From e594d063888db9f36a4682bc31348cea952eadaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=A6=8C=EA=A6=AB=EA=A6=B6=EA=A6=8F=EA=A7=80=EA=A6=A6?=
 =?UTF-8?q?=EA=A6=BF=EA=A6=A7=EA=A6=AE=EA=A6=91=EA=A6=A9=EA=A6=AD=EA=A7=80?=
 <erik@darapsa.co.id>
Date: Mon, 19 Sep 2022 20:13:08 +0800
Subject: First attempt to validate session token

Function & variable names are changed for consistency & conventions.
Tries to print out shop name from referer header, and the session token
details.
---
 sessiontoken.h | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 sessiontoken.h

(limited to 'sessiontoken.h')

diff --git a/sessiontoken.h b/sessiontoken.h
new file mode 100644
index 0000000..ec7a462
--- /dev/null
+++ b/sessiontoken.h
@@ -0,0 +1,22 @@
+#include <jwt.h>
+
+static inline bool sessiontoken_isvalid(const char *token, const char *secret)
+{
+	const size_t key_len = strlen(secret) / 2;
+	unsigned char key[key_len];
+	for (size_t i = 0; i < key_len; i++) {
+		char hex[3] = { [2] = '\0' };
+		strncpy(hex, &secret[i], 2);
+		key[i] = strtol(hex, NULL, 16);
+	}
+	jwt_t *jwt = NULL;
+	jwt_decode(&jwt, token, key, key_len);
+	printf("exp: %s\n", jwt_get_grant(jwt, "exp"));
+	printf("nbf: %s\n", jwt_get_grant(jwt, "nbf"));
+	printf("iss: %s\n", jwt_get_grant(jwt, "iss"));
+	printf("dest: %s\n", jwt_get_grant(jwt, "dest"));
+	printf("aud: %s\n", jwt_get_grant(jwt, "aud"));
+	printf("sub: %s\n", jwt_get_grant(jwt, "sub"));
+	jwt_free(jwt);
+	return false;
+}
-- 
cgit v1.2.3