Add optional more aggressive salting (fixes #95)

This commit is contained in:
R. Miles McCain 2021-01-23 23:13:44 -05:00
parent 6e48a3eac7
commit db9c807289
No known key found for this signature in database
GPG Key ID: F1053629E2905557
3 changed files with 15 additions and 2 deletions

View File

@ -75,4 +75,11 @@ SHOW_SHYNET_VERSION=True
SHOW_THIRD_PARTY_ICONS=True
# Should Shynet block collection of IP addresses globally?
BLOCK_ALL_IPS=False
BLOCK_ALL_IPS=False
# Should Shynet include the date and site ID when hashing users?
# This will prevent any possibility of cross-site tracking provided
# that IP collection is also disabled, and external keys (primary
# keys) aren't supplied. It will also prevent sessions from spanning
# one day to another.
AGGRESSIVE_HASH_SALTING=True

View File

@ -1,5 +1,4 @@
import ipaddress
import json
import logging
from hashlib import sha256
@ -9,6 +8,7 @@ from celery import shared_task
from django.conf import settings
from django.core.cache import cache
from django.db.models import Q
from django.utils import timezone
from core.models import Service
@ -78,6 +78,9 @@ def ingress_request(
association_id_hash = sha256()
association_id_hash.update(str(ip).encode("utf-8"))
association_id_hash.update(str(user_agent).encode("utf-8"))
if settings.AGGRESSIVE_HASH_SALTING:
association_id_hash.update(str(service.pk).encode("utf-8"))
association_id_hash.update(str(timezone.now().date().isoformat()).encode("utf-8"))
session_cache_path = (
f"session_association_{service.pk}_{association_id_hash.hexdigest()}"
)

View File

@ -324,3 +324,6 @@ SHOW_THIRD_PARTY_ICONS = os.getenv("SHOW_THIRD_PARTY_ICONS", "True") == "True"
# Should Shynet never collect any IP?
BLOCK_ALL_IPS = os.getenv("BLOCK_ALL_IPS", "False") == "True"
# Include date and service ID in salt?
AGGRESSIVE_HASH_SALTING = os.getenv("AGGRESSIVE_HASH_SALTING", "False") == True