Commit Graph

102 Commits

Author SHA1 Message Date
c28e4d438e Remove unnecessary code in getpath method 2023-08-06 19:22:09 +10:00
a82483224b Fix issue with pplet.qs taking whole query but not parsing the path out of it for the map loopup, caused issues with selecting captcha mode 2023-08-06 17:45:52 +10:00
aee6cf9899 Update minified script 2023-07-20 01:14:04 +10:00
faaf1fb743 Actually fix that 2023-07-20 01:11:23 +10:00
844cff1baa Don't check for wasm support when using sha256 challenge type 2023-07-19 20:55:48 +10:00
eb82a3d391 ne wjson map format for excluding exits 2023-06-15 22:01:53 +10:00
fa4680aaa6 Add translation json_query vars to error pages thanks to @l29utp0 2023-06-04 12:51:34 +10:00
22b6b4795e WIP of configurable challenge settings per-domain with a ddos_config map and handling 2023-05-21 20:13:23 +10:00
14922d7e2f Refactor fetching header for difference between applet and transaction mode.
Improve locale_strings map by re json.encode.
Add method to put translation jsons into txn var and read with a json_query fetch inside template files not served by a lua view e.g. maintenance page
2023-05-21 15:18:55 +10:00
c93ca7f16c Remove . prefix on cookie domain 2023-04-29 23:02:13 +10:00
32c5e2dfca Fix using incorrect prompt for noscript sha256 vs argon2 2023-04-29 22:57:34 +10:00
88e954575f copy pt pt o pt br 2023-04-29 18:56:15 +10:00
88ba9f264b add /.basedflare/pow-icon (useful with rewrite for custom loading image) 2023-04-29 15:43:35 +10:00
88345216dd minify js 2023-04-20 21:29:59 +10:00
f1cf3f6390 frontend js translations 2023-04-20 21:23:50 +10:00
2af32627eb Start on localisation ref #22 2023-04-19 23:08:15 +10:00
615049a59e Update auto script 2023-04-15 00:27:18 +10:00
493bfd88f9 Add and improve auto background solve 2023-04-14 21:47:01 +10:00
8523a87592 Fix auto.js minification breaking and window for argon check 2023-04-14 01:58:05 +10:00
5e2943064a Move ...s in template 2023-04-14 01:44:52 +10:00
5fd4ae842c Add new (optional) auto script to be optionally included in frontend sites, will auto solve POW when low time left
Allow bot-check to return json format to be compatible with that
Update challenge script
2023-04-14 01:42:56 +10:00
a6f3613b6a More concise wording, offer a .min.js for scripts 2023-04-11 21:13:25 +10:00
8b361f89c5 Image on bot-check adn css tweak, change footers to basedflare link in template, maintenance, bot-check 2023-04-10 17:48:44 +10:00
37bbec9f3b add missing map 2023-04-06 22:47:21 +10:00
40da57544a Support multiple backends per domain with the help of some lua 2023-04-06 22:40:03 +10:00
35668c9b58 adjust dummytime logic and start time 2023-03-23 01:13:41 +11:00
94567f69ff Improve appearance and affordance of challenge pages with some template and js tweaks 2023-03-19 13:07:41 +11:00
9478892614 Allow proper ssl verification for backends (With a privately managed CA of course) 2023-03-18 15:21:21 +11:00
521e4ab335 not bold h3, hide generic favicon, white bg instead off offwhite 2023-03-06 19:47:50 +11:00
4c97df8fb1 test ssl verify none to backends 2023-03-02 22:18:25 +11:00
3cc7482084 Fully convert to data plane api
Change global ACL to a map to realtime update with data plane api
Change how on setartup servers are registered in lua
2023-02-18 15:14:40 +11:00
80e966b6d4 Revert to 3 dots loader and adjust page style slightly 2023-02-14 00:07:06 +11:00
87f66479d8 - Change to using domain instead of resolving, because cloudflare blocked this even with the host header, and haproxy 2.7 appears to no longer need this 'hack'
- Fix issue with matched_expiry being 0 and breaking captcha cookie
- Spacing
2023-02-13 21:59:02 +11:00
4e3beaf66d use 2 threads at least 2023-02-12 09:09:17 +11:00
f231b86544 Ability to choose between sha256 or argon2 with env var close #21 2023-02-11 23:38:59 +11:00
eb92f6c31b Add back dummy time, shorter (3000ms) 2023-02-11 21:46:29 +11:00
9531049aa9 Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout
Make cookies sent from captcha/pow response be httponly
2023-02-11 21:39:38 +11:00
9f4c8e8fbb increase the throttle from 100 -> 1 back to 10 to prevent crashing 2023-02-11 21:05:47 +11:00
1612e342ee rename BUCKET_DURATION since its now an expiry time 2023-02-11 21:05:10 +11:00
6e5cf2af31 Make cookie expiry based on issued expiry date from challenge date instead of all expiring on bucket.
Fixes potential issue of challenges being incorrect if solved right on the bucket change
Allows to solve a challenge at any time (even in the background) and not see the challenge page twice in a small period
Allows for backend to make dynamic expiry of tokens e.g make tor tokens or based on IP reputation not last as long (not implemented atm)
Close #20
2023-02-11 20:57:21 +11:00
a303689641 Close #18 make answers and redirect calls shared between tabs with localstorage to not solve and submit answer multiple times when opening multiple tabs/bookmarks, etc 2023-02-11 16:08:44 +11:00
08a966c121 Reorganise, move code to not be split between haproxy and src folder 2023-02-11 15:06:35 +11:00
0d56079960 Rename POW vars to separately argon_ for argon2 stuff, improve readme and split out INSTALLATION into separate file 2023-02-11 14:43:55 +11:00
45bc67fae4 Move everything under paths like /.basedflare/ instead of putting stuff in paths where it might conflict
Move templates to own file instead of in main lua script
Rename some stuff from "hcatpcha" to more correct "captcha" and "bot-check" because we no longer only have hcaptcha
Clean some code and add a few comments
2023-02-11 14:16:51 +11:00
b593be8627 Add some reasonable limits to cookie parsing, reduce impact of possible attack 2023-01-06 19:02:20 +11:00
9c17d5b8fc update url lib, change default settings 2022-11-06 13:42:26 +11:00
4dd6eec87e Show pow speed, and estimate remaining time 2022-10-02 22:11:38 +11:00
64e26f65b5 - Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW

Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
2022-10-02 04:57:59 +11:00
eede92d47d Allow a bit better granularity for the difficulty. Recommend an "easier" challenge in terms of memory and iterations, but higher diff.
Make failed request for captcha/bot form show a little error text.
Make CHALLENGE_INCLUDES_IP "1" = on, anything else = off instead of needing to be unset.
2022-10-01 15:33:48 +10:00
434756a7a1 If this fixes what I think it fixes, ill eat my fucking shoe 2022-09-29 21:54:58 +10:00