buyfakett/server_torii
1
0
Fork 0
mirror of https://github.com/Rayzggz/server_torii.git synced 2025-06-17 12:41:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: CAPTCHA SESSION

Browse Source
This commit is contained in:
Roi Feng
2025-03-08 23:09:06 -05:00
parent 1a8d40bc82
commit a1f15f37c6
6 changed files with 62 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config_example/error_page/CAPTCHA.html
View File

@ -66,6 +66,11 @@
+ "您未能通过人机验证,请刷新页面后重试。"); + "您未能通过人机验证,请刷新页面后重试。");
window.location.reload(); window.location.reload();
break; break;
case "badSession":
alert("Session invalid, please refresh the page and try again.\n"
+ "会话无效,请刷新页面后重试。");
window.location.reload();
break;
default: default:
alert("Unexpected error occurred, please refresh the page and try again.\n" alert("Unexpected error occurred, please refresh the page and try again.\n"
+ "发生了意料之外的错误,请刷新页面后重试。"); + "发生了意料之外的错误,请刷新页面后重试。");

1
config_example/rules/CAPTCHA.yml
View File

@ -1,3 +1,4 @@
secret_key: "0378b0f84c4310279918d71a5647ba5d" secret_key: "0378b0f84c4310279918d71a5647ba5d"
captcha_validate_time: 600 captcha_validate_time: 600
captcha_challenge_session_timeout: 120
hcaptcha_secret: "" hcaptcha_secret: ""

44
internal/check/Captcha.go
View File

@ -32,7 +32,7 @@ func Captcha(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *ac
} }
if !verifyClearanceCookie(reqData, *ruleSet) { if !verifyClearanceCookie(reqData, *ruleSet) {
decision.SetCode(action.Done, []byte("CAPTCHA")) decision.SetResponse(action.Done, []byte("CAPTCHA"), genSessionID(reqData, *ruleSet))
return return
} }
@ -52,6 +52,11 @@ func CheckCaptcha(r *http.Request, reqData dataType.UserRequest, ruleSet *config
return return
} }
if !verifySessionIDCookie(reqData, *ruleSet) {
decision.SetResponse(action.Done, []byte("200"), []byte("badSession"))
return
}
data := url.Values{} data := url.Values{}
data.Set("secret", ruleSet.CAPTCHARule.HCaptchaSecret) data.Set("secret", ruleSet.CAPTCHARule.HCaptchaSecret)
data.Set("response", hCaptchaResponse) data.Set("response", hCaptchaResponse)
@ -130,3 +135,40 @@ func verifyClearanceCookie(reqData dataType.UserRequest, ruleSet config.RuleSet)
return hmac.Equal([]byte(computedHash), []byte(expectedHash)) return hmac.Equal([]byte(computedHash), []byte(expectedHash))
} }
func genSessionID(reqData dataType.UserRequest, ruleSet config.RuleSet) []byte {
timeNow := time.Now().Unix()
mac := hmac.New(sha512.New, []byte(ruleSet.CAPTCHARule.SecretKey))
mac.Write([]byte(fmt.Sprintf("%d%s%sCAPTCHA-SESSION", timeNow, reqData.Host, utils.GetClearanceUserAgent(reqData.UserAgent))))
return []byte(fmt.Sprintf("%s:%s", fmt.Sprintf("%d", time.Now().Unix()), fmt.Sprintf("%x", mac.Sum(nil))))
}
func verifySessionIDCookie(reqData dataType.UserRequest, ruleSet config.RuleSet) bool {
if reqData.ToriiSessionID == "" {
return false
}
parts := strings.Split(reqData.ToriiSessionID, ":")
if len(parts) != 2 {
return false
}
timestamp := parts[0]
expectedHash := parts[1]
timeNow := time.Now().Unix()
parsedTimestamp, err := strconv.ParseInt(timestamp, 10, 64)
if err != nil {
log.Printf("Error parsing timestamp: %v", err)
return false
}
if timeNow-parsedTimestamp > ruleSet.CAPTCHARule.CaptchaChallengeSessionTimeout {
return false
}
mac := hmac.New(sha512.New, []byte(ruleSet.CAPTCHARule.SecretKey))
mac.Write([]byte(fmt.Sprintf("%d%s%sCAPTCHA-SESSION", parsedTimestamp, reqData.Host, utils.GetClearanceUserAgent(reqData.UserAgent))))
computedHash := fmt.Sprintf("%x", mac.Sum(nil))
return hmac.Equal([]byte(computedHash), []byte(expectedHash))
}

1
internal/dataType/type.go
View File

@ -13,5 +13,6 @@ type UserRequest struct {
type CaptchaRule struct { type CaptchaRule struct {
SecretKey string `yaml:"secret_key"` SecretKey string `yaml:"secret_key"`
CaptchaValidateTime int64 `yaml:"captcha_validate_time"` CaptchaValidateTime int64 `yaml:"captcha_validate_time"`
CaptchaChallengeSessionTimeout int64 `yaml:"captcha_challenge_session_timeout"`
HCaptchaSecret string `yaml:"hcaptcha_secret"` HCaptchaSecret string `yaml:"hcaptcha_secret"`
} }

1
internal/server/checker.go
View File

@ -70,6 +70,7 @@ func CheckMain(w http.ResponseWriter, userRequestData dataType.UserRequest, rule
http.Error(w, "500 - Internal Server Error", http.StatusInternalServerError) http.Error(w, "500 - Internal Server Error", http.StatusInternalServerError)
return return
} }
w.Header().Set("Set-Cookie", "__torii_session_id="+string(decision.ResponseData)+"; Path=/; Path=/; Max-Age=86400; Priority=High; HttpOnly;")
w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.WriteHeader(http.StatusServiceUnavailable) w.WriteHeader(http.StatusServiceUnavailable)
if err = tpl.Execute(w, nil); err != nil { if err = tpl.Execute(w, nil); err != nil {

8
internal/server/torii.go
View File

@ -28,6 +28,14 @@ func CheckTorii(w http.ResponseWriter, r *http.Request, reqData dataType.UserReq
return return
} }
return return
} else if bytes.Compare(decision.ResponseData, []byte("badSession")) == 0 {
w.WriteHeader(http.StatusOK)
_, err := w.Write([]byte("badSession"))
if err != nil {
log.Printf("Error writing response: %v", err)
return
}
return
} else if bytes.Compare(decision.ResponseData, []byte("good")) == 0 { } else if bytes.Compare(decision.ResponseData, []byte("good")) == 0 {
w.Header().Set("Set-Cookie", "__torii_clearance="+string(check.GenClearance(reqData, *ruleSet))+"; Path=/; Max-Age=86400; Priority=High; HttpOnly;") w.Header().Set("Set-Cookie", "__torii_clearance="+string(check.GenClearance(reqData, *ruleSet))+"; Path=/; Max-Age=86400; Priority=High; HttpOnly;")
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)