From eaec9574b2cc816b47d3dd73681bf9267e6c93e7 Mon Sep 17 00:00:00 2001 From: Roi Feng <37480123+Rayzggz@users.noreply.github.com> Date: Tue, 25 Feb 2025 13:07:47 -0500 Subject: [PATCH] Revert "feat: CAPTCHA session ID" This reverts commit 12c7473e --- config_example/error_page/CAPTCHA.html | 5 --- config_example/rules/CAPTCHA.yml | 1 - internal/check/Captcha.go | 43 +------------------------- internal/dataType/type.go | 7 ++--- internal/server/checker.go | 1 - internal/server/torii.go | 8 ----- 6 files changed, 4 insertions(+), 61 deletions(-) diff --git a/config_example/error_page/CAPTCHA.html b/config_example/error_page/CAPTCHA.html index 30f7032..6ae636c 100644 --- a/config_example/error_page/CAPTCHA.html +++ b/config_example/error_page/CAPTCHA.html @@ -66,11 +66,6 @@ + "您未能通过人机验证,请刷新页面后重试。"); window.location.reload(); break; - case "timeout": - alert("Verification timeout, please refresh the page and try again.\n" - + "验证超时,请刷新页面后重试。"); - window.location.reload(); - break; default: alert("Unexpected error occurred, please refresh the page and try again.\n" + "发生了意料之外的错误,请刷新页面后重试。"); diff --git a/config_example/rules/CAPTCHA.yml b/config_example/rules/CAPTCHA.yml index 96736f0..14c411d 100644 --- a/config_example/rules/CAPTCHA.yml +++ b/config_example/rules/CAPTCHA.yml @@ -1,4 +1,3 @@ secret_key: "0378b0f84c4310279918d71a5647ba5d" captcha_validate_time: 600 -captcha_challenge_timeout: 120 hcaptcha_secret: "" \ No newline at end of file diff --git a/internal/check/Captcha.go b/internal/check/Captcha.go index ff8cf10..2af70aa 100644 --- a/internal/check/Captcha.go +++ b/internal/check/Captcha.go @@ -31,7 +31,7 @@ func Captcha(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *ac } if !verifyClearanceCookie(reqData, *ruleSet) { - decision.SetResponse(action.Done, []byte("CAPTCHA"), genSessionID(reqData, *ruleSet)) + decision.SetCode(action.Done, []byte("CAPTCHA")) return } @@ -51,11 +51,6 @@ func CheckCaptcha(r *http.Request, reqData dataType.UserRequest, ruleSet *config return } - if !verifySessionCookie(reqData, *ruleSet) { - decision.SetResponse(action.Done, []byte("200"), []byte("timeout")) - return - } - data := url.Values{} data.Set("secret", ruleSet.CAPTCHARule.HCaptchaSecret) data.Set("response", hCaptchaResponse) @@ -98,42 +93,6 @@ func CheckCaptcha(r *http.Request, reqData dataType.UserRequest, ruleSet *config } -func genSessionID(reqData dataType.UserRequest, ruleSet config.RuleSet) []byte { - timeNow := time.Now().Unix() - mac := hmac.New(sha512.New, []byte(ruleSet.CAPTCHARule.SecretKey)) - mac.Write([]byte(fmt.Sprintf("%d%s%sCAPTCHA-SESSION-ID", timeNow, reqData.Host, reqData.UserAgent))) - return []byte(fmt.Sprintf("%s:%s", fmt.Sprintf("%d", time.Now().Unix()), fmt.Sprintf("%x", mac.Sum(nil)))) -} - -func verifySessionCookie(reqData dataType.UserRequest, ruleSet config.RuleSet) bool { - if reqData.ToriiSessionID == "" { - return false - } - parts := strings.Split(reqData.ToriiSessionID, ":") - if len(parts) != 2 { - return false - } - timestamp := parts[0] - expectedHash := parts[1] - - timeNow := time.Now().Unix() - parsedTimestamp, err := strconv.ParseInt(timestamp, 10, 64) - if err != nil { - log.Printf("Error parsing timestamp: %v", err) - return false - } - - if timeNow-parsedTimestamp > ruleSet.CAPTCHARule.CaptchaChallengeTimeout { - return false - } - - mac := hmac.New(sha512.New, []byte(ruleSet.CAPTCHARule.SecretKey)) - mac.Write([]byte(fmt.Sprintf("%d%s%sCAPTCHA-SESSION-ID", parsedTimestamp, reqData.Host, reqData.UserAgent))) - computedHash := fmt.Sprintf("%x", mac.Sum(nil)) - - return hmac.Equal([]byte(computedHash), []byte(expectedHash)) -} - func GenClearance(reqData dataType.UserRequest, ruleSet config.RuleSet) []byte { timeNow := time.Now().Unix() mac := hmac.New(sha512.New, []byte(ruleSet.CAPTCHARule.SecretKey)) diff --git a/internal/dataType/type.go b/internal/dataType/type.go index 3052c41..db83d66 100644 --- a/internal/dataType/type.go +++ b/internal/dataType/type.go @@ -11,8 +11,7 @@ type UserRequest struct { } type CaptchaRule struct { - SecretKey string `yaml:"secret_key"` - CaptchaValidateTime int64 `yaml:"captcha_validate_time"` - CaptchaChallengeTimeout int64 `yaml:"captcha_challenge_timeout"` - HCaptchaSecret string `yaml:"hcaptcha_secret"` + SecretKey string `yaml:"secret_key"` + CaptchaValidateTime int64 `yaml:"captcha_validate_time"` + HCaptchaSecret string `yaml:"hcaptcha_secret"` } diff --git a/internal/server/checker.go b/internal/server/checker.go index 8e5df8a..962094e 100644 --- a/internal/server/checker.go +++ b/internal/server/checker.go @@ -70,7 +70,6 @@ func CheckMain(w http.ResponseWriter, userRequestData dataType.UserRequest, rule http.Error(w, "500 - Internal Server Error", http.StatusInternalServerError) return } - w.Header().Set("Set-Cookie", "__torii_session_id="+string(decision.ResponseData)+"; Path=/; Max-Age=86400; Priority=High; HttpOnly;") w.Header().Set("Content-Type", "text/html; charset=utf-8") w.WriteHeader(http.StatusServiceUnavailable) if err = tpl.Execute(w, nil); err != nil { diff --git a/internal/server/torii.go b/internal/server/torii.go index c2696db..5218d50 100644 --- a/internal/server/torii.go +++ b/internal/server/torii.go @@ -36,14 +36,6 @@ func CheckTorii(w http.ResponseWriter, r *http.Request, reqData dataType.UserReq log.Printf("Error writing response: %v", err) return } - } else if bytes.Compare(decision.ResponseData, []byte("timeout")) == 0 { - w.WriteHeader(http.StatusOK) - _, err := w.Write([]byte("timeout")) - if err != nil { - log.Printf("Error writing response: %v", err) - return - } - return } else { //should not be here w.WriteHeader(http.StatusInternalServerError)