Fix lua sessions with antibot

src/bw/lua/bunkerweb/utils.lua

@@ -56,7 +56,7 @@ utils.has_variable           = function(var, value)
 	return variables["global"][var] == value, "success"
 end
 
-utils.has_not_variable           = function(var, value)
+utils.has_not_variable       = function(var, value)
 	-- Get global variable
 	local variables, err = datastore:get('variables', true)
 	if not variables then
@@ -479,8 +479,8 @@ utils.get_deny_status        = function(ctx)
 	return tonumber(variables["global"]["DENY_HTTP_STATUS"])
 end
 
-utils.check_session = function(ctx)
-	local _session, err, exists, refreshed = session.start({audience = "metadata"})
+utils.check_session          = function(ctx)
+	local _session, err, exists, refreshed = session.start({ audience = "metadata" })
 	if exists then
 		for i, check in ipairs(ctx.bw.sessions_checks) do
 			local key = check[1]
@@ -526,7 +526,7 @@ utils.get_session            = function(audience, ctx)
 	return _session
 end
 
-utils.get_session_data	= function(_session, site)
+utils.get_session_data       = function(_session, site, ctx)
 	local site_only = site == nil or site
 	local data = _session:get_data()
 	if site_only then
@@ -535,7 +535,7 @@ utils.get_session_data	= function(_session, site)
 	return data
 end
 
-utils.set_session_data = function(_session, data, site)
+utils.set_session_data       = function(_session, data, site, ctx)
 	local site_only = site == nil or site
 	if site_only then
 		local all_data = _session:get_data()
@@ -702,7 +702,7 @@ utils.kill_all_threads       = function(threads)
 	end
 end
 
-utils.get_ctx_obj = function(obj)
+utils.get_ctx_obj            = function(obj)
 	if ngx.ctx and ngx.ctx.bw then
 		return ngx.ctx.bw[obj]
 	end

src/common/core/antibot/antibot.lua

@@ -1,14 +1,13 @@
-local class     = require "middleclass"
-local plugin    = require "bunkerweb.plugin"
-local utils     = require "bunkerweb.utils"
-local datastore = require "bunkerweb.datastore"
-local cjson     = require "cjson"
-local captcha   = require "antibot.captcha"
-local base64    = require "base64"
-local sha256    = require "resty.sha256"
-local str       = require "resty.string"
-local http      = require "resty.http"
-local template  = nil
+local class    = require "middleclass"
+local plugin   = require "bunkerweb.plugin"
+local utils    = require "bunkerweb.utils"
+local cjson    = require "cjson"
+local captcha  = require "antibot.captcha"
+local base64   = require "base64"
+local sha256   = require "resty.sha256"
+local str      = require "resty.string"
+local http     = require "resty.http"
+local template = nil
 if ngx.shared.datastore then
 	template = require "resty.template"
 end
@@ -32,7 +31,7 @@ function antibot:access()
 		return self:ret(false, "can't get session : " .. err, ngx.HTTP_INTERNAL_SERVER_ERROR)
 	end
 	self.session = session
-	self.session_data = utils.get_session_data(self.session, self.ctx)
+	self.session_data = utils.get_session_data(self.session, true, self.ctx)
 	-- Check if session is valid
 	self:check_session()
 
@@ -112,7 +111,7 @@ function antibot:content()
 		return self:ret(false, "can't get session : " .. err, ngx.HTTP_INTERNAL_SERVER_ERROR)
 	end
 	self.session = session
-	self.session_data = utils.get_session_data(self.session, self.ctx)
+	self.session_data = utils.get_session_data(self.session, true, self.ctx)
 
 	-- Direct access without session
 	if not self.session_data.prepared then
@@ -155,7 +154,7 @@ end
 
 function antibot:set_session_data()
 	if self.session_updated then
-		local ok, err = utils.set_session_data(self.session, self.session_data, self.ctx)
+		local ok, err = utils.set_session_data(self.session, self.session_data, true, self.ctx)
 		if not ok then
 			return false, err
 		end
@@ -195,7 +194,7 @@ function antibot:display_challenge()
 
 	-- Common variables for templates
 	local template_vars = {
-		antibot_uri = self.variables["ANTIBOT_URI"]
+		antibot_uri = self.variables["ANTIBOT_URI"],
 	}
 
 	-- Javascript case
@@ -294,8 +293,8 @@ function antibot:check_challenge()
 		local res, err = httpc:request_uri("https://www.google.com/recaptcha/api/siteverify", {
 			method = "POST",
 			body = "secret=" ..
-			self.variables["ANTIBOT_RECAPTCHA_SECRET"] ..
-			"&response=" .. args["token"] .. "&remoteip=" .. self.ctx.bw.remote_addr,
+					self.variables["ANTIBOT_RECAPTCHA_SECRET"] ..
+					"&response=" .. args["token"] .. "&remoteip=" .. self.ctx.bw.remote_addr,
 			headers = {
 				["Content-Type"] = "application/x-www-form-urlencoded"
 			}
@@ -330,8 +329,8 @@ function antibot:check_challenge()
 		local res, err = httpc:request_uri("https://hcaptcha.com/siteverify", {
 			method = "POST",
 			body = "secret=" ..
-			self.variables["ANTIBOT_HCAPTCHA_SECRET"] ..
-			"&response=" .. args["token"] .. "&remoteip=" .. ngx.ctx.bw.remote_addr,
+					self.variables["ANTIBOT_HCAPTCHA_SECRET"] ..
+					"&response=" .. args["token"] .. "&remoteip=" .. self.ctx.bw.remote_addr,
 			headers = {
 				["Content-Type"] = "application/x-www-form-urlencoded"
 			}
@@ -364,9 +363,9 @@ function antibot:check_challenge()
 			return nil, "can't instantiate http object : " .. err, nil, nil
 		end
 		local data = {
-			secret=self.variables["ANTIBOT_TURNSTILE_SECRET"],
-			response=args["token"],
-			remoteip=ngx.ctx.bw.remote_addr
+			secret = self.variables["ANTIBOT_TURNSTILE_SECRET"],
+			response = args["token"],
+			remoteip = self.ctx.bw.remote_addr
 		}
 		local res, err = httpc:request_uri("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
 			method = "POST",