From 14d9515d2af4f31d6c636503e52692cfead99e9b Mon Sep 17 00:00:00 2001
From: carbotaniuman <41451839+carbotaniuman@users.noreply.github.com>
Date: Thu, 2 Jul 2020 16:50:50 -0500
Subject: [PATCH] Renaming + changelog

---
 CHANGELOG.md                                          | 1 +
 src/main/kotlin/mdnet/base/server/ImageServer.kt      | 4 ++--
 src/main/kotlin/mdnet/base/settings/ServerSettings.kt | 8 ++++----
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 80c8e45..2f9bec7 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [2020-06-28] Fixed various state transition bugs by [@carbotaniuman].
 
 ### Security
+- [2020-07-02] Added option to enforce strict checks on tokens to prevent hotlinking [@carbotaniuman].
 
 ## [1.0.0] - 2020-06-22
 ### Added
diff --git a/src/main/kotlin/mdnet/base/server/ImageServer.kt b/src/main/kotlin/mdnet/base/server/ImageServer.kt
index f739722..4c80490 100644
--- a/src/main/kotlin/mdnet/base/server/ImageServer.kt
+++ b/src/main/kotlin/mdnet/base/server/ImageServer.kt
@@ -99,12 +99,12 @@ class ImageServer(private val cache: DiskLruCache, private val statistics: Atomi
                 "/data"
             } + "/$chapterHash/$fileName"
 
-            if (tokenized || serverSettings.forceToken) {
+            if (tokenized || serverSettings.forceTokens) {
                 val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request))
                 val token = JACKSON.readValue<Token>(
                     try {
                         sodium.cryptoBoxOpenEasyAfterNm(
-                            tokenArr.sliceArray(24 until tokenArr.size), tokenArr.sliceArray(0 until 24), serverSettings.sharedKey
+                            tokenArr.sliceArray(24 until tokenArr.size), tokenArr.sliceArray(0 until 24), serverSettings.tokenKey
                         )
                     } catch (_: SodiumException) {
                         if (LOGGER.isInfoEnabled) {
diff --git a/src/main/kotlin/mdnet/base/settings/ServerSettings.kt b/src/main/kotlin/mdnet/base/settings/ServerSettings.kt
index 338b879..3f69c1b 100644
--- a/src/main/kotlin/mdnet/base/settings/ServerSettings.kt
+++ b/src/main/kotlin/mdnet/base/settings/ServerSettings.kt
@@ -27,10 +27,10 @@ data class ServerSettings(
     val imageServer: String,
     val latestBuild: Int,
     val url: String,
-    val sharedKey: ByteArray,
+    val tokenKey: ByteArray,
     val compromised: Boolean,
     val paused: Boolean,
-    val forceToken: Boolean = false,
+    val forceTokens: Boolean = false,
     val tls: TlsCert?
 ) {
     override fun equals(other: Any?): Boolean {
@@ -42,7 +42,7 @@ data class ServerSettings(
         if (imageServer != other.imageServer) return false
         if (latestBuild != other.latestBuild) return false
         if (url != other.url) return false
-        if (!sharedKey.contentEquals(other.sharedKey)) return false
+        if (!tokenKey.contentEquals(other.tokenKey)) return false
         if (compromised != other.compromised) return false
         if (paused != other.paused) return false
         if (tls != other.tls) return false
@@ -54,7 +54,7 @@ data class ServerSettings(
         var result = imageServer.hashCode()
         result = 31 * result + latestBuild
         result = 31 * result + url.hashCode()
-        result = 31 * result + sharedKey.contentHashCode()
+        result = 31 * result + tokenKey.contentHashCode()
         result = 31 * result + compromised.hashCode()
         result = 31 * result + paused.hashCode()
         result = 31 * result + (tls?.hashCode() ?: 0)