From 397415211eabca89c2ac41961480f95e24019d41 Mon Sep 17 00:00:00 2001
From: bunkerity <contact@bunkerity.com>
Date: Fri, 23 Oct 2020 15:12:52 +0200
Subject: [PATCH] antibot - check IP with sessions and recaptcha

---
 confs/main-lua.conf | 1 +
 lua/recaptcha.lua   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/confs/main-lua.conf b/confs/main-lua.conf
index 10b536b..77c4343 100644
--- a/confs/main-lua.conf
+++ b/confs/main-lua.conf
@@ -1,4 +1,5 @@
 set $session_secret %ANTIBOT_SESSION_SECRET%;
+set $session_check_addr on;
 
 access_by_lua_block {
 
diff --git a/lua/recaptcha.lua b/lua/recaptcha.lua
index 5f85555..2816a40 100644
--- a/lua/recaptcha.lua
+++ b/lua/recaptcha.lua
@@ -30,7 +30,7 @@ function M.check (token, recaptcha_secret)
 	local res, err = httpc:request_uri("https://www.google.com/recaptcha/api/siteverify", {
 		ssl_verify = false,
 		method = "POST",
-		body = "secret=" .. recaptcha_secret .. "&response=" .. token,
+		body = "secret=" .. recaptcha_secret .. "&response=" .. token .. "&remoteip=" .. ngx.var.remote_addr,
 		headers = { ["Content-Type"] = "application/x-www-form-urlencoded" }
 	})
 	if not res then