Commit Graph

54 Commits

Author SHA1 Message Date
4806dea4fc Merge branch 'argon2' into kikeflare 2022-09-24 14:57:05 +00:00
a6b6bc1510 word-break:break-all on header which can contain long domain name 2022-09-25 00:40:52 +10:00
a50b35b65d argon2 implementation
- memory and time params customisable as well as "difficulty", default 1 iteration, 6000KB, 3 difficulty.
- updated the noscript bash method to work with argon2
- works in webworkers or main thread, capped at 8 threads (doesn't seem to crash firefox anymore -- we could go higher)
2022-09-24 22:56:55 +10:00
d019440bc0 Move POW proof checking to POST and sign a cookie there, kinda like captcha flow, so we can do a more intensive one without it happening on every request. We just check the hmac now.
Still TODO actually converting it to argon, but should be straightforward from this point.
Another advantage of making POW check use POST is a better noscript experience. We now provide a box and "submit" button, so they don't have to mess with setting a cookie.
2022-09-23 00:26:20 +10:00
20a04f23c2 Change wording for public branch 2022-09-21 19:47:47 +10:00
ff779c7cce Merge branch 'captcha-auto-submit' into kikeflare 2022-09-17 15:47:29 +00:00
0af1a740ab Make captcha submission automatic and not require clicking a "submit" form button 2022-09-18 01:41:02 +10:00
349c73ecbf Merge branch 'master' into kikeflare 2022-09-17 09:07:20 +00:00
d115ca6f46 ref #15 2022-09-17 19:06:37 +10:00
244e63eba2 Merge branch 'master' into kikeflare 2022-09-17 08:49:26 +00:00
194c5bb96c Check ssl_fc for whether to set captcha cookie as secure close #15 2022-09-17 18:48:28 +10:00
e9e97a7843 Merge branch 'master' into kikeflare 2022-09-16 18:40:19 +00:00
3f7e48def6 update the nojs terminal script 2022-09-17 04:38:42 +10:00
571d01db27 Merge branch 'master' into kikeflare 2022-09-16 18:04:52 +00:00
598790cb4f - Fix some docker-compose issues close #14
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
2022-09-17 02:45:27 +10:00
0d991770cf google recaptcha v2 support 2022-09-12 23:37:21 +10:00
c9e007639e - Make the "checking your browser for robots" look more like cloudflare
- Reduce the default concurrency of the frontend script to 2 threads because any higher seems to crash firefox (and its quick enough even with 2 threads anyway)
- Remove the footerlogo from challenge and maintenance page, and update the link
2022-09-10 08:23:09 +10:00
fa4c437725 New based domain 2022-09-03 14:58:52 +00:00
da82579399 move the improved site title to a separate new section, so now the hcaptcha page has it too 2022-09-03 11:30:04 +00:00
cc826accf3 style fixes for noscript pow 2022-09-02 14:30:29 +00:00
cf075b9ab2 improve loading page 2022-09-01 11:49:03 +00:00
e139b04f4b kikeflare branch customisations and error pages 2022-04-25 14:11:57 +10:00
ac4b29193b padding change 2022-03-15 22:07:09 +11:00
d23ee6c897 kikeflare customisation branch 2022-03-15 22:00:02 +11:00
d5a83be478 Change last stage of the noscript command option to bash instead of sh.
Even if a lot of distros just symlink sh > bash the script needs to do some substitutions not supported in sh, so it's more correct. Who doesnt have bash these days anyway?
2022-02-20 23:14:39 +11:00
640f80bb56 for noscript users, in pow only mode (not when hcaptcha enabled), the page now includes a small encoded script that will get the correct captcha value. Slower than javascript, but good enough. 2022-02-20 01:01:40 +11:00
1bf8992371 link to repo until new site ready 2022-01-27 22:39:13 +11:00
7ea0fe7dc8 improve check for captcha map fetches by domain and domain+path.
old code was just dumb, dunno what i was thinking.
now domain+path takes priority and can be lower or hight level, not just higher level than domain only.
2022-01-19 23:15:18 +11:00
e406ac46ca Merge branch 'lua-httpclient-test' 2022-01-19 18:09:30 +11:00
d38713b4cb haproxy snapshot fixes bug, and use url biuld query to make body for hcaptcha post 2022-01-19 18:01:08 +11:00
5007106c3a space to 4 tabs 2022-01-03 01:16:46 +11:00
c2be84c4f8 body not sending, needs fix 2021-12-31 00:28:56 +11:00
9787471004 use POST for hcaptcha submission instead of get, since their docs says get is not supported even if it works 2021-12-30 23:50:25 +11:00
ba2880a1d5 dont run setup_servers without the env vars 2021-12-30 00:24:49 +11:00
6e32998426 remove unused import 2021-12-28 01:17:59 +11:00
06b28c8650 add dataplaneapi for --save-map-files, and bugfix some small things. custom domain/backendip working pretty well now 2021-12-27 20:42:27 +11:00
9557c06aa1 update, dynamic backends based on hostname ,can be updated live control panel/management socket 2021-12-26 23:56:15 +11:00
6f52ee8977 improved, now handles domain OR path protection with 0, 1, 2 setting for none, pow, captcha
global override does POW only (for now --or can be easily changed for captcha+pow) until i make that customisable level too
no more confusing inverted map
use maps correctly as k:v
cleaned up some stuff
added comments
2021-12-04 21:42:27 +11:00
c03a16214b close #5 2021-11-26 00:48:50 +11:00
7b11645190 samesite strict and secure in hcaptcha script set-cookie 2021-11-25 18:31:22 +11:00
c16a554754 charset=utf8 to some service repsonses, "ray id" show in captcha page 2021-11-25 18:20:31 +11:00
48382434c4 change haproxy pathing from /usr/share/etc to /etc 2021-11-25 18:16:07 +11:00
5a4a02beba switch 2 maps, one for ddos enabled, the other to disable captcha leaving only POW
minor change script messages
todo: update CLI to allow changing
2021-11-24 19:37:56 +11:00
5e04ebd962 fix footer overflow 2021-11-24 13:24:51 +11:00
508e45ae9c change path for scripts 2021-11-24 12:09:38 +11:00
77ad645815 visual tweaks and minor script improvement 2021-11-24 06:02:39 +11:00
9f26e53798 combine POW and captcha into one 2021-11-24 05:23:33 +11:00
0c0fa22d6f change cookie to not expire instead of client-controlled expiry (duh)
use bucket duration as part of secret generation
xxh32 -> xxh64
2021-11-24 01:09:11 +11:00
f7f6ecd276 gitignore docker-compose, remove some unnecessary comments, change cookie name 2021-11-24 00:46:44 +11:00
6400d98975 make the useragent header fetch properly
add a salt to the generate_secret function -- that was kinda important right? lol
just pass through to `end` if not POST or GET
make it not use calls to hostname and dig in lua scripts, use haproxy backend resolving instead
improve the template a lot and make it theme-matched to my site and similar to ngx_http_js_challenge robot page
fix various bugs
2021-11-24 00:34:41 +11:00