replace plaintext secret transmission with time-limited hmac-based bearer tokens

[hippotat.git] / hippotat
diff --git a/hippotat b/hippotat

index f9395f2e6a456d86dc48b422808d0b285de46ebf..a6ec7aec06405b8315d1120d50e70be83776eeb2 100755 (executable)
--- a/hippotat
+++ b/hippotat
@@ -152,7 +152,8 @@ class Client():
        cl.log(DBG.HTTP_CTRL, 'req_err ' + str(err), idof=req)
        if isinstance(err, twisted.python.failure.Failure):
          err = err.getTraceback()
-      print('[%#x] %s' % (id(req), err), file=sys.stderr)
+      print('%s[%#x] %s' % (cl.desc, id(req), err.strip('\n').replace('\n',' / ')),
+            file=sys.stderr)
        if not isinstance(cl.outstanding[req], int):
          raise RuntimeError('[%#x] previously %s' %
                             (id(req), cl.outstanding[req]))
@@ -184,13 +185,15 @@ class Client():
  
        d = mime_translate(d)
  
+      token = authtoken_make(cl.c.secret)
+
        crlf = b'\r\n'
        lf   =   b'\n'
        mime = (b'--b'                                        + crlf +
                b'Content-Type: text/plain; charset="utf-8"'  + crlf +
                b'Content-Disposition: form-data; name="m"'   + crlf + crlf +
                str(cl.c.client)            .encode('ascii')  + crlf +
-              cl.c.password                                 + crlf +
+              token                                         + crlf +
                str(cl.c.target_requests_outstanding)
                                            .encode('ascii')  + crlf +
                str(cl.c.http_timeout)      .encode('ascii')  + crlf +