From c0a2f77f8b7071f7f0dfa1e21899b1dc3d336034 Mon Sep 17 00:00:00 2001
From: Thomas Lynch <tom@69420.me>
Date: Sun, 9 Mar 2025 21:31:15 +1100
Subject: [PATCH] Read from ddos_config table to determine if nojs script
 should be shown (allowing to be disabled per domain or path

---
 docker-compose.yml            |  4 ++--
 haproxy/haproxy.cfg           |  9 ++++---
 haproxy/map/ddos.map          |  1 +
 haproxy/map/ddos_config.map   |  2 +-
 haproxy/map/hosts.map         |  2 +-
 src/lua/scripts/bot-check.lua | 44 ++++++++++++++++++-----------------
 6 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d368011..c42497b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -46,8 +46,8 @@ services:
 
   nginx:
     ports:
-      - 81:80
-      - 82:80
+      - 1081:80
+      - 1082:80
     image: "nginx:latest"
     volumes:
       - ./nginx:/usr/share/nginx/html
diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg
index 9845ce1..fb827fb 100644
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@@ -56,9 +56,12 @@ frontend http-in
 	# http-response set-header alt-svc "h3=\":443\";ma=900;"
 
 	# Or instead, for Tor, to use circuit IDs as "IP":
-	#bind 127.0.0.1:80 accept-proxy
+	# bind 127.0.0.1:80 accept-proxy
 	option forwardfor
 
+	# custom log format
+	log-format "{\"cc\":%{+Q}[capture.req.hdr(1)],\"cip\":\"%ci\",\"cp\":\"%cp\",\"hh\":%{+Q}[capture.req.hdr(0)],\"backend\":\"%b\",\"server\":\"%s\",\"timers\":\"%TR/%Tw/%Tc/%Tr/%Ta\",\"status\":\"%ST\",\"bytes\":\"%B\",\"bs\":\"%U\",\"conns\":\"%ac/%fc/%bc/%sc/%rc\",\"q\":\"%sq/%bq\",\"req\":%{+Q,+E}r,\"GeoIP_Source\":\"GeoIP_Source=%ci\"}"
+ 
 	# optional geoip handling (maps required) and alt-svc header addition
 	http-request set-var(req.xcc) src,map_ip(/etc/haproxy/map/geoip.map)
 	http-request set-var(req.asn) src,map_ip(/etc/haproxy/map/iptoasn.map)
@@ -139,8 +142,8 @@ frontend http-in
 
 	# acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo)
 	acl maintenance_mode hdr(host),lower,map_str(/etc/haproxy/map/maintenance.map) -m found
-	#http-request lua.set-lang-json
-	#http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
+	http-request lua.set-lang-json
+	http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
 
 	# optional alt-svc header (done after cache so not set in cached responses
 	acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}"
diff --git a/haproxy/map/ddos.map b/haproxy/map/ddos.map
index e69de29..0232e71 100644
--- a/haproxy/map/ddos.map
+++ b/haproxy/map/ddos.map
@@ -0,0 +1 @@
+localhost {"m":1,"t":false}
diff --git a/haproxy/map/ddos_config.map b/haproxy/map/ddos_config.map
index 4f1858f..2fb1853 100644
--- a/haproxy/map/ddos_config.map
+++ b/haproxy/map/ddos_config.map
@@ -1 +1 @@
-localhost {"pd":27,"pt":"sha256","cex":999,"cip":false}
+localhost {"pd":27,"pt":"sha256","cex":999,"cip":false,"js":true}
diff --git a/haproxy/map/hosts.map b/haproxy/map/hosts.map
index ce38125..83a56c3 100644
--- a/haproxy/map/hosts.map
+++ b/haproxy/map/hosts.map
@@ -1 +1 @@
-localhost 127.0.0.1:81
+localhost 127.0.0.1:1081
diff --git a/src/lua/scripts/bot-check.lua b/src/lua/scripts/bot-check.lua
index a2c3ad4..941539a 100644
--- a/src/lua/scripts/bot-check.lua
+++ b/src/lua/scripts/bot-check.lua
@@ -187,28 +187,30 @@ function _M.view(applet)
 				templates.pow_section,
 				ll["This process is automatic, please wait a moment..."]
 			)
-			local noscript_extra
-			local noscript_prompt
-			if ddos_config["pt"] == "argon2" then
-				noscript_extra = templates.noscript_extra_argon2
-				noscript_prompt = ll["Run this in a linux terminal (requires <code>argon2</code> package installed):"]
-			else
-				noscript_extra = templates.noscript_extra_sha256
-				noscript_prompt = ll["Run this in a linux terminal (requires <code>perl</code>):"]
+			if ddos_config["js"] ~= false then
+				local noscript_extra
+				local noscript_prompt
+				if ddos_config["pt"] == "argon2" then
+					noscript_extra = templates.noscript_extra_argon2
+					noscript_prompt = ll["Run this in a linux terminal (requires <code>argon2</code> package installed):"]
+				else
+					noscript_extra = templates.noscript_extra_sha256
+					noscript_prompt = ll["Run this in a linux terminal (requires <code>perl</code>):"]
+				end
+				noscript_extra_body = string.format(
+					noscript_extra,
+					ll["No JavaScript?"],
+					noscript_prompt,
+					user_key,
+					challenge_hash,
+					expiry,
+					signature,
+					math.ceil(ddos_config["pd"]/8),
+					argon_time,
+					argon_kb,
+					ll["Paste the script output into the box and submit:"]
+				)
 			end
-			noscript_extra_body = string.format(
-				noscript_extra,
-				ll["No JavaScript?"],
-				noscript_prompt,
-				user_key,
-				challenge_hash,
-				expiry,
-				signature,
-				math.ceil(ddos_config["pd"]/8),
-				argon_time,
-				argon_kb,
-				ll["Paste the script output into the box and submit:"]
-			)
 		end
 
 		-- sub in the body sections