basic antibot feature through captcha

2020-10-14 22:46:20 +02:00
parent 446ee3761b
commit 2909b79891
15 changed files with 529 additions and 27 deletions
--- a/confs/antibot-captcha.conf
+++ b/confs/antibot-captcha.conf
@@ -0,0 +1,40 @@
+location = %ANTIBOT_URI% {
+
+	default_type 'text/html';
+	
+	if ($request_method = GET) {
+		content_by_lua_block {
+			local cookie	= require "cookie"
+			local captcha	= require "captcha"
+			if not cookie.is_set("uri") then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			local img, res = captcha.get_challenge()
+			cookie.set({captchares = res})
+			local code = captcha.get_code(img, "%ANTIBOT_URI%")
+			ngx.say(code)
+		}
+	}
+	
+	if ($request_method = POST) {
+		access_by_lua_block {
+			local cookie	= require "cookie"
+			local captcha	= require "captcha"
+			if not cookie.is_set("captchares") then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			ngx.req.read_body()
+			local args, err = ngx.req.get_post_args(1)
+			if err == "truncated" or not args or not args["captcha"] then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			local captcha_user	= args["captcha"]
+			local check		= captcha.check(captcha_user, cookie.get("captchares"))
+			if not check then
+				return ngx.redirect("%ANTIBOT_URI%")
+			end
+			cookie.set({captcha = "ok"})
+			return ngx.redirect(cookie.get("uri"))
+		}
+	}
+}
--- a/confs/antibot-javascript.conf
+++ b/confs/antibot-javascript.conf
@@ -10,7 +10,7 @@ location = %ANTIBOT_URI% {
 				return ngx.exit(ngx.HTTP_FORBIDDEN)
 			end
 			local challenge	= cookie.get("challenge")
-			local code		= javascript.get_code(challenge, "%ANTIBOT_URI%", cookie.get("uri"))
+			local code	= javascript.get_code(challenge, "%ANTIBOT_URI%", cookie.get("uri"))
 			ngx.say(code)
 		}
 	}
@@ -32,8 +32,8 @@ location = %ANTIBOT_URI% {
 			if not check then
 				return ngx.exit(ngx.HTTP_FORBIDDEN)
 			end
-			cookie.set("javascript", "ok")
-			cookie.save()
+			cookie.set({javascript = "ok"})
+			return ngx.exit(ngx.OK)
 		}
 	}
 }
--- a/confs/main-lua.conf
+++ b/confs/main-lua.conf
@@ -7,6 +7,7 @@ local use_blacklist_reverse	= %USE_BLACKLIST_REVERSE%
 local use_dnsbl			= %USE_DNSBL%
 local use_antibot_cookie	= %USE_ANTIBOT_COOKIE%
 local use_antibot_javascript	= %USE_ANTIBOT_JAVASCRIPT%
+local use_antibot_captcha	= %USE_ANTIBOT_CAPTCHA%

 -- include LUA code
 local whitelist		= require "whitelist"
@@ -14,6 +15,7 @@ local blacklist		= require "blacklist"
 local dnsbl		= require "dnsbl"
 local cookie		= require "cookie"
 local javascript	= require "javascript"
+local captcha		= require "captcha"

 -- antibot
 local antibot_uri = "%ANTIBOT_URI%"
@@ -78,8 +80,7 @@ end
 if use_antibot_cookie then
 	if not cookie.is_set("uri") then
 		if ngx.var.request_uri ~= antibot_uri then
-			cookie.set("uri", ngx.var.request_uri)
-			cookie.save()
+			cookie.set({uri = ngx.var.request_uri})
 			return ngx.redirect(antibot_uri)
 		end
 		return ngx.exit(ngx.HTTP_FORBIDDEN)
@@ -94,9 +95,17 @@ end
 if use_antibot_javascript then
 	if not cookie.is_set("javascript") then
 		if ngx.var.request_uri ~= antibot_uri then
-			cookie.set("uri", ngx.var.request_uri)
-			cookie.set("challenge", javascript.get_challenge())
-			cookie.save()
+			cookie.set({uri = ngx.var.request_uri, challenge = javascript.get_challenge()})
+			return ngx.redirect(antibot_uri)
+		end
+	end
+end
+
+-- captcha check
+if use_antibot_captcha then
+	if not cookie.is_set("captcha") then
+		if ngx.var.request_uri ~= antibot_uri and ngx.var.request_uri ~= "/favicon.ico" then
+			cookie.set({uri = ngx.var.request_uri})
 			return ngx.redirect(antibot_uri)
 		end
 	end
@@ -107,3 +116,5 @@ ngx.exit(ngx.OK)
 }

 %INCLUDE_ANTIBOT_JAVASCRIPT%
+
+%INCLUDE_ANTIBOT_CAPTCHA%