Add optional more aggressive salting (fixes #95)
This commit is contained in:
parent
6e48a3eac7
commit
db9c807289
@ -75,4 +75,11 @@ SHOW_SHYNET_VERSION=True
|
||||
SHOW_THIRD_PARTY_ICONS=True
|
||||
|
||||
# Should Shynet block collection of IP addresses globally?
|
||||
BLOCK_ALL_IPS=False
|
||||
BLOCK_ALL_IPS=False
|
||||
|
||||
# Should Shynet include the date and site ID when hashing users?
|
||||
# This will prevent any possibility of cross-site tracking provided
|
||||
# that IP collection is also disabled, and external keys (primary
|
||||
# keys) aren't supplied. It will also prevent sessions from spanning
|
||||
# one day to another.
|
||||
AGGRESSIVE_HASH_SALTING=True
|
@ -1,5 +1,4 @@
|
||||
import ipaddress
|
||||
import json
|
||||
import logging
|
||||
from hashlib import sha256
|
||||
|
||||
@ -9,6 +8,7 @@ from celery import shared_task
|
||||
from django.conf import settings
|
||||
from django.core.cache import cache
|
||||
from django.db.models import Q
|
||||
from django.utils import timezone
|
||||
|
||||
from core.models import Service
|
||||
|
||||
@ -78,6 +78,9 @@ def ingress_request(
|
||||
association_id_hash = sha256()
|
||||
association_id_hash.update(str(ip).encode("utf-8"))
|
||||
association_id_hash.update(str(user_agent).encode("utf-8"))
|
||||
if settings.AGGRESSIVE_HASH_SALTING:
|
||||
association_id_hash.update(str(service.pk).encode("utf-8"))
|
||||
association_id_hash.update(str(timezone.now().date().isoformat()).encode("utf-8"))
|
||||
session_cache_path = (
|
||||
f"session_association_{service.pk}_{association_id_hash.hexdigest()}"
|
||||
)
|
||||
|
@ -324,3 +324,6 @@ SHOW_THIRD_PARTY_ICONS = os.getenv("SHOW_THIRD_PARTY_ICONS", "True") == "True"
|
||||
|
||||
# Should Shynet never collect any IP?
|
||||
BLOCK_ALL_IPS = os.getenv("BLOCK_ALL_IPS", "False") == "True"
|
||||
|
||||
# Include date and service ID in salt?
|
||||
AGGRESSIVE_HASH_SALTING = os.getenv("AGGRESSIVE_HASH_SALTING", "False") == True
|
Loading…
Reference in New Issue
Block a user