Merge branch 'master' into kikeflare

2025-05-09 02:05:37 +00:00 · 2023-02-14 00:56:39 +11:00
parent 8e673aaf3f 5e9ac793f0
commit 4aad3a5e8e
14 changed files with 105 additions and 38 deletions
--- a/LICENSE.txt
+++ b/LICENSE.txt
@ -1,7 +1,7 @@
 MIT License

 Copyright (c) 2021 Eugene Prodan
-Copyright (c) 2022-2023 Thomas Lynch (fatchan) <thomas@69420.me>
+Copyright (c) 2022-2023 Thomas Lynch (fatchan) <tom@69420.me>

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -28,8 +28,8 @@ See [INSTALLATION.md](INSTALLATION.md)

 #### Screenshots

-![nocaptcha](img/nocaptcha.png "no captcha mode")
-![captcha](img/captcha.png "captcha mode (pow done asynchronously in background)")
+![nocaptcha](img/nocaptcha.gif "no captcha mode")
+![captcha](img/captcha.gif "captcha mode (pow done asynchronously in background)")

 ## For generous people

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,11 +5,14 @@ services:
    network_mode: host
    ports:
      - 80:80
+      # - 2000:2000 #runtime api
+      # - 2001:2001 #dataplaneapi
    build:
      context: ./
      dockerfile: haproxy/Dockerfile
    volumes:
      - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
+      - ./haproxy/dataplaneapi.hcl:/etc/haproxy/dataplaneapi.hcl
      - ./haproxy/map/:/etc/haproxy/map/
      - ./haproxy/template/:/etc/haproxy/template/
      - ./src/lua/scripts/:/etc/haproxy/scripts/
--- a/haproxy/Dockerfile
+++ b/haproxy/Dockerfile
@ -17,7 +17,8 @@ RUN set -eux; \
 		--uid 99 \
 		haproxy

-ENV HAPROXY_URL http://www.haproxy.org/download/2.6/src/snapshot/haproxy-ss-LATEST.tar.gz
+ENV HAPROXY_URL http://www.haproxy.org/download/2.7/src/snapshot/haproxy-ss-LATEST.tar.gz
+ENV DATAPLANEAPI_URL https://github.com/haproxytech/dataplaneapi/releases/download/v2.7.2/dataplaneapi_2.7.2_Linux_x86_64.tar.gz

 # see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
 RUN set -eux; \
@ -37,6 +38,11 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*; \
 	\
+	wget -O dataplaneapi_Linux_x86_64.tar.gz "$DATAPLANEAPI_URL"; \
+	tar -zxvf dataplaneapi_Linux_x86_64.tar.gz; \
+	chmod +x build/dataplaneapi; \
+	cp build/dataplaneapi /usr/local/bin/; \
+	\
 	wget -O haproxy.tar.gz "$HAPROXY_URL"; \
 #	echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
 	mkdir -p /usr/src/haproxy; \
--- a/haproxy/dataplaneapi.hcl
+++ b/haproxy/dataplaneapi.hcl
@ -0,0 +1,27 @@
+config_version = 2
+name = "basedflare"
+mode = "single"
+
+dataplaneapi {
+  host = "127.0.0.1"
+  port = 2001
+  user "admin" {
+    insecure = true
+    password = "admin"
+  }
+  transaction {
+    transaction_dir = "/tmp/haproxy"
+  }
+  advertised {}
+}
+
+haproxy {
+  config_file = "/etc/haproxy/haproxy.cfg"
+  haproxy_bin = "/usr/local/sbin/haproxy"
+  reload {
+    reload_delay    = 5
+    reload_cmd      = "service haproxy reload"
+    restart_cmd     = "service haproxy restart"
+    reload_strategy = "custom"
+  }
+}
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@ -18,17 +18,21 @@ defaults
 	timeout server 50000ms
 	timeout tarpit 5000ms

-#frontend stats-frontend
-#	bind *:2000
-#	option tcplog
-#	mode tcp
-#	acl white_list src xxx.xxx.xxx.xxx
-#	tcp-request connection reject unless white_list
-#	default_backend stats-backend
-
-#backend stats-backend
-#	mode tcp
-#	server stats-localhost 127.0.0.1:1999
+# program api
+	# command dataplaneapi -f /etc/haproxy/dataplaneapi.hcl --update-map-files
+	# no option start-on-reload
+# 
+# frontend stats-frontend
+	# bind *:2000
+	# option tcplog
+	# mode tcp
+	# acl white_list src 127.0.0.1
+	# tcp-request connection reject unless white_list
+	# default_backend stats-backend
+# 
+# backend stats-backend
+	# mode tcp
+	# server stats-localhost 127.0.0.1:1999

 frontend http-in

--- a/haproxy/map/ddos.map
+++ b/haproxy/map/ddos.map
@ -1,2 +1,2 @@
 localhost 1
-localhost/captcha 2
+localhost/test 2
--- a/img/captcha.gif
+++ b/img/captcha.gif
--- a/img/captcha.png
+++ b/img/captcha.png
--- a/img/nocaptcha.gif
+++ b/img/nocaptcha.gif
--- a/img/nocaptcha.png
+++ b/img/nocaptcha.png
--- a/src/js/challenge.js
+++ b/src/js/challenge.js
@ -4,10 +4,11 @@ function updateElem(selector, text) {
 }

 function insertError(str) {
-	const ring = document.querySelector('.lds-ring');
+	const loader = document.querySelector('#loader');
 	const captcha = document.querySelector('#captcha');
-	(ring || captcha).insertAdjacentHTML('afterend', `<p class="red">Error: ${str}</p>`);
-	ring && ring.remove();
+	console.log(loader, captcha);
+	(captcha || loader).insertAdjacentHTML('afterend', `<p class="red">Error: ${str}</p>`);
+	loader && loader.remove();
 	captcha && captcha.remove();
 	updateElem('.powstatus', '');
 }
@ -153,7 +154,8 @@ const powFinished = new Promise(resolve => {

 function onCaptchaSubmit(captchaResponse) {
 	const captchaElem = document.querySelector('[data-sitekey]');
-	captchaElem.insertAdjacentHTML('afterend', `<div class="lds-ring"><div></div><div></div><div></div><div></div></div>`);
+	// captchaElem.insertAdjacentHTML('afterend', `<div id="loader" class="loader"><div></div><div></div><div></div><div></div></div>`);
+	captchaElem.insertAdjacentHTML('afterend', `<div id="loader"><div class="b"></div><div class="b"></div><div class="b"></div></div>`);
 	captchaElem.remove();
 	powFinished.then(powResponse => {
 		postResponse(powResponse, captchaResponse);
--- a/src/lua/scripts/bot-check.lua
+++ b/src/lua/scripts/bot-check.lua
@ -228,6 +228,7 @@ function _M.view(applet)
 									)
 								)
 								valid_submission = true
+								matched_expiry = number_expiry

 							end
 						end
@ -238,18 +239,24 @@ function _M.view(applet)

 		-- handle setting the captcha cookie
 		local user_captcha_response = parsed_body["h-captcha-response"] or parsed_body["g-recaptcha-response"]
+
 		if valid_submission and user_captcha_response then -- only check captcha if POW is already correct
+
 			-- format the url for verifying the captcha response
 			local captcha_url = string.format(
 				"https://%s%s",
-				core.backends[captcha_backend_name].servers[captcha_backend_name]:get_addr(),
+				--Seems this is no longer needed, captcha_provider_domain works since 2.7
+				--core.backends[captcha_backend_name].servers[captcha_backend_name]:get_addr(),
+				captcha_provider_domain,
 				captcha_siteverify_path
 			)
+
 			-- construct the captcha body to send to the captcha url
 			local captcha_body = url.buildQuery({
 				secret=captcha_secret,
 				response=user_captcha_response
 			})
+
 			-- instantiate an http client and make the request
 			local httpclient = core.httpclient()
 			local res = httpclient:post{
@ -257,17 +264,19 @@ function _M.view(applet)
 				body=captcha_body,
 				headers={
 					[ "host" ] = { captcha_provider_domain },
-					[ "content-type" ] = { "application/x-www-form-urlencoded" }
+					[ "content-type" ] = { "application/x-www-form-urlencoded" },
+					[ "user-agent" ] = { "haproxy-protection (haproxy-protection/0.1; +https://gitgud.io/fatchan/haproxy-protection)" }
 				}
 			}
+
 			-- try parsing the response as json
 			local status, api_response = pcall(json.decode, res.body)
 			if not status then
 				api_response = {}
 			end
+
 			-- the response was good i.e the captcha provider says they passed, give them a cookie
 			if api_response.success == true then
-
 				local user_key = sha.bin_to_hex(randbytes(16))
 				local user_hash = utils.generate_challenge(applet, captcha_cookie_secret, user_key, true)
 				local signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, user_key .. user_hash .. matched_expiry)
@ -282,8 +291,8 @@ function _M.view(applet)
 					)
 				)
 				valid_submission = valid_submission and true
-
 			end
+
 		end

 		if not valid_submission then
--- a/src/lua/scripts/templates.lua
+++ b/src/lua/scripts/templates.lua
@ -12,19 +12,26 @@ _M.body = [[
 			@media (prefers-color-scheme:light){:root{--text-color:#333;--bg-color:#EEE}}
 			.h-captcha,.g-recaptcha{min-height:85px;display:block}
 			.red{color:red;font-weight:bold}
+			.left{text-align:left}
 			.powstatus{color:green;font-weight:bold}
 			a,a:visited{color:var(--text-color)}
-			body,html{height:100%%}
-			body{display:flex;flex-direction:column;background-color:var(--bg-color);color:var(--text-color);font-family:Helvetica,Arial,sans-serif;max-width:1200px;margin:0 auto;padding: 0 20px}
+			body,html{height:100%%;text-align:center;}
+			body{display:flex;flex-direction:column;background-color:var(--bg-color);color:var(--text-color);font-family:Helvetica,Arial,sans-serif;max-width:60em;margin:0 auto;padding: 0 20px}
 			details{transition: border-left-color 0.5s;max-width:1200px;text-align:left;border-left: 2px solid var(--text-color);padding:10px}
-			code{background-color:#dfdfdf30;border-radius:3px;padding:0 3px;}
-			img,h3,p{margin:0 0 5px 0}
-			footer{font-size:x-small;margin-top:auto;margin-bottom:20px;text-align:center}
+			code{background-color:#dfdfdf30;border-radius:4px;padding:0 3px;color:#ff6590}
+			img,h3{margin:0 0 5px 0}
+			li{margin-bottom: 1em}
+			footer{font-size:x-small;margin-top:auto;padding:10px;text-align:center;border-top:1px solid #80808040;padding:10px}
 			img{display:inline}
-			.pt{padding-top:15vh;display:flex;align-items:center;word-break:break-all}
+			textarea,input{background:var(--bg-color);color:var(--text-color);border:1px solid var(--text-color);width:100%%;box-sizing: border-box;resize:none;padding:0.5em;font-family:inherit}
+			.pt{padding-top:30vh;display:flex;align-items:center;word-break:break-all;justify-content: center;}
 			.pt img{margin-right:10px}
-			details[open]{border-left-color: #1400ff}
-			.lds-ring{display:inline-block;position:relative;width:80px;height:80px}.lds-ring div{box-sizing:border-box;display:block;position:absolute;width:32px;height:32px;margin:10px;border:5px solid var(--text-color);border-radius:50%%;animation:lds-ring 1.2s cubic-bezier(0.5, 0, 0.5, 1) infinite;border-color:var(--text-color) transparent transparent transparent}.lds-ring div:nth-child(1){animation-delay:-0.45s}.lds-ring div:nth-child(2){animation-delay:-0.3s}.lds-ring div:nth-child(3){animation-delay:-0.15s}@keyframes lds-ring{0%%{transform:rotate(0deg)}100%%{transform:rotate(360deg)}}
+			details[open]{border-left-color: #1400ff}			
+			.b{display:inline-block;background:#6b93f7;border-radius:50%%;margin:10px;height:16px;width:16px;box-shadow:0 0 0 0 #6b93f720;transform:scale(1)}
+			.b:nth-of-type(1){animation:p 3s infinite}
+			.b:nth-of-type(2){animation:p 3s .5s infinite}
+			.b:nth-of-type(3){animation:p 3s 1s infinite}
+			@keyframes p{0%%{transform:scale(.95);box-shadow:0 0 0 0 #6b93f790}70%%{transform:scale(1);box-shadow:0 0 0 10px #6b93f700}100%%{transform:scale(.95);box-shadow:0 0 0 0 #6b93f700}}
 		</style>
 		<noscript>
 			<style>.jsonly{display:none}</style>
@ -38,14 +45,13 @@ _M.body = [[
 		%s
 		<noscript>
 			<br>
-			<p class="red">JavaScript is required on this page.</p>
+			<p class="red left">JavaScript is required on this page.</p>
 			%s
 		</noscript>
 		<div class="powstatus"></div>
 		<footer>
-			<img src="/.basedflare/img/footerlogo.png" />
-			<p>Security and Performance by <a href="https://basedflare.com">BasedFlare</a></p>
 			<p>Node: <code>%s</code></p>
+			<p>Performance & security by <a href="https://gitgud.io/fatchan/haproxy-protection/">haproxy-protection</a></p>
 		</footer>
 	</body>
 </html>
@ -90,20 +96,30 @@ _M.noscript_extra_sha256 = [[
 -- title with favicon and hostname
 _M.site_name_section = [[
 		<h3 class="pt">
-			<img src="/favicon.ico" width="32" height="32" alt="icon">
+			<img src="/favicon.ico" width="32" height="32" alt=" ">
 			%s
 		</h3>
 ]]

-- spinner animation for proof of work
+-- animation while waiting
 _M.pow_section = [[
 		<h3>
 			Checking your browser for robots 🤖
 		</h3>
 		<div class="jsonly">
-			<div class="lds-ring"><div></div><div></div><div></div><div></div></div>
+			<div id="loader"><div class="b"></div><div class="b"></div><div class="b"></div></div>
 		</div>
 ]]
+-- alternative, spinner animation
+-- .loader{display:inline-block;position:relative;width:80px;height:80px}
+-- .loader div{box-sizing:border-box;display:block;position:absolute;width:32px;height:32px;margin:10px;border:5px solid var(--text-color);border-radius:50%%;animation:loader 1.2s cubic-bezier(0.5, 0, 0.5, 1) infinite;border-color:var(--text-color) transparent transparent transparent}
+-- .loader div:nth-child(1){animation-delay:-0.45s}
+-- .loader div:nth-child(2){animation-delay:-0.3s}
+-- .loader div:nth-child(3){animation-delay:-0.15s}
+-- @keyframes loader{0%%{transform:rotate(0deg)}100%%{transform:rotate(360deg)}}
+-- <div class="jsonly">
+-- <div class="loader"><div></div><div></div><div></div><div></div></div>
+-- </div>

 -- message, captcha form and submit button
 _M.captcha_section = [[