reborked the token system
This commit is contained in:
Ville Rantanen
@@ -71,8 +71,7 @@ Operation is one of download, direct_download, zip_download, or upload
|
||||
- shares.json stores hashed version of password.
|
||||
- Additionally, it may store plain text password, if users so wish.
|
||||
- Internally, Flees only compares the hashes of passwords
|
||||
- Tokens are encrypted versions of the hash. (login/upload/download with
|
||||
direct links). i.e. decrypted URL request equals password hash
|
||||
- Encryption key is the app_secret_key
|
||||
- Tokens are secret strings that allow login/upload/download with
|
||||
direct links. You can have many tokens for single share.
|
||||
- Direct download token is (password hash + filename) hashed
|
||||
|
||||
|
||||
Reference in New Issue
Block a user