Merge pull request #508 from bunkerity/dev
Merge branch "dev" into branch "staging"
This commit is contained in:
commit
612333d2ad
|
@ -69,7 +69,7 @@ RUN apk add --no-cache pcre bash python3 && \
|
|||
ln -s /proc/1/fd/1 /var/log/nginx/access.log
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add "libcrypto3>=3.0.8-r4" "libssl3>=3.0.8-r4" "curl>=8.1.0-r0" "libcurl>=8.1.0-r0" "libwebp>=1.2.4-r2"
|
||||
RUN apk add "libcrypto3>=3.0.8-r4" "libssl3>=3.0.8-r4" "curl>=8.1.0-r0" "libcurl>=8.1.0-r0" "libwebp>=1.2.4-r2" "ncurses-libs>=6.3_p20221119-r1" "ncurses-terminfo-base>=6.3_p20221119-r1"
|
||||
|
||||
VOLUME /data /etc/nginx
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ function plugin:initialize(id)
|
|||
self.id = id
|
||||
local multisite = false
|
||||
local current_phase = ngx.get_phase()
|
||||
for i, check_phase in ipairs({ "set", "access", "content", "header", "log", "preread", "log_stream", "log_default" }) do
|
||||
for i, check_phase in ipairs({ "set", "access", "content", "header_filter", "log", "preread", "log_stream", "log_default" }) do
|
||||
if current_phase == check_phase then
|
||||
multisite = true
|
||||
break
|
||||
|
|
|
@ -221,6 +221,11 @@ function antibot:display_challenge()
|
|||
if self.variables["USE_ANTIBOT"] == "hcaptcha" then
|
||||
template_vars.hcaptcha_sitekey = self.variables["ANTIBOT_HCAPTCHA_SITEKEY"]
|
||||
end
|
||||
|
||||
-- Turnstile case
|
||||
if self.variables["USE_ANTIBOT"] == "turnstile" then
|
||||
template_vars.turnstile_sitekey = self.variables["ANTIBOT_TURNSTILE_SITEKEY"]
|
||||
end
|
||||
|
||||
-- Render content
|
||||
template.render(self.variables["USE_ANTIBOT"] .. ".html", template_vars)
|
||||
|
@ -346,6 +351,45 @@ function antibot:check_challenge()
|
|||
self.session_data.time_valid = ngx.now()
|
||||
return true, "resolved", self.session_data.original_uri
|
||||
end
|
||||
|
||||
-- Turnstile case
|
||||
if self.variables["USE_ANTIBOT"] == "turnstile" then
|
||||
ngx.req.read_body()
|
||||
local args, err = ngx.req.get_post_args(1)
|
||||
if err == "truncated" or not args or not args["token"] then
|
||||
return nil, "missing challenge arg", nil
|
||||
end
|
||||
local httpc, err = http.new()
|
||||
if not httpc then
|
||||
return nil, "can't instantiate http object : " .. err, nil, nil
|
||||
end
|
||||
local data = {
|
||||
secret=self.variables["ANTIBOT_TURNSTILE_SECRET"],
|
||||
response=args["token"],
|
||||
remoteip=ngx.ctx.bw.remote_addr
|
||||
}
|
||||
local res, err = httpc:request_uri("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
|
||||
method = "POST",
|
||||
body = cjson.encode(data),
|
||||
headers = {
|
||||
["Content-Type"] = "application/x-www-form-urlencoded"
|
||||
}
|
||||
})
|
||||
httpc:close()
|
||||
if not res then
|
||||
return nil, "can't send request to Turnstile API : " .. err, nil
|
||||
end
|
||||
local ok, tdata = pcall(cjson.decode, res.body)
|
||||
if not ok then
|
||||
return nil, "error while decoding JSON from Turnstile API : " .. data, nil
|
||||
end
|
||||
if not tdata.success then
|
||||
return false, "client failed challenge", nil
|
||||
end
|
||||
self.session_data.resolved = true
|
||||
self.session_data.time_valid = ngx.now()
|
||||
return true, "resolved", self.session_data.original_uri
|
||||
end
|
||||
|
||||
return nil, "unknown", nil
|
||||
end
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -11,7 +11,7 @@
|
|||
"help": "Activate antibot feature.",
|
||||
"id": "use-antibot",
|
||||
"label": "Antibot challenge",
|
||||
"regex": "^(no|cookie|javascript|captcha|recaptcha|hcaptcha)$",
|
||||
"regex": "^(no|cookie|javascript|captcha|recaptcha|hcaptcha|turnstile)$",
|
||||
"type": "select",
|
||||
"select": [
|
||||
"no",
|
||||
|
@ -19,7 +19,8 @@
|
|||
"javascript",
|
||||
"captcha",
|
||||
"recaptcha",
|
||||
"hcaptcha"
|
||||
"hcaptcha",
|
||||
"turnstile"
|
||||
]
|
||||
},
|
||||
"ANTIBOT_URI": {
|
||||
|
@ -76,6 +77,24 @@
|
|||
"regex": "^(0x[a-zA-Z0-9]+)?$",
|
||||
"type": "password"
|
||||
},
|
||||
"ANTIBOT_TURNSTILE_SITEKEY": {
|
||||
"context": "multisite",
|
||||
"default": "",
|
||||
"help": "Sitekey for Turnstile challenge.",
|
||||
"id": "antibot-turnstile-sitekey",
|
||||
"label": "Turnstile sitekey",
|
||||
"regex": "^(0x[\\w-]+)?$",
|
||||
"type": "text"
|
||||
},
|
||||
"ANTIBOT_TURNSTILE_SECRET": {
|
||||
"context": "multisite",
|
||||
"default": "",
|
||||
"help": "Secret for Turnstile challenge.",
|
||||
"id": "antibot-turnstile-secret",
|
||||
"label": "Turnstile secret",
|
||||
"regex": "^(0x[\\w-]+)?$",
|
||||
"type": "password"
|
||||
},
|
||||
"ANTIBOT_TIME_RESOLVE": {
|
||||
"context": "multisite",
|
||||
"default": "60",
|
||||
|
|
|
@ -21,7 +21,7 @@ function misc:access()
|
|||
return self:ret(true, "method " .. method .. " is allowed")
|
||||
end
|
||||
end
|
||||
return self:ret(true, "method " .. method .. " not is allowed", ngx.HTTP_NOT_ALLOWED)
|
||||
return self:ret(true, "method " .. method .. " is not allowed", ngx.HTTP_NOT_ALLOWED)
|
||||
end
|
||||
|
||||
return misc
|
Loading…
Reference in New Issue