webapp: Use securemem for constant time auth token comparisons.

Debian stable does not have securemem, but neither does it have warp-tls,
so just disable use of securemem when not building with https support.
This commit is contained in:
Joey Hess 2014-03-12 21:21:10 -04:00
parent ea0138d8a1
commit 66b8b9c094
9 changed files with 63 additions and 33 deletions

View file

@ -22,6 +22,7 @@ import Assistant.DaemonStatus
import Assistant.Types.Buddies
import Utility.NotificationBroadcaster
import Utility.Yesod
import Utility.WebApp
import Data.Text (Text)
import qualified Data.Text as T
@ -64,7 +65,7 @@ notifierUrl route broadcaster = do
[ "/"
, T.intercalate "/" urlbits
, "?auth="
, secretToken webapp
, fromAuthToken (authToken webapp)
]
getNotifierTransfersR :: Handler RepPlain