid_for              = 60;
        bool                     async_proxy                  = true;
        std::vector<SProxyRule>  proxy_rules;

--- a/src/core/Handler.cpp
+++ b/src/core/Handler.cpp
@@ -27,8 +27,7 @@
 #include <openssl/evp.h>
 #include <magic.h>

-constexpr const uint64_t TOKEN_MAX_AGE_MS  = 1000 * 60 * 60; // 1hr
-constexpr const char*    TOKEN_COOKIE_NAME = "checkpoint-token";
+constexpr const char* TOKEN_COOKIE_NAME = "checkpoint-token";

 //

@@ -216,13 +215,13 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
        if (TOKEN.valid()) {
            const auto AGE = std::chrono::duration_cast<std::chrono::milliseconds>(std::chrono::system_clock::now().time_since_epoch()).count() -
                std::chrono::duration_cast<std::chrono::milliseconds>(TOKEN.issued().time_since_epoch()).count();
-            if (AGE <= TOKEN_MAX_AGE_MS && TOKEN.fingerprint() == NRequestUtils::fingerprintForRequest(req)) {
+            if (AGE <= g_pConfig->m_config.token_valid_for && TOKEN.fingerprint() == NRequestUtils::fingerprintForRequest(req)) {
                Debug::log(LOG, " | Action: PASS (token)");
                g_pTrafficLogger->logTraffic(req, "PASS (token)");
                proxyPass(req, response);
                return;
            } else { // token has been used from a different IP or is expired. Nuke it.
-                if (AGE > TOKEN_MAX_AGE_MS)
+                if (AGE > g_pConfig->m_config.token_valid_for)
                    Debug::log(LOG, " | Action: CHALLENGE (token expired)");
                else
                    Debug::log(LOG, " | Action: CHALLENGE (token fingerprint mismatch)");