Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

change cookie to not expire instead of client-controlled expiry (duh)

Browse Source 
use bucket duration as part of secret generation
xxh32 -> xxh64
This commit is contained in:
Thomas Lynch
2021-11-24 01:09:11 +11:00
parent f7f6ecd276
commit 0c0fa22d6f
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/libs/utils.lua
View File

@ -15,7 +15,10 @@ function _M.resolve_fqdn(fqdn)
return result:gsub("\n", "") return result:gsub("\n", "")
end end
local secret_bucket_duration = 43200 -- 60 * 60 * 12 -- 12 hours
function _M.generate_secret(context, salt, is_applet) function _M.generate_secret(context, salt, is_applet)
local start_sec = core.now()['sec']
local bucket = start_sec - (start_sec % secret_bucket_duration)
local ip = context.sf:src() local ip = context.sf:src()
local user_agent local user_agent
if is_applet == true then if is_applet == true then
@ -24,7 +27,7 @@ function _M.generate_secret(context, salt, is_applet)
else else
user_agent = context.sf:req_hdr('user-agent') user_agent = context.sf:req_hdr('user-agent')
end end
return context.sc:xxh32(salt .. ip .. user_agent) return context.sc:xxh64(salt .. bucket .. ip .. user_agent)
end end
return _M return _M

2
src/scripts/hcaptcha.lua
View File

@ -78,7 +78,7 @@ function _M.view(applet)
local floating_hash = utils.generate_secret(applet, cookie_secret, true) local floating_hash = utils.generate_secret(applet, cookie_secret, true)
applet:add_header( applet:add_header(
"set-cookie", "set-cookie",
string.format("z_ddos_captcha=%s; Max-Age=14400; Path=/", floating_hash) string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/", floating_hash)
) )
-- else -- else
-- core.Debug("HCAPTCHA FAILED: " .. json.encode(api_response)) -- core.Debug("HCAPTCHA FAILED: " .. json.encode(api_response))