- Move to new scheme with some hashing, sigs, and a random user key. close#13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
- Reduce the default concurrency of the frontend script to 2 threads because any higher seems to crash firefox (and its quick enough even with 2 threads anyway)
- Remove the footerlogo from challenge and maintenance page, and update the link
Even if a lot of distros just symlink sh > bash the script needs to do some substitutions not supported in sh, so it's more correct. Who doesnt have bash these days anyway?
old code was just dumb, dunno what i was thinking.
now domain+path takes priority and can be lower or hight level, not just higher level than domain only.
global override does POW only (for now --or can be easily changed for captcha+pow) until i make that customisable level too
no more confusing inverted map
use maps correctly as k:v
cleaned up some stuff
added comments
add a salt to the generate_secret function -- that was kinda important right? lol
just pass through to `end` if not POST or GET
make it not use calls to hostname and dig in lua scripts, use haproxy backend resolving instead
improve the template a lot and make it theme-matched to my site and similar to ngx_http_js_challenge robot page
fix various bugs
add on-demand global / per-domain ddos protection enabling
add automatic redirect from captcha page back to the requested source
prettify the captcha page
