Add Turnstile antibot

src/common/core/antibot/antibot.lua

@@ -221,6 +221,11 @@ function antibot:display_challenge()
 	if self.variables["USE_ANTIBOT"] == "hcaptcha" then
 		template_vars.hcaptcha_sitekey = self.variables["ANTIBOT_HCAPTCHA_SITEKEY"]
 	end
+	
+	-- Turnstile case
+	if self.variables["USE_ANTIBOT"] == "turnstile" then
+		template_vars.turnstile_sitekey = self.variables["ANTIBOT_TURNSTILE_SITEKEY"]
+	end
 
 	-- Render content
 	template.render(self.variables["USE_ANTIBOT"] .. ".html", template_vars)
@@ -346,6 +351,45 @@ function antibot:check_challenge()
 		self.session_data.time_valid = ngx.now()
 		return true, "resolved", self.session_data.original_uri
 	end
+	
+	-- Turnstile case
+	if self.variables["USE_ANTIBOT"] == "turnstile" then
+		ngx.req.read_body()
+		local args, err = ngx.req.get_post_args(1)
+		if err == "truncated" or not args or not args["token"] then
+			return nil, "missing challenge arg", nil
+		end
+		local httpc, err = http.new()
+		if not httpc then
+			return nil, "can't instantiate http object : " .. err, nil, nil
+		end
+		local data = {
+			secret=self.variables["ANTIBOT_TURNSTILE_SECRET"],
+			response=args["token"],
+			remoteip=ngx.ctx.bw.remote_addr
+		}
+		local res, err = httpc:request_uri("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
+			method = "POST",
+			body = cjson.encode(data),
+			headers = {
+				["Content-Type"] = "application/x-www-form-urlencoded"
+			}
+		})
+		httpc:close()
+		if not res then
+			return nil, "can't send request to Turnstile API : " .. err, nil
+		end
+		local ok, tdata = pcall(cjson.decode, res.body)
+		if not ok then
+			return nil, "error while decoding JSON from Turnstile API : " .. data, nil
+		end
+		if not tdata.success then
+			return false, "client failed challenge", nil
+		end
+		self.session_data.resolved = true
+		self.session_data.time_valid = ngx.now()
+		return true, "resolved", self.session_data.original_uri
+	end
 
 	return nil, "unknown", nil
 end

src/common/core/antibot/plugin.json

@@ -11,7 +11,7 @@
       "help": "Activate antibot feature.",
       "id": "use-antibot",
       "label": "Antibot challenge",
-      "regex": "^(no|cookie|javascript|captcha|recaptcha|hcaptcha)$",
+      "regex": "^(no|cookie|javascript|captcha|recaptcha|hcaptcha|turnstile)$",
       "type": "select",
       "select": [
         "no",
@@ -19,7 +19,8 @@
         "javascript",
         "captcha",
         "recaptcha",
-        "hcaptcha"
+        "hcaptcha",
+        "turnstile"
       ]
     },
     "ANTIBOT_URI": {
@@ -76,6 +77,24 @@
       "regex": "^(0x[a-zA-Z0-9]+)?$",
       "type": "password"
     },
+    "ANTIBOT_TURNSTILE_SITEKEY": {
+      "context": "multisite",
+      "default": "",
+      "help": "Sitekey for Turnstile challenge.",
+      "id": "antibot-turnstile-sitekey",
+      "label": "Turnstile sitekey",
+      "regex": "^(0x[\\w-]+)?$",
+      "type": "text"
+    },
+    "ANTIBOT_TURNSTILE_SECRET": {
+      "context": "multisite",
+      "default": "",
+      "help": "Secret for Turnstile challenge.",
+      "id": "antibot-turnstile-secret",
+      "label": "Turnstile secret",
+      "regex": "^(0x[\\w-]+)?$",
+      "type": "password"
+    },
     "ANTIBOT_TIME_RESOLVE": {
       "context": "multisite",
       "default": "60",