feat: add per-user cookie generation

README.MD

@@ -66,5 +66,5 @@ Commands:
 #### TO DO
 - [x] Add CLI
 - [x] Organize lua dependencies
+- [x] Make per-user cookie secrets
 - [ ] Add logging to CLI
-- [ ] Make per-user cookie secrets

src/libs/utils.lua

@@ -15,5 +15,29 @@ function _M.resolve_fqdn(fqdn)
     return result:gsub("\n", "")
 end
 
+function _M.generate_secret(args)
+    --[[ args: {
+    --       context: enum(applet, txn),
+    --       mode: enum('service', 'action')
+    --   }
+    --]]
+    local context = args.context
+    local mode = args.mode or "service"
+
+    local ip = context.sf:src() or ""
+
+    local hostname = _M.get_hostname() or ""
+
+    local user_agent
+    if mode == "service" then
+        user_agent = context.headers['user-agent'] or {}
+        user_agent = user_agent[0]
+    else
+        user_agent = context.sf:req_hdr('user-agent') or ""
+    end
+
+    return context.sc:xxh32(ip .. hostname .. user_agent)
+end
+
 return _M
 

src/scripts/hcaptcha.lua

@@ -68,7 +68,7 @@ function _M.view(applet)
             end
 
             if api_response.success == true then
-                local floating_hash = applet.sc:xxh32(utils.get_hostname())
+                local floating_hash = utils.generate_secret{context=applet, mode='service'}
                 core.Debug("HCAPTCHA SUCCESSFULLY PASSED")
                 applet:add_header(
                     "set-cookie",
@@ -95,7 +95,7 @@ function _M.check_captcha_status(txn)
     core.Debug("CAPTCHA STATUS CHECK START")
     txn:set_var("txn.requested_url", "/mopsik?kek=pek")
     local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie"))
-    local expected_cookie = txn.sc:xxh32(utils.get_hostname())
+    local expected_cookie = utils.generate_secret{context=txn, mode='service'}
 
     core.Debug("RECEIVED SECRET COOKIE: " .. parsed_request_cookies["z_ddos_protection"])
     core.Debug("OUR SECRET COOKIE: " .. expected_cookie)