Fix lua sessions with antibot
This commit is contained in:
parent
a1385fe9b3
commit
179a7aa34a
|
@ -56,7 +56,7 @@ utils.has_variable = function(var, value)
|
|||
return variables["global"][var] == value, "success"
|
||||
end
|
||||
|
||||
utils.has_not_variable = function(var, value)
|
||||
utils.has_not_variable = function(var, value)
|
||||
-- Get global variable
|
||||
local variables, err = datastore:get('variables', true)
|
||||
if not variables then
|
||||
|
@ -479,8 +479,8 @@ utils.get_deny_status = function(ctx)
|
|||
return tonumber(variables["global"]["DENY_HTTP_STATUS"])
|
||||
end
|
||||
|
||||
utils.check_session = function(ctx)
|
||||
local _session, err, exists, refreshed = session.start({audience = "metadata"})
|
||||
utils.check_session = function(ctx)
|
||||
local _session, err, exists, refreshed = session.start({ audience = "metadata" })
|
||||
if exists then
|
||||
for i, check in ipairs(ctx.bw.sessions_checks) do
|
||||
local key = check[1]
|
||||
|
@ -526,7 +526,7 @@ utils.get_session = function(audience, ctx)
|
|||
return _session
|
||||
end
|
||||
|
||||
utils.get_session_data = function(_session, site)
|
||||
utils.get_session_data = function(_session, site, ctx)
|
||||
local site_only = site == nil or site
|
||||
local data = _session:get_data()
|
||||
if site_only then
|
||||
|
@ -535,7 +535,7 @@ utils.get_session_data = function(_session, site)
|
|||
return data
|
||||
end
|
||||
|
||||
utils.set_session_data = function(_session, data, site)
|
||||
utils.set_session_data = function(_session, data, site, ctx)
|
||||
local site_only = site == nil or site
|
||||
if site_only then
|
||||
local all_data = _session:get_data()
|
||||
|
@ -702,7 +702,7 @@ utils.kill_all_threads = function(threads)
|
|||
end
|
||||
end
|
||||
|
||||
utils.get_ctx_obj = function(obj)
|
||||
utils.get_ctx_obj = function(obj)
|
||||
if ngx.ctx and ngx.ctx.bw then
|
||||
return ngx.ctx.bw[obj]
|
||||
end
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
local datastore = require "bunkerweb.datastore"
|
||||
local cjson = require "cjson"
|
||||
local captcha = require "antibot.captcha"
|
||||
local base64 = require "base64"
|
||||
local sha256 = require "resty.sha256"
|
||||
local str = require "resty.string"
|
||||
local http = require "resty.http"
|
||||
local template = nil
|
||||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
local cjson = require "cjson"
|
||||
local captcha = require "antibot.captcha"
|
||||
local base64 = require "base64"
|
||||
local sha256 = require "resty.sha256"
|
||||
local str = require "resty.string"
|
||||
local http = require "resty.http"
|
||||
local template = nil
|
||||
if ngx.shared.datastore then
|
||||
template = require "resty.template"
|
||||
end
|
||||
|
@ -32,7 +31,7 @@ function antibot:access()
|
|||
return self:ret(false, "can't get session : " .. err, ngx.HTTP_INTERNAL_SERVER_ERROR)
|
||||
end
|
||||
self.session = session
|
||||
self.session_data = utils.get_session_data(self.session, self.ctx)
|
||||
self.session_data = utils.get_session_data(self.session, true, self.ctx)
|
||||
-- Check if session is valid
|
||||
self:check_session()
|
||||
|
||||
|
@ -112,7 +111,7 @@ function antibot:content()
|
|||
return self:ret(false, "can't get session : " .. err, ngx.HTTP_INTERNAL_SERVER_ERROR)
|
||||
end
|
||||
self.session = session
|
||||
self.session_data = utils.get_session_data(self.session, self.ctx)
|
||||
self.session_data = utils.get_session_data(self.session, true, self.ctx)
|
||||
|
||||
-- Direct access without session
|
||||
if not self.session_data.prepared then
|
||||
|
@ -155,7 +154,7 @@ end
|
|||
|
||||
function antibot:set_session_data()
|
||||
if self.session_updated then
|
||||
local ok, err = utils.set_session_data(self.session, self.session_data, self.ctx)
|
||||
local ok, err = utils.set_session_data(self.session, self.session_data, true, self.ctx)
|
||||
if not ok then
|
||||
return false, err
|
||||
end
|
||||
|
@ -195,7 +194,7 @@ function antibot:display_challenge()
|
|||
|
||||
-- Common variables for templates
|
||||
local template_vars = {
|
||||
antibot_uri = self.variables["ANTIBOT_URI"]
|
||||
antibot_uri = self.variables["ANTIBOT_URI"],
|
||||
}
|
||||
|
||||
-- Javascript case
|
||||
|
@ -294,8 +293,8 @@ function antibot:check_challenge()
|
|||
local res, err = httpc:request_uri("https://www.google.com/recaptcha/api/siteverify", {
|
||||
method = "POST",
|
||||
body = "secret=" ..
|
||||
self.variables["ANTIBOT_RECAPTCHA_SECRET"] ..
|
||||
"&response=" .. args["token"] .. "&remoteip=" .. self.ctx.bw.remote_addr,
|
||||
self.variables["ANTIBOT_RECAPTCHA_SECRET"] ..
|
||||
"&response=" .. args["token"] .. "&remoteip=" .. self.ctx.bw.remote_addr,
|
||||
headers = {
|
||||
["Content-Type"] = "application/x-www-form-urlencoded"
|
||||
}
|
||||
|
@ -330,8 +329,8 @@ function antibot:check_challenge()
|
|||
local res, err = httpc:request_uri("https://hcaptcha.com/siteverify", {
|
||||
method = "POST",
|
||||
body = "secret=" ..
|
||||
self.variables["ANTIBOT_HCAPTCHA_SECRET"] ..
|
||||
"&response=" .. args["token"] .. "&remoteip=" .. ngx.ctx.bw.remote_addr,
|
||||
self.variables["ANTIBOT_HCAPTCHA_SECRET"] ..
|
||||
"&response=" .. args["token"] .. "&remoteip=" .. self.ctx.bw.remote_addr,
|
||||
headers = {
|
||||
["Content-Type"] = "application/x-www-form-urlencoded"
|
||||
}
|
||||
|
@ -364,9 +363,9 @@ function antibot:check_challenge()
|
|||
return nil, "can't instantiate http object : " .. err, nil, nil
|
||||
end
|
||||
local data = {
|
||||
secret=self.variables["ANTIBOT_TURNSTILE_SECRET"],
|
||||
response=args["token"],
|
||||
remoteip=ngx.ctx.bw.remote_addr
|
||||
secret = self.variables["ANTIBOT_TURNSTILE_SECRET"],
|
||||
response = args["token"],
|
||||
remoteip = self.ctx.bw.remote_addr
|
||||
}
|
||||
local res, err = httpc:request_uri("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
|
||||
method = "POST",
|
||||
|
|
Loading…
Reference in New Issue