+fn get_voter(request: &cgi::Request) -> Result<&[u8], cgi::Response> {
+ // Expect exactly one cookie, exactly as we generate it.
+ let cookie = request
+ .headers()
+ .get(cgi::http::header::COOKIE)
+ .map(|c| c.as_bytes())
+ .and_then(|c| c.strip_prefix(COOKIE_NAME))
+ .and_then(|c| c.strip_prefix(b"="))
+ .ok_or_else(|| cgi::text_response(400, "Invalid cookie"))?;
+ if cookie.len() != COOKIE_LENGTH || cookie.contains(&b' ') || cookie.contains(&b';') {
+ Err(cgi::text_response(400, "Invalid cookie"))
+ } else {
+ Ok(cookie)
+ }
+}
+
+fn make_random_id() -> [u8; COOKIE_LENGTH] {
+ std::iter::from_fn(random)
+ .filter(|c| {
+ (b'A'..=b'Z').contains(c) || (b'a'..=b'z').contains(c) || (b'0'..=b'9').contains(c)
+ })
+ .take(COOKIE_LENGTH)
+ .collect::<Vec<_>>()
+ .try_into()
+ .unwrap()
+}
+
+fn set_cookie(mut response: cgi::Response, path: &str) -> Result<cgi::Response, cgi::Response> {
+ response.headers_mut().append(
+ cgi::http::header::SET_COOKIE,
+ cgi::http::header::HeaderValue::from_bytes(
+ &[
+ COOKIE_NAME,
+ b"=",
+ &make_random_id(),
+ b"; Secure HttpOnly SameSite=Strict Max-Age=30000000 Path=",
+ path.as_bytes(),
+ ]
+ .concat(),
+ )
+ .map_err(|_| cgi::text_response(503, "Couldn't make cookie"))?,
+ );
+ Ok(response)
+}
+