smolcgi: add require_cool_client

2021-11-27 16:04:04 +01:00 · 2021-11-27 16:04:04 +01:00 · 7ba71b5eef
parent fc97ba4ef1
commit 7ba71b5eef
2 changed files with 10 additions and 0 deletions
--- a/2
+++ b/2
@ -7,6 +7,8 @@ import subprocess

 import smolcgi

+smolcgi.require_cool_client("This script is not publicly available, sorry!")
+
 if not smolcgi.query_string_dec:
    smolcgi.require_input("Provide an email address to check.")

--- a/smolcgi.py
+++ b/smolcgi.py
@ -142,6 +142,14 @@ def cert_not_authorised(reason=""):
    exit_with_header(61, reason)


+def require_cool_client(reason=""):
+    require_client_cert()
+    with open(get_storage_path() / "cool_hashes", "rt") as f:
+        cool_hashes = f.read().rstrip().split("\n")
+    if tls_client_hash not in cool_hashes:
+        cert_not_authorised(reason)
+
+
 def cert_not_valid(reason=""):
    exit_with_header(62, reason)