basic antibot feature through recaptcha v3

2020-10-16 10:36:33 +02:00
parent 135126e3f4
commit c1d44387b5
6 changed files with 130 additions and 1 deletions
--- a/confs/antibot-recaptcha.conf
+++ b/confs/antibot-recaptcha.conf
@@ -0,0 +1,39 @@
+location = %ANTIBOT_URI% {
+
+	default_type 'text/html';
+	
+	if ($request_method = GET) {
+		content_by_lua_block {
+			local cookie	= require "cookie"
+			local recaptcha	= require "recaptcha"
+			if not cookie.is_set("uri") then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			local code = recaptcha.get_code("%ANTIBOT_URI%", "%ANTIBOT_RECAPTCHA_SITEKEY%")
+			ngx.say(code)
+		}
+	}
+	
+	if ($request_method = POST) {
+		access_by_lua_block {
+			local cookie	= require "cookie"
+			local recaptcha	= require "recaptcha"
+			if not cookie.is_set("uri") then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			ngx.req.read_body()
+			local args, err = ngx.req.get_post_args(1)
+			if err == "truncated" or not args or not args["token"] then
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			local token	= args["token"]
+			local check	= recaptcha.check(token, "%ANTIBOT_RECAPTCHA_SECRET%")
+			if check < %ANTIBOT_RECAPTCHA_SCORE% then
+				ngx.log(ngx.WARN, "client has recaptcha score of " .. tostring(check))
+				return ngx.exit(ngx.HTTP_FORBIDDEN)
+			end
+			cookie.set({recaptcha = "ok"})
+			return ngx.redirect(cookie.get("uri"))
+		}
+	}
+}
--- a/confs/main-lua.conf
+++ b/confs/main-lua.conf
@@ -8,6 +8,7 @@ local use_dnsbl			= %USE_DNSBL%
 local use_antibot_cookie	= %USE_ANTIBOT_COOKIE%
 local use_antibot_javascript	= %USE_ANTIBOT_JAVASCRIPT%
 local use_antibot_captcha	= %USE_ANTIBOT_CAPTCHA%
+local use_antibot_recaptcha	= %USE_ANTIBOT_RECAPTCHA%

 -- include LUA code
 local whitelist		= require "whitelist"
@@ -16,6 +17,7 @@ local dnsbl		= require "dnsbl"
 local cookie		= require "cookie"
 local javascript	= require "javascript"
 local captcha		= require "captcha"
+local recaptcha		= require "recaptcha"

 -- antibot
 local antibot_uri = "%ANTIBOT_URI%"
@@ -111,6 +113,16 @@ if use_antibot_captcha then
 	end
 end

+-- recaptcha check
+if use_antibot_recaptcha then
+	if not cookie.is_set("recaptcha") then
+		if ngx.var.request_uri ~= antibot_uri and ngx.var.request_uri ~= "/favicon.ico" then
+			cookie.set({uri = ngx.var.request_uri})
+			return ngx.redirect(antibot_uri)
+		end
+	end
+end
+
 ngx.exit(ngx.OK)

 }
@@ -118,3 +130,5 @@ ngx.exit(ngx.OK)
 %INCLUDE_ANTIBOT_JAVASCRIPT%

 %INCLUDE_ANTIBOT_CAPTCHA%
+
+%INCLUDE_ANTIBOT_RECAPTCHA%
--- a/confs/nginx.conf
+++ b/confs/nginx.conf
@@ -58,6 +58,9 @@ http {
 	# enable/disable sending nginx version
 	server_tokens %SERVER_TOKENS%;

+	# resolvers to use
+	resolver %DNS_RESOLVERS% ipv6=off;
+
 	# get real IP address if behind a reverse proxy
        %PROXY_REAL_IP%