antibot - check IP with sessions and recaptcha

2020-10-23 15:12:52 +02:00 · 2020-10-23 15:12:52 +02:00 · 397415211e
commit 397415211e
parent 68d7988551
2 changed files with 2 additions and 1 deletions
--- a/confs/main-lua.conf
+++ b/confs/main-lua.conf
@ -1,4 +1,5 @@
 set $session_secret %ANTIBOT_SESSION_SECRET%;
 set $session_check_addr on;
 access_by_lua_block {
--- a/lua/recaptcha.lua
+++ b/lua/recaptcha.lua
@ -30,7 +30,7 @@ function M.check (token, recaptcha_secret)
 	local res, err = httpc:request_uri("https://www.google.com/recaptcha/api/siteverify", {
 		ssl_verify = false,
 		method = "POST",
-		body = "secret=" .. recaptcha_secret .. "&response=" .. token,
+		body = "secret=" .. recaptcha_secret .. "&response=" .. token .. "&remoteip=" .. ngx.var.remote_addr,
 		headers = { ["Content-Type"] = "application/x-www-form-urlencoded" }
 	})
 	if not res then