Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

combine POW and captcha into one

Browse Source
This commit is contained in:
Thomas Lynch
2021-11-24 05:17:06 +11:00
parent 5c7e796440
commit 9f26e53798
10 changed files with 3088 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/scripts/hcaptcha.lua
View File

@ -5,10 +5,12 @@ local http = require("http")
local utils = require("utils")
local cookie = require("cookie")
local json = require("json")
local sha = require("sha")
local captcha_secret = os.getenv("HCAPTCHA_SECRET")
local captcha_sitekey = os.getenv("HCAPTCHA_SITEKEY")
local cookie_secret = os.getenv("COOKIE_SECRET")
local hcaptcha_cookie_secret = os.getenv("CAPTCHA_COOKIE_SECRET")
local pow_cookie_secret = os.getenv("POW_COOKIE_SECRET")
local captcha_provider_domain = "hcaptcha.com"
@ -21,6 +23,7 @@ local body_template = [[
<style>
:root{--text-color:#c5c8c6;--bg-color:#1d1f21}
@media (prefers-color-scheme:light){:root{--text-color:#333;--bg-color:#EEE}}
.h-captcha{min-height:85px;display:block}
a,a:visited{color:var(--text-color)}
body,html{height:100vh}
body{display:flex;flex-direction:column;background-color:var(--bg-color);color:var(--text-color);font-family:Helvetica,Arial,sans-serif;text-align:center;margin:0}
@ -28,7 +31,7 @@ local body_template = [[
footer{font-size:small;margin-top:auto;margin-bottom:50px}h3{padding-top:30vh}
</style>
</head>
<body>
<body data-pow="%s">
<h3>Captcha completion required</h3>
<p>We have detected unusual activity on the requested resource.</p>
<p>Please solve this captcha to prove you are not a robot.</p>
@ -41,9 +44,10 @@ local body_template = [[
<form method="POST">
<div class="h-captcha" data-sitekey="%s"></div>
<script src="https://hcaptcha.com/1/api.js" async defer></script>
<input type="submit" value="Submit">
<input type="submit" value="Calculating proof of work..." disabled>
</form>
<footer>Supported by <a href="https://kikeflare.com">KikeFlare</a></footer>
<script src="/sha1.js"></script>
</body>
</html>
]]
@ -52,7 +56,8 @@ function _M.view(applet)
local response_body
local response_status_code
if applet.method == "GET" then
response_body = string.format(body_template, captcha_sitekey)
generated_work = utils.generate_secret(applet, pow_cookie_secret, true, "")
response_body = string.format(body_template, generated_work, captcha_sitekey)
response_status_code = 403
applet:set_status(response_status_code)
applet:add_header("content-type", "text/html")
@ -75,7 +80,7 @@ function _M.view(applet)
api_response = {}
end
if api_response.success == true then
local floating_hash = utils.generate_secret(applet, cookie_secret, true)
local floating_hash = utils.generate_secret(applet, hcaptcha_cookie_secret, true, nil)
applet:add_header(
"set-cookie",
string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/", floating_hash)
@ -97,13 +102,24 @@ end
function _M.check_captcha_status(txn)
local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie"))
local expected_cookie = utils.generate_secret(txn, cookie_secret)
--core.Debug("RECEIVED SECRET COOKIE: " .. parsed_request_cookies["z_ddos_captcha"])
--core.Debug("EXPECTED SECRET COOKIE: " .. expected_cookie)
local expected_cookie = utils.generate_secret(txn, hcaptcha_cookie_secret, false, nil)
if parsed_request_cookies["z_ddos_captcha"] == expected_cookie then
core.Debug("CAPTCHA STATUS CHECK SUCCESS")
--core.Debug("CAPTCHA STATUS CHECK SUCCESS")
return txn:set_var("txn.captcha_passed", true)
end
end
function _M.check_pow_status(txn)
local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie"))
if parsed_request_cookies["z_ddos_pow"] then
local generated_work = utils.generate_secret(txn, pow_cookie_secret, false, "")
local iterations = parsed_request_cookies["z_ddos_pow"]
local completed_work = sha.sha1(generated_work .. iterations)
local challenge_offset = tonumber(generated_work:sub(1,1),16) * 2
if completed_work:sub(challenge_offset+1, challenge_offset+4) == 'b00b' then -- i dont know lua properly :^)
return txn:set_var("txn.pow_passed", true)
end
end
end
return _M