- Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16

- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW

Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
This commit is contained in:
Thomas Lynch
2022-10-02 04:57:59 +11:00
parent eb1dc3e378
commit 64e26f65b5
7 changed files with 133 additions and 59 deletions

View File

@@ -39,6 +39,7 @@ NOTE: Use either HCAPTCHA_ or RECAPTHCA_, not both.
- POW_TIME - argon2 iterations
- POW_KB - argon2 memory usage in KB
- POW_DIFFICULTY - pow "difficulty" (you should use all 3 POW_ parameters to tune the difficulty)
- TOR_CONTROL_PORT_PASSWORD - the control port password for tor daemon
#### Run in docker (for testing/development)
@@ -69,6 +70,22 @@ sudo luarocks install argon2
If you have problems, read the error messages before opening an issue that is simply a bad configuration.
### Tor
- Check the `bind` line comments. Switch to the one with `accept-proxy` and `option forwardfor`
- To generate a tor control port password:
```
$ tor --hash-password example
16:0175C41DDD88C5EA605582C858BC08FA29014215F233479A99FE78EDED
```
- Set `TOR_CONTROL_PORT_PASSWORD` env var to the same password (NOT the output hash)
- Add to your torrc (where xxxx is the output of `tor --hash-password`):
```
ControlPort 9051
HashedControlPassword xxxxxxxxxxxxxxxxx
```
- Don't forget to restart tor
#### Screenshots
![nocaptcha](img/nocaptcha.png "no captcha mode")