mirror of
https://github.com/TecharoHQ/anubis.git
synced 2025-08-03 17:59:24 -04:00
fe9cff4bf4
This means that challenge pages will return only the little bit that actually matters, not the entire component. Signed-off-by: Xe Iaso <me@xeiaso.net>
52 lines
1.3 KiB
Go
52 lines
1.3 KiB
Go
package metarefresh
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"fmt"
|
|
"log/slog"
|
|
"net/http"
|
|
|
|
"github.com/TecharoHQ/anubis"
|
|
"github.com/TecharoHQ/anubis/lib/challenge"
|
|
"github.com/TecharoHQ/anubis/lib/localization"
|
|
"github.com/a-h/templ"
|
|
)
|
|
|
|
//go:generate go tool github.com/a-h/templ/cmd/templ generate
|
|
|
|
func init() {
|
|
challenge.Register("metarefresh", &Impl{})
|
|
}
|
|
|
|
type Impl struct{}
|
|
|
|
func (i *Impl) Setup(mux *http.ServeMux) {}
|
|
|
|
func (i *Impl) Issue(r *http.Request, lg *slog.Logger, in *challenge.IssueInput) (templ.Component, error) {
|
|
u, err := r.URL.Parse(anubis.BasePrefix + "/.within.website/x/cmd/anubis/api/pass-challenge")
|
|
if err != nil {
|
|
return nil, fmt.Errorf("can't render page: %w", err)
|
|
}
|
|
|
|
q := u.Query()
|
|
q.Set("redir", r.URL.String())
|
|
q.Set("challenge", in.Challenge.RandomData)
|
|
u.RawQuery = q.Encode()
|
|
|
|
loc := localization.GetLocalizer(r)
|
|
|
|
result := page(u.String(), in.Rule.Challenge.Difficulty, loc)
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func (i *Impl) Validate(r *http.Request, lg *slog.Logger, in *challenge.ValidateInput) error {
|
|
gotChallenge := r.FormValue("challenge")
|
|
|
|
if subtle.ConstantTimeCompare([]byte(in.Challenge.RandomData), []byte(gotChallenge)) != 1 {
|
|
return challenge.NewError("validate", "invalid response", fmt.Errorf("%w: wanted response %s but got %s", challenge.ErrFailed, in.Challenge.RandomData, gotChallenge))
|
|
}
|
|
|
|
return nil
|
|
}
|