eliminate half the bloom filters, using HMAC to verify RequestIDs

Simplifies code, uses less memory, and don't need to protect
against flooding generation of RequestIDs, since the server does not store
them at all.

Note that the RequestIDSecret is only stored in ram, so restarting the
server will invalidate any RequestIds given out before. It would be
possible now to store that on disk to avoid that problem, but probably not
worth it.

1 files changed, 13 insertions, 4 deletions

diff --git a/HTTP.hs b/HTTP.hs
index e5e4d85..70d857d 100644
--- a/HTTP.hs
+++ b/HTTP.hs
@@ -59,6 +59,8 @@ instance ToJSON t => ToJSON (POWGuarded t)
 instance FromJSON t => FromJSON (POWGuarded t)
 instance ToJSON ProofOfWorkRequirement
 instance FromJSON ProofOfWorkRequirement
+instance ToJSON RequestID
+instance FromJSON RequestID
 instance ToJSON RandomSalt
 instance FromJSON RandomSalt
 
@@ -85,12 +87,19 @@ instance FromJSON StorableObject where
 -- ProofOfWork contains an arbitrary bytestring and is base64 encoded in
 -- the query string.
 instance ToHttpApiData ProofOfWork where
-	toUrlPiece (ProofOfWork b (RandomSalt s)) = s <> ":" <> b64 b
+	toUrlPiece (ProofOfWork b rid) =
+		fromRandomSalt (randomSalt rid) 
+			<> ":" <> requestHMAC rid 
+			<> ":" <> b64 b
 instance FromHttpApiData ProofOfWork where
 	parseUrlPiece t = do
-		let (s, rest) = T.break (/= ':') t
-		b <- unb64 (T.drop 1 rest)
-		return (ProofOfWork b (RandomSalt s))
+		let (salt, rest) = T.break (/= ':') t
+		let (hmac, rest') = T.break (/= ':') rest
+		b <- unb64 (T.drop 1 rest')
+		return $ ProofOfWork b $ RequestID
+			{ randomSalt = RandomSalt salt
+			, requestHMAC = hmac
+			}
 
 b64 :: B.ByteString -> Text
 b64 v = T.decodeUtf8 $ Raaz.toByteString (Raaz.encode v :: Raaz.Base64)