basic antibot using javascript

confs/antibot-javascript.conf

@@ -0,0 +1,39 @@
+location = %ANTIBOT_URI% {
+
+	default_type 'text/html';
+	
+	if ($request_method = GET) {
+		content_by_lua_block {
+			local cookie		= require "cookie"
+			local javascript	= require "javascript"
+			if not cookie.is_set("challenge") then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			local challenge	= cookie.get("challenge")
+			local code		= javascript.get_code(challenge, "%ANTIBOT_URI%", cookie.get("uri"))
+			ngx.say(code)
+		}
+	}
+	
+	if ($request_method = POST) {
+		content_by_lua_block {
+			local cookie		= require "cookie"
+			local javascript	= require "javascript"
+			if not cookie.is_set("challenge") then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			ngx.req.read_body()
+			local args, err = ngx.req.get_post_args(1)
+			if err == "truncated" or not args or not args["challenge"] then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			local challenge	= args["challenge"]
+			local check		= javascript.check(cookie.get("challenge"), challenge)
+			if not check then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			cookie.set("javascript", "ok")
+			cookie.save()
+		}
+	}
+}

confs/main-lua.conf

@@ -1,17 +1,19 @@
 access_by_lua_block {
 
-local use_whitelist_ip			= %USE_WHITELIST_IP%
-local use_whitelist_reverse		= %USE_WHITELIST_REVERSE%
-local use_blacklist_ip			= %USE_BLACKLIST_IP%
-local use_blacklist_reverse		= %USE_BLACKLIST_REVERSE%
-local use_dnsbl				= %USE_DNSBL%
-local use_antibot_cookie		= %USE_ANTIBOT_COOKIE%
+local use_whitelist_ip		= %USE_WHITELIST_IP%
+local use_whitelist_reverse	= %USE_WHITELIST_REVERSE%
+local use_blacklist_ip		= %USE_BLACKLIST_IP%
+local use_blacklist_reverse	= %USE_BLACKLIST_REVERSE%
+local use_dnsbl			= %USE_DNSBL%
+local use_antibot_cookie	= %USE_ANTIBOT_COOKIE%
+local use_antibot_javascript	= %USE_ANTIBOT_JAVASCRIPT%
 
 -- include LUA code
-local whitelist = require "whitelist"
-local blacklist = require "blacklist"
-local dnsbl	= require "dnsbl"
-local cookie	= require "cookie"
+local whitelist		= require "whitelist"
+local blacklist		= require "blacklist"
+local dnsbl		= require "dnsbl"
+local cookie		= require "cookie"
+local javascript	= require "javascript"
 
 -- antibot
 local antibot_uri = "%ANTIBOT_URI%"
@@ -74,15 +76,28 @@ end
 
 -- cookie check
 if use_antibot_cookie then
-	if not cookie.is_set() then
-		if ngx.var.uri ~= antibot_uri then
-			cookie.set()
+	if not cookie.is_set("uri") then
+		if ngx.var.request_uri ~= antibot_uri then
+			cookie.set("uri", ngx.var.request_uri)
+			cookie.save()
 			return ngx.redirect(antibot_uri)
 		end
 		return ngx.exit(ngx.HTTP_FORBIDDEN)
 	else
-		if ngx.var.uri == antibot_uri then
-			return ngx.redirect(cookie.get_uri())
+		if ngx.var.request_uri == antibot_uri then
+			return ngx.redirect(cookie.get("uri"))
+		end
+	end
+end
+
+-- javascript check
+if use_antibot_javascript then
+	if not cookie.is_set("javascript") then
+		if ngx.var.request_uri ~= antibot_uri then
+			cookie.set("uri", ngx.var.request_uri)
+			cookie.set("challenge", javascript.get_challenge())
+			cookie.save()
+			return ngx.redirect(antibot_uri)
 		end
 	end
 end
@@ -90,3 +105,5 @@ end
 ngx.exit(ngx.OK)
 
 }
+
+%INCLUDE_ANTIBOT_JAVASCRIPT%