From 5afa967338a86e69be0fed525eb583e4ade16d28 Mon Sep 17 00:00:00 2001
From: Vaxry <vaxry@vaxry.net>
Date: Sat, 10 May 2025 19:50:22 +0100
Subject: [PATCH] config: add token_valid_for

---
 example/config.jsonc  | 5 ++++-
 src/config/Config.hpp | 1 +
 src/core/Handler.cpp  | 7 +++----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/example/config.jsonc b/example/config.jsonc
index db206ab..2cdc484 100644
--- a/example/config.jsonc
+++ b/example/config.jsonc
@@ -81,5 +81,8 @@
 
         // Where to save the logfile. Each run will continue appending to this file. It may grow HUGE! No automatic pruning / compression is done.
         "traffic_log_file": "./traffic.csv"
-    }
+    },
+
+    // how long the token (solved challenge) should be valid for before showing a new challenge, in minutes
+    "token_valid_for": 60 // 1 hour
 }
\ No newline at end of file
diff --git a/src/config/Config.hpp b/src/config/Config.hpp
index cf5494a..4b6e4e5 100644
--- a/src/config/Config.hpp
+++ b/src/config/Config.hpp
@@ -35,6 +35,7 @@ class CConfig {
         bool                     trace_logging                = false;
         std::vector<SConfigRule> rules                        = {};
         int                      default_challenge_difficulty = 4;
+        int                      token_valid_for              = 60;
         bool                     async_proxy                  = true;
         std::vector<SProxyRule>  proxy_rules;
 
diff --git a/src/core/Handler.cpp b/src/core/Handler.cpp
index 6628cf5..928c5ec 100644
--- a/src/core/Handler.cpp
+++ b/src/core/Handler.cpp
@@ -27,8 +27,7 @@
 #include <openssl/evp.h>
 #include <magic.h>
 
-constexpr const uint64_t TOKEN_MAX_AGE_MS  = 1000 * 60 * 60; // 1hr
-constexpr const char*    TOKEN_COOKIE_NAME = "checkpoint-token";
+constexpr const char* TOKEN_COOKIE_NAME = "checkpoint-token";
 
 //
 
@@ -216,13 +215,13 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
         if (TOKEN.valid()) {
             const auto AGE = std::chrono::duration_cast<std::chrono::milliseconds>(std::chrono::system_clock::now().time_since_epoch()).count() -
                 std::chrono::duration_cast<std::chrono::milliseconds>(TOKEN.issued().time_since_epoch()).count();
-            if (AGE <= TOKEN_MAX_AGE_MS && TOKEN.fingerprint() == NRequestUtils::fingerprintForRequest(req)) {
+            if (AGE <= g_pConfig->m_config.token_valid_for && TOKEN.fingerprint() == NRequestUtils::fingerprintForRequest(req)) {
                 Debug::log(LOG, " | Action: PASS (token)");
                 g_pTrafficLogger->logTraffic(req, "PASS (token)");
                 proxyPass(req, response);
                 return;
             } else { // token has been used from a different IP or is expired. Nuke it.
-                if (AGE > TOKEN_MAX_AGE_MS)
+                if (AGE > g_pConfig->m_config.token_valid_for)
                     Debug::log(LOG, " | Action: CHALLENGE (token expired)");
                 else
                     Debug::log(LOG, " | Action: CHALLENGE (token fingerprint mismatch)");