Merge branch 'master' into kikeflare

2025-05-09 02:05:37 +00:00 · 2022-09-29 13:14:09 +00:00
parent 1a1faf9e03 434756a7a1
commit e7e5d718a3
5 changed files with 58 additions and 44 deletions
--- a/src/scripts/hcaptcha.lua
+++ b/src/scripts/hcaptcha.lua
@ -180,7 +180,7 @@ function _M.view(applet)
 		-- get the user_key#challenge#sig
 		local user_key = sha.bin_to_hex(randbytes(16))
 		local challenge_hash = utils.generate_secret(applet, pow_cookie_secret, user_key, true)
-		local signature = sha.hmac(sha.sha256, hmac_cookie_secret, user_key .. challenge_hash)
+		local signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, user_key .. challenge_hash)
 		local combined_challenge = user_key .. "#" .. challenge_hash .. "#" .. signature

 		-- define body sections
@ -263,13 +263,14 @@ function _M.view(applet)

 				local user_key = sha.bin_to_hex(randbytes(16))
 				local user_hash = utils.generate_secret(applet, captcha_cookie_secret, user_key, true)
-				local signature = sha.hmac(sha.sha256, hmac_cookie_secret, user_key .. user_hash)
+				local signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, user_key .. user_hash)
 				local combined_cookie = user_key .. "#" .. user_hash .. "#" .. signature
 				applet:add_header(
 					"set-cookie",
 					string.format(
-						"z_ddos_captcha=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; SameSite=Strict;%s",
+						"z_ddos_captcha=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; Domain=.%s; SameSite=Strict;%s",
 						combined_cookie,
+						applet.headers['host'][0],
 						secure_cookie_flag
 					)
 				)
@ -294,7 +295,7 @@ function _M.view(applet)
 				if given_challenge_hash == generated_challenge_hash then

 					-- regenerate the signature and compare it
-					local generated_signature = sha.hmac(sha.sha256, hmac_cookie_secret, given_user_key .. given_challenge_hash)
+					local generated_signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, given_user_key .. given_challenge_hash)
 					if given_signature == generated_signature then

 						-- do the work with their given answer
@ -308,13 +309,14 @@ function _M.view(applet)
 						if hex_hash_sub == string.rep('0', pow_difficulty) then

 							-- the answer was good, give them a cookie
-							local signature = sha.hmac(sha.sha256, hmac_cookie_secret, given_user_key .. given_challenge_hash .. given_answer)
+							local signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, given_user_key .. given_challenge_hash .. given_answer)
 							local combined_cookie = given_user_key .. "#" .. given_challenge_hash .. "#" .. given_answer .. "#" .. signature
 							applet:add_header(
 								"set-cookie",
 								string.format(
-									"z_ddos_pow=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; SameSite=Strict;%s",
+									"z_ddos_pow=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; Domain=.%s; SameSite=Strict;%s",
 									combined_cookie,
+									applet.headers['host'][0],
 									secure_cookie_flag
 								)
 							)
@ -377,7 +379,7 @@ function _M.check_captcha_status(txn)
 		return
 	end
 	-- regenerate the signature and compare it
-	local generated_signature = sha.hmac(sha.sha256, hmac_cookie_secret, given_user_key .. given_user_hash)
+	local generated_signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, given_user_key .. given_user_hash)
 	if given_signature == generated_signature then
 		return txn:set_var("txn.captcha_passed", true)
 	end
@ -402,7 +404,7 @@ function _M.check_pow_status(txn)
 		return
 	end
 	-- regenerate the signature and compare it
-	local generated_signature = sha.hmac(sha.sha256, hmac_cookie_secret, given_user_key .. given_challenge_hash .. given_answer)
+	local generated_signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, given_user_key .. given_challenge_hash .. given_answer)
 	if given_signature == generated_signature then
 		return txn:set_var("txn.pow_passed", true)
 	end