modo-rs 0.11.0

Rust web framework for small monolithic apps
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

//! Browser fingerprinting for session hijacking detection.

use sha2::{Digest, Sha256};

/// Compute a SHA-256 fingerprint from three request headers.
///
/// The headers are concatenated with null-byte separators before hashing to
/// prevent boundary confusion. Returns the fingerprint as a 64-character
/// lowercase hex string.
///
/// Used by [`ClientInfo::from_headers`](super::ClientInfo::from_headers) and by
/// [`crate::auth::session::cookie::CookieSessionLayer`] to detect potential
/// session hijacking when fingerprint validation is enabled.
pub fn compute_fingerprint(
    user_agent: &str,
    accept_language: &str,
    accept_encoding: &str,
) -> String {
    let mut hasher = Sha256::new();
    hasher.update(user_agent.as_bytes());
    hasher.update(b"\x00");
    hasher.update(accept_language.as_bytes());
    hasher.update(b"\x00");
    hasher.update(accept_encoding.as_bytes());
    let digest = hasher.finalize();
    crate::encoding::hex::encode(&digest)
}