Ability to choose between sha256 or argon2 with env var close #21

2025-05-09 02:05:37 +00:00 · 2023-02-11 23:38:59 +11:00
parent 2089d790a2
commit f231b86544
7 changed files with 76 additions and 49 deletions
--- a/src/lua/scripts/bot-check.lua
+++ b/src/lua/scripts/bot-check.lua
@@ -9,13 +9,12 @@ local url = require("url")
 local utils = require("utils")
 local cookie = require("cookie")
 local json = require("json")
-local sha = require("sha")
 local randbytes = require("randbytes")
 local templates = require("templates")

 -- POW
+local pow_type = os.getenv("POW_TYPE") or "argon2"
 local pow_difficulty = tonumber(os.getenv("POW_DIFFICULTY") or 18)
-
 -- argon2
 local argon2 = require("argon2")
 local argon_kb = tonumber(os.getenv("ARGON_KB") or 6000)
@@ -25,9 +24,8 @@ argon2.m_cost(argon_kb)
 argon2.parallelism(1)
 argon2.hash_len(32)
 argon2.variant(argon2.variants.argon2_id)
-
 -- sha2
-- TODO
+local sha = require("sha")

 -- environment variables
 local captcha_secret = os.getenv("HCAPTCHA_SECRET") or os.getenv("RECAPTCHA_SECRET")
@@ -144,14 +142,20 @@ function _M.view(applet)
 				captcha_sitekey, captcha_script_src)
 		else
 			pow_body = templates.pow_section
-			noscript_extra_body = string.format(templates.noscript_extra, user_key,
+			local noscript_extra
+			if pow_type == "argon2" then
+				noscript_extra = templates.noscript_extra_argon2
+			else
+				noscript_extra = templates.noscript_extra_sha256
+			end
+			noscript_extra_body = string.format(noscript_extra, user_key,
 				challenge_hash, expiry, signature, math.ceil(pow_difficulty/8), 
 				argon_time, argon_kb)
 		end

 		-- sub in the body sections
 		response_body = string.format(templates.body, combined_challenge,
-			pow_difficulty, argon_time, argon_kb,
+			pow_difficulty, argon_time, argon_kb, pow_type,
 			site_name_body, pow_body, captcha_body, noscript_extra_body, ray_id)
 		response_status_code = 403

@@ -200,11 +204,14 @@ function _M.view(applet)
 						if given_signature == generated_signature then

 							-- do the work with their given answer
-							local full_hash = argon2.hash_encoded(given_challenge_hash .. given_answer, given_user_key)
-
-							-- check the output is correct
-							local hash_output = utils.split(full_hash, '$')[6]:sub(0, 43) -- https://github.com/thibaultcha/lua-argon2/issues/37
-							local hex_hash_output = sha.bin_to_hex(sha.base64_to_bin(hash_output));
+							local hex_hash_output = ""
+							if pow_type == "argon2" then
+								local encoded_argon_hash = argon2.hash_encoded(given_challenge_hash .. given_answer, given_user_key)
+								local trimmed_argon_hash = utils.split(encoded_argon_hash, '$')[6]:sub(0, 43) -- https://github.com/thibaultcha/lua-argon2/issues/37
+								hex_hash_output = sha.bin_to_hex(sha.base64_to_bin(trimmed_argon_hash));
+							else
+								hex_hash_output = sha.sha256(given_user_key .. given_challenge_hash .. given_answer)
+							end

 							if utils.checkdiff(hex_hash_output, pow_difficulty) then

--- a/src/lua/scripts/templates.lua
+++ b/src/lua/scripts/templates.lua
@@ -32,7 +32,7 @@ _M.body = [[
 		<script src="/.basedflare/js/argon2.js"></script>
 		<script src="/.basedflare/js/challenge.js"></script>
 	</head>
-	<body data-pow="%s" data-diff="%s" data-time="%s" data-kb="%s">
+	<body data-pow="%s" data-diff="%s" data-time="%s" data-kb="%s" data-mode="%s">
 		%s
 		%s
 		%s
@@ -50,7 +50,7 @@ _M.body = [[
 </html>
 ]]

-_M.noscript_extra = [[
+_M.noscript_extra_argon2 = [[
 			<details>
 				<summary>No JavaScript?</summary>
 				<ol>
@@ -68,6 +68,24 @@ _M.noscript_extra = [[
 			</details>
 ]]

+_M.noscript_extra_sha256 = [[
+			<details>
+				<summary>No JavaScript?</summary>
+				<ol>
+					<li>
+						<p>Run this in a linux terminal (requires <code>perl</code>):</p>
+						<code style="word-break: break-all;">
+							echo "dXNlIHN0cmljdDt1c2UgRGlnZXN0OjpTSEEgcXcoc2hhMjU2X2hleCk7cHJpbnQgIldvcmtpbmcuLi4iO215JGM9IiRBUkdWWzBdIi4iJEFSR1ZbMV0iO215JGlkPSRBUkdWWzRdKzA7bXkkZD0iMCJ4JGlkO215JGk9MDt3aGlsZSgxKXtsYXN0IGlmICRkIGVxIHN1YnN0ciBzaGEyNTZfaGV4KCRjLCRpKSwwLCRpZDskaSsrfXByaW50IlxuT3V0cHV0OlxuJEFSR1ZbMF0jJEFSR1ZbMV0jJEFSR1ZbMl0jJEFSR1ZbM10jJGlcbiI=" | base64 -d | perl -w - %s %s %s %s %s %s %s
+						</code>
+					<li>Paste the script output into the box and submit:
+					<form method="post">
+						<textarea name="pow_response" placeholder="script output" required></textarea>
+						<div><input type="submit" value="submit" /></div>
+					</form>
+				</ol>
+			</details>
+]]
+
 -- title with favicon and hostname
 _M.site_name_section = [[
 		<h3 class="pt">