commit: add random variables

demo.d/example.tconf

@@ -5,13 +5,23 @@
 # set debug_trap
 # set foreignmap_csv
 # set nginx_action_abort
-# set preserve_cookie
-# set preserve_preamble
+# set preserve_after
+# set preserve_before
 # set project
 # set projects_home
 # set ssl_tool
 # set template_tool
 # set tor_worker_prefix
+# nonce128_1
+# nonce128_2
+# nonce128_3
+# nonce128_4
+# nonce128_5
+# nonce256_1
+# nonce256_2
+# nonce256_3
+# nonce256_4
+# nonce256_5
 
 # ---- CUTE HACKS ----
 

lib.d/do-configure.pl

@@ -18,6 +18,24 @@ chdir($here) or die "chdir: $here: $!\n";
 
 ##################################################################
 
+sub Nonce {
+    my $want_bits = shift || 128;
+    my $got_bits = 0;
+    my $dev = "/dev/urandom";
+    my $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+    my $nonce = "";
+    open(RANDOM, $dev) || die "$0: open: $dev: $!\n";
+    while (read(RANDOM, $buffer, 1) == 1) {
+        my $offset = unpack("C", $buffer);
+        $offset &= 0x1f; # 5 bits
+        $got_bits += 5; # 5 bits
+        $nonce .= substr($chars, $offset, 1);
+        last if ($got_bits >= $want_bits);
+    }
+    close(RANDOM);
+    return $nonce;
+}
+
 sub JoinLines {
     my @input = @_;
     my @output = ();
@@ -422,7 +440,8 @@ sub DoProject {
 &SetEnv("nginx_timeout", 15);
 &SetEnv("nginx_tmpfile_size", "256m");
 &SetEnv("nginx_workers", "auto");
-&SetEnv("preserve_cookie", "~-=~=-~");
+&SetEnv("preserve_before", "~-~");
+&SetEnv("preserve_after", "~".&Nonce(128)."~");
 &SetEnv("preserve_preamble", "[>@\\\\s]");
 &SetEnv("project", "default");
 &SetEnv("projects_home", "$here/projects.d");
@@ -442,6 +461,17 @@ sub DoProject {
 &SetEnv("tor_worker_prefix", "hs");
 &SetEnv("x_from_onion_value", "1");
 
+&SetEnv("nonce128_1", &Nonce(128));
+&SetEnv("nonce128_2", &Nonce(128));
+&SetEnv("nonce128_3", &Nonce(128));
+&SetEnv("nonce128_4", &Nonce(128));
+&SetEnv("nonce128_5", &Nonce(128));
+&SetEnv("nonce256_1", &Nonce(256));
+&SetEnv("nonce256_2", &Nonce(256));
+&SetEnv("nonce256_3", &Nonce(256));
+&SetEnv("nonce256_4", &Nonce(256));
+&SetEnv("nonce256_5", &Nonce(256));
+
 # default-empty variables
 my @set_blank = qw(
     block_host

lib.d/lint.pl

@@ -63,6 +63,16 @@ my %known =
      'NGINX_TIMEOUT' => 1,
      'NGINX_TMPFILE_SIZE' => 1,
      'NGINX_WORKERS' => 1,
+     'NONCE128_1' => 1,
+     'NONCE128_2' => 1,
+     'NONCE128_3' => 1,
+     'NONCE128_4' => 1,
+     'NONCE128_5' => 1,
+     'NONCE256_1' => 1,
+     'NONCE256_2' => 1,
+     'NONCE256_3' => 1,
+     'NONCE256_4' => 1,
+     'NONCE256_5' => 1,
      'NO_CACHE_CONTENT_TYPE' => 1,
      'NO_CACHE_HOST' => 1,
      'ONION_ADDRESS' => 1, # onion being mapped-to
@@ -82,9 +92,9 @@ my %known =
      'PATH_BLACKLIST_RE' => 1,
      'PATH_WHITELIST' => 1,
      'PATH_WHITELIST_RE' => 1,
-     'PRESERVE_COOKIE' => 1,
+     'PRESERVE_AFTER' => 1,
+     'PRESERVE_BEFORE' => 1,
      'PRESERVE_CSV' => 1,
-     'PRESERVE_PREAMBLE' => 1,
      'PROJECT' => 1, # what the current project is called
      'PROJECTS_HOME' => 1, # where the projects live
      'PROJECT_DIR' => 1, # where the current project is being installed

templates.d/nginx.conf.txt

@@ -132,7 +132,7 @@ http {
   # saving regexp '%2%' as '%1%' for replacement with '%4%' (%3%)
   subs_filter
   (%PRESERVE_PREAMBLE%)(%2%)\\b
-  $1%PRESERVE_COOKIE%%1%%PRESERVE_COOKIE%
+  $1%PRESERVE_BEFORE%%1%%PRESERVE_AFTER%
   g%3%r
   ;
   %%ENDCSV
@@ -168,7 +168,7 @@ http {
   %%CSV %PRESERVE_CSV%
   # restoring '%1%' with '%4%'
   subs_filter
-  %PRESERVE_COOKIE%%1%%PRESERVE_COOKIE%
+  %PRESERVE_BEFORE%%1%%PRESERVE_AFTER%
   %4%
   g
   ;