Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ability to choose between sha256 or argon2 with env var close #21

Browse Source
This commit is contained in:
Thomas Lynch
2023-02-11 23:38:59 +11:00
parent 2089d790a2
commit f231b86544
7 changed files with 76 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/lua/scripts/bot-check.lua
View File

@ -9,13 +9,12 @@ local url = require("url")
local utils = require("utils")
local cookie = require("cookie")
local json = require("json")
local sha = require("sha")
local randbytes = require("randbytes")
local templates = require("templates")
-- POW
local pow_type = os.getenv("POW_TYPE") or "argon2"
local pow_difficulty = tonumber(os.getenv("POW_DIFFICULTY") or 18)
-- argon2
local argon2 = require("argon2")
local argon_kb = tonumber(os.getenv("ARGON_KB") or 6000)
@ -25,9 +24,8 @@ argon2.m_cost(argon_kb)
argon2.parallelism(1)
argon2.hash_len(32)
argon2.variant(argon2.variants.argon2_id)
-- sha2
-- TODO
local sha = require("sha")
-- environment variables
local captcha_secret = os.getenv("HCAPTCHA_SECRET") or os.getenv("RECAPTCHA_SECRET")
@ -144,14 +142,20 @@ function _M.view(applet)
captcha_sitekey, captcha_script_src)
else
pow_body = templates.pow_section
noscript_extra_body = string.format(templates.noscript_extra, user_key,
local noscript_extra
if pow_type == "argon2" then
noscript_extra = templates.noscript_extra_argon2
else
noscript_extra = templates.noscript_extra_sha256
end
noscript_extra_body = string.format(noscript_extra, user_key,
challenge_hash, expiry, signature, math.ceil(pow_difficulty/8),
argon_time, argon_kb)
end
-- sub in the body sections
response_body = string.format(templates.body, combined_challenge,
pow_difficulty, argon_time, argon_kb,
pow_difficulty, argon_time, argon_kb, pow_type,
site_name_body, pow_body, captcha_body, noscript_extra_body, ray_id)
response_status_code = 403
@ -200,11 +204,14 @@ function _M.view(applet)
if given_signature == generated_signature then
-- do the work with their given answer
local full_hash = argon2.hash_encoded(given_challenge_hash .. given_answer, given_user_key)
-- check the output is correct
local hash_output = utils.split(full_hash, '$')[6]:sub(0, 43) -- https://github.com/thibaultcha/lua-argon2/issues/37
local hex_hash_output = sha.bin_to_hex(sha.base64_to_bin(hash_output));
local hex_hash_output = ""
if pow_type == "argon2" then
local encoded_argon_hash = argon2.hash_encoded(given_challenge_hash .. given_answer, given_user_key)
local trimmed_argon_hash = utils.split(encoded_argon_hash, '$')[6]:sub(0, 43) -- https://github.com/thibaultcha/lua-argon2/issues/37
hex_hash_output = sha.bin_to_hex(sha.base64_to_bin(trimmed_argon_hash));
else
hex_hash_output = sha.sha256(given_user_key .. given_challenge_hash .. given_answer)
end
if utils.checkdiff(hex_hash_output, pow_difficulty) then