diff --git a/README.MD b/README.MD index 42396d0..e7afc8f 100644 --- a/README.MD +++ b/README.MD @@ -66,5 +66,5 @@ Commands: #### TO DO - [x] Add CLI - [x] Organize lua dependencies +- [x] Make per-user cookie secrets - [ ] Add logging to CLI -- [ ] Make per-user cookie secrets diff --git a/src/libs/utils.lua b/src/libs/utils.lua index 6f37054..6cf1f13 100644 --- a/src/libs/utils.lua +++ b/src/libs/utils.lua @@ -15,5 +15,29 @@ function _M.resolve_fqdn(fqdn) return result:gsub("\n", "") end +function _M.generate_secret(args) + --[[ args: { + -- context: enum(applet, txn), + -- mode: enum('service', 'action') + -- } + --]] + local context = args.context + local mode = args.mode or "service" + + local ip = context.sf:src() or "" + + local hostname = _M.get_hostname() or "" + + local user_agent + if mode == "service" then + user_agent = context.headers['user-agent'] or {} + user_agent = user_agent[0] + else + user_agent = context.sf:req_hdr('user-agent') or "" + end + + return context.sc:xxh32(ip .. hostname .. user_agent) +end + return _M diff --git a/src/scripts/hcaptcha.lua b/src/scripts/hcaptcha.lua index 92a48c2..164c744 100644 --- a/src/scripts/hcaptcha.lua +++ b/src/scripts/hcaptcha.lua @@ -68,7 +68,7 @@ function _M.view(applet) end if api_response.success == true then - local floating_hash = applet.sc:xxh32(utils.get_hostname()) + local floating_hash = utils.generate_secret{context=applet, mode='service'} core.Debug("HCAPTCHA SUCCESSFULLY PASSED") applet:add_header( "set-cookie", @@ -95,7 +95,7 @@ function _M.check_captcha_status(txn) core.Debug("CAPTCHA STATUS CHECK START") txn:set_var("txn.requested_url", "/mopsik?kek=pek") local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie")) - local expected_cookie = txn.sc:xxh32(utils.get_hostname()) + local expected_cookie = utils.generate_secret{context=txn, mode='service'} core.Debug("RECEIVED SECRET COOKIE: " .. parsed_request_cookies["z_ddos_protection"]) core.Debug("OUR SECRET COOKIE: " .. expected_cookie)