From 0c0fa22d6fd700bc2adb1348a87cfc6b132b5fb6 Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Wed, 24 Nov 2021 01:09:11 +1100 Subject: [PATCH] change cookie to not expire instead of client-controlled expiry (duh) use bucket duration as part of secret generation xxh32 -> xxh64 --- src/libs/utils.lua | 5 ++++- src/scripts/hcaptcha.lua | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libs/utils.lua b/src/libs/utils.lua index ab572a6..8981f97 100644 --- a/src/libs/utils.lua +++ b/src/libs/utils.lua @@ -15,7 +15,10 @@ function _M.resolve_fqdn(fqdn) return result:gsub("\n", "") end +local secret_bucket_duration = 43200 -- 60 * 60 * 12 -- 12 hours function _M.generate_secret(context, salt, is_applet) + local start_sec = core.now()['sec'] + local bucket = start_sec - (start_sec % secret_bucket_duration) local ip = context.sf:src() local user_agent if is_applet == true then @@ -24,7 +27,7 @@ function _M.generate_secret(context, salt, is_applet) else user_agent = context.sf:req_hdr('user-agent') end - return context.sc:xxh32(salt .. ip .. user_agent) + return context.sc:xxh64(salt .. bucket .. ip .. user_agent) end return _M diff --git a/src/scripts/hcaptcha.lua b/src/scripts/hcaptcha.lua index d043b51..d3b7c51 100644 --- a/src/scripts/hcaptcha.lua +++ b/src/scripts/hcaptcha.lua @@ -78,7 +78,7 @@ function _M.view(applet) local floating_hash = utils.generate_secret(applet, cookie_secret, true) applet:add_header( "set-cookie", - string.format("z_ddos_captcha=%s; Max-Age=14400; Path=/", floating_hash) + string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/", floating_hash) ) -- else -- core.Debug("HCAPTCHA FAILED: " .. json.encode(api_response))