#!/bin/bash # auth.sh # # only allow characters that are in a token or a token hash username=$(echo "$username" | tr -dc 'a-zA-Z0-9-' ) case "${#username}" in 128|127|126) hash=$username ;; # is a hash already (some routers cut off the last one or two bytes, so accounting for that) 23) hash=$(echo -n "$username" | openssl sha512 | awk '{print $NF}') ;; # they didn't hash the token, so do it for them *) exit 1 ;; # not the length of a token or a token hash, so reject esac # check if token is valid and not expired result=$(timeout 8 wget -4 -T8 -qO- "https://[redacted]?token=$hash") # exit 0 if wget fails, in case the auth API server is down if [ $? -ne 0 ]; then exit 0 fi # process the result case "$result" in expired) exit 1 ;; # token expired good) exit 0 ;; # token is valid *) exit 1 ;; # anything else is invalid esac