fatchan
/
haproxy-protection
mirror of https://gitgud.io/fatchan/haproxy-protection.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- Change to using domain instead of resolving, because cloudflare blocked this even with the host header, and haproxy 2.7 appears to no longer need this 'hack'

Browse Source 
- Fix issue with matched_expiry being 0 and breaking captcha cookie
- Spacing
master
Thomas Lynch 1 year ago
parent 5a15eddc4a
commit 87f66479d8
Signed by: fatchan
GPG Key ID: A7E5E8B7E11EE92D
1 changed files with 13 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      src/lua/scripts/bot-check.lua

17
src/lua/scripts/bot-check.lua
Unescape View File

@ -228,6 +228,7 @@ function _M.view(applet)
)
)
valid_submission = true
matched_expiry = number_expiry
end
end
@ -238,18 +239,24 @@ function _M.view(applet)
-- handle setting the captcha cookie
local user_captcha_response = parsed_body["h-captcha-response"] or parsed_body["g-recaptcha-response"]
if valid_submission and user_captcha_response then -- only check captcha if POW is already correct
-- format the url for verifying the captcha response
local captcha_url = string.format(
"https://%s%s",
core.backends[captcha_backend_name].servers[captcha_backend_name]:get_addr(),
--Seems this is no longer needed, captcha_provider_domain works since 2.7
--core.backends[captcha_backend_name].servers[captcha_backend_name]:get_addr(),
captcha_provider_domain,
captcha_siteverify_path
)
-- construct the captcha body to send to the captcha url
local captcha_body = url.buildQuery({
secret=captcha_secret,
response=user_captcha_response
})
-- instantiate an http client and make the request
local httpclient = core.httpclient()
local res = httpclient:post{
@ -257,17 +264,19 @@ function _M.view(applet)
body=captcha_body,
headers={
[ "host" ] = { captcha_provider_domain },
[ "content-type" ] = { "application/x-www-form-urlencoded" }
[ "content-type" ] = { "application/x-www-form-urlencoded" },
[ "user-agent" ] = { "haproxy-protection (haproxy-protection/0.1; +https://gitgud.io/fatchan/haproxy-protection)" }
}
}
-- try parsing the response as json
local status, api_response = pcall(json.decode, res.body)
if not status then
api_response = {}
end
-- the response was good i.e the captcha provider says they passed, give them a cookie
if api_response.success == true then
local user_key = sha.bin_to_hex(randbytes(16))
local user_hash = utils.generate_challenge(applet, captcha_cookie_secret, user_key, true)
local signature = sha.hmac(sha.sha3_256, hmac_cookie_secret, user_key .. user_hash .. matched_expiry)
@ -282,8 +291,8 @@ function _M.view(applet)
)
)
valid_submission = valid_submission and true
end
end
if not valid_submission then

Write Preview
Loading…
Cancel
Save