mirror of
https://github.com/TecharoHQ/anubis.git
synced 2025-08-03 01:38:14 -04:00
4ac59c3a79
* feat(lib/challenge): HTTP meta refresh challenge method Closes #95 This challenge method enables users that don't (or won't) support JavaScript to pass Anubis challenges. It works by using HTML meta refresh directives to ensure that the client is a browser. This is OFF by default. In order to enable it, an administrator MUST choose to make the default challenge method `metarefresh`. TODO(Xe): - [ ] Documentation on this challenge method - [ ] Amend wording around Anubis being a proof of work proxy in the docs - [ ] Add configuration file syntax for the default challenge method and settings - [ ] Test with early customers Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib/challenge/metarefresh): use this value of err Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: add metarefresh challenge info, Web AI Firewall Utility Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
54 lines
1.5 KiB
Go
54 lines
1.5 KiB
Go
package metarefresh
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"fmt"
|
|
"log/slog"
|
|
"net/http"
|
|
|
|
"github.com/TecharoHQ/anubis"
|
|
"github.com/TecharoHQ/anubis/lib/challenge"
|
|
"github.com/TecharoHQ/anubis/lib/policy"
|
|
"github.com/TecharoHQ/anubis/web"
|
|
"github.com/a-h/templ"
|
|
)
|
|
|
|
//go:generate go tool github.com/a-h/templ/cmd/templ generate
|
|
|
|
func init() {
|
|
challenge.Register("metarefresh", &Impl{})
|
|
}
|
|
|
|
type Impl struct{}
|
|
|
|
func (i *Impl) Setup(mux *http.ServeMux) {}
|
|
|
|
func (i *Impl) Issue(r *http.Request, lg *slog.Logger, rule *policy.Bot, challenge string, ogTags map[string]string) (templ.Component, error) {
|
|
u, err := r.URL.Parse(anubis.BasePrefix + "/.within.website/x/cmd/anubis/api/pass-challenge")
|
|
if err != nil {
|
|
return nil, fmt.Errorf("can't render page: %w", err)
|
|
}
|
|
|
|
q := u.Query()
|
|
q.Set("redir", r.URL.String())
|
|
q.Set("challenge", challenge)
|
|
u.RawQuery = q.Encode()
|
|
|
|
component, err := web.BaseWithChallengeAndOGTags("Making sure you're not a bot!", page(challenge, u.String(), rule.Challenge.Difficulty), challenge, rule.Challenge, ogTags)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("can't render page: %w", err)
|
|
}
|
|
|
|
return component, nil
|
|
}
|
|
|
|
func (i *Impl) Validate(r *http.Request, lg *slog.Logger, rule *policy.Bot, wantChallenge string) error {
|
|
gotChallenge := r.FormValue("challenge")
|
|
|
|
if subtle.ConstantTimeCompare([]byte(wantChallenge), []byte(gotChallenge)) != 1 {
|
|
return challenge.NewError("validate", "invalid response", fmt.Errorf("%w: wanted response %s but got %s", challenge.ErrFailed, wantChallenge, gotChallenge))
|
|
}
|
|
|
|
return nil
|
|
}
|