mirror of
https://gitgud.io/fatchan/haproxy-protection.git
synced 2025-05-09 02:05:37 +00:00
598790cb4f
- Move to new scheme with some hashing, sigs, and a random user key. close #13 - Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10 - Change POW output checked value - Add lib for randombytes, udpate lua sha lib - Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
36 lines
861 B
Lua
36 lines
861 B
Lua
local _M = {}
|
|
|
|
local sha = require("sha")
|
|
local secret_bucket_duration = tonumber(os.getenv("BUCKET_DURATION"))
|
|
|
|
function _M.generate_secret(context, salt, user_key, is_applet)
|
|
|
|
-- time bucket for expiry
|
|
local start_sec = core.now()['sec']
|
|
local bucket = start_sec - (start_sec % secret_bucket_duration)
|
|
|
|
-- user agent to counter very dumb spammers
|
|
local user_agent = ""
|
|
if is_applet == true then
|
|
user_agent = context.headers['user-agent'] or {}
|
|
user_agent = user_agent[0] or ""
|
|
else
|
|
--note req_fhdr not req_hdr otherwise commas in useragent become a delimiter
|
|
user_agent = context.sf:req_fhdr('user-agent') or ""
|
|
end
|
|
|
|
return sha.sha256(salt .. bucket .. user_key .. user_agent)
|
|
|
|
end
|
|
|
|
function _M.split(inputstr, sep)
|
|
local t = {}
|
|
for str in string.gmatch(inputstr, "([^"..sep.."]+)") do
|
|
table.insert(t, str)
|
|
end
|
|
return t
|
|
end
|
|
|
|
return _M
|
|
|