Fix typo in env var

Reviewed-on: #2

README.md

@@ -4,21 +4,27 @@ Serveur de génération de challenges altcha et de validation de la solution
 
 ## Utilisation
 
-### Depuis le binaire
+### Lancer le serveur
+Depuis le binaire
 ```sh
 $ ALTCHA_HMAC_KEY="CLÉ HMAC" bin/altcha run
 ```
 
-### Depuis l'image docker
+Depuis l'image docker
 ```sh
-$ docker run -e ALTCHA_HMAC_KEY="CLÉ HMAC" reg.cadoles.com/cadoles/altcha
+$ docker run -e ALTCHA_HMAC_KEY="CLÉ HMAC" -p 3333:3333 reg.cadoles.com/cadoles/altcha
 ```
 
-### Depuis les sources
+Depuis les sources
 ```sh
 $ ALTCHA_HMAC_KEY="CLÉ HMAC" go run ./cmd/altcha run
 ```
 
+Une fois le serveur lancé, se rendre sur localhost:3333/request pour effectuer une demande de challenge.
+Publier la solution sur localhost:3333/verify ou localhost:3333/verify-spam-filter
+
+Les détails sur le fonctionnement sont à retrouver sur la documentation d'altcha : https://altcha.org/fr/docs/get-started/
+
 ### Autres commandes
 Générer un challenge
 ```sh
@@ -38,6 +44,7 @@ $ ALTCHA_HMAC_KEY="CLÉ HMAC" bin/altcha verify [CHALLENGE] [SALT] [SIGNATURE] [
 ## Variables d'environement
 | Nom                 | Description                                                                  | Valeur par défaut        | Requis |
 |---------------------|------------------------------------------------------------------------------|--------------------------|--------|
+| ALTCHA_BASE_URL     | Url de base du service                                                       |                          | Non    |
 | ALTCHA_PORT         | Port d'écoute du serveur                                                     | 3333                     | Non    |
 | ALTCHA_HMAC_KEY     | Clé d'encodage des signatures                                                |                          | Oui    |
 | ALTCHA_MAX_NUMBER   | Nombre d'itération maximum pour résoudre le challenge (défini la difficulté) | 1000000                  | Non    |

internal/api/server.go

@@ -2,14 +2,15 @@ package api
 
 import (
 	"context"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"log/slog"
 	"net/http"
 	"time"
 
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
+	"github.com/altcha-org/altcha-lib-go"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/render"
@@ -17,11 +18,17 @@ import (
 )
 
 type Server struct {
+	baseUrl	string
 	port	string
 	client	client.Client
+	config	config.Config
 }
 
 func (s *Server) Run(ctx context.Context) {
+	if s.config.Debug {
+		slog.SetLogLoggerLevel(slog.LevelDebug)
+	}
+
 	r := chi.NewRouter()
 
 	r.Use(middleware.Logger)
@@ -32,9 +39,8 @@ func (s *Server) Run(ctx context.Context) {
 	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("root."))
 	})
-	r.Get("/request", s.requestHandler)
-	r.Get("/verify", s.submitHandler)
-	r.Get("/verify-spam-filter", s.submitSpamFilterHandler)
+	r.Get(s.baseUrl+"/request", s.requestHandler)
+	r.Post(s.baseUrl+"/verify", s.submitHandler)
 
 	logger.Info(ctx, "altcha server listening on port "+s.port)
 	if err := http.ListenAndServe(":"+s.port, r); err != nil {
@@ -46,95 +52,55 @@ func (s *Server) requestHandler(w http.ResponseWriter, r *http.Request) {
 	challenge, err := s.client.Generate()
 
 	if err != nil {
+		slog.Debug("Failed to create challenge,", "error", err)
 		http.Error(w, fmt.Sprintf("Failed to create challenge : %s", err), http.StatusInternalServerError)
 		return
 	}
 
-	writeJSON(w, challenge)
+	w.Header().Set("Content-Type", "application/json")
+	err = json.NewEncoder(w).Encode(challenge)
+	if err != nil {
+		slog.Debug("Failed to encode JSON", "error", err)
+		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
+		return
+	}
 }
 
 func (s *Server) submitHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
-		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
-		return
-	}
-
-	formData := r.FormValue("altcha")
-	if formData == "" {
-		 http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
-		 return
-	}
-
-	decodedPayload, err := base64.StdEncoding.DecodeString(formData)
+	var payload altcha.Payload
+	err := json.NewDecoder(r.Body).Decode(&payload)
 	if err != nil {
-		http.Error(w, "Failed to decode Altcha payload", http.StatusBadRequest)
-		return
-	}
-
-	var payload map[string]interface{}
-	if err := json.Unmarshal(decodedPayload, &payload); err != nil {
+		slog.Debug("Failed to parse Altcha payload,", "error", err)
 		http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest)
 		return
 	}
 
 	verified, err := s.client.VerifySolution(payload)
 	
-	if err != nil || !verified {
-		http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
-		return
-	}
-
-	writeJSON(w, map[string]interface{}{
-		"success":	true,
-		"data":		formData,
-	})
-}
-
-func (s *Server) submitSpamFilterHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
-		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
-		return
-	}
-
-	formData, err := formToMap(r)
 	if err != nil {
-		http.Error(w, "Cannot read form data", http.StatusBadRequest)
-	}
-
-	payload := r.FormValue("altcha")
-	if payload == "" {
-		http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
-	}
-
-	verified, verificationData, err := s.client.VerifyServerSignature(payload)
-	if err != nil || !verified {
-		http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
+		slog.Debug("Invalid Altcha payload", "error", err)
+		http.Error(w, "Invalid Altcha payload,", http.StatusBadRequest)
 		return
 	}
 
-	if verificationData.Verified && verificationData.Expire > time.Now().Unix() {
-		if verificationData.Classification == "BAD" {
-			http.Error(w, "Classified as spam", http.StatusBadRequest)
+	if !verified && !s.config.DisableValidation {
+		slog.Debug("Invalid solution")
+		http.Error(w, "Invalid solution", http.StatusBadRequest)
 		return
 	}
 	
-		if verificationData.FieldsHash != "" {
-			verified, err := s.client.VerifyFieldsHash(formData, verificationData.Fields, verificationData.FieldsHash)
-			if err != nil || !verified {
-				http.Error(w, "Invalid fields hash", http.StatusBadRequest)
-				return
-			}
-		}
-
-		writeJSON(w, map[string]interface{}{
+	w.Header().Set("Content-Type", "application/json")
+	err = json.NewEncoder(w).Encode(map[string]interface{}{
 		"success":	true,
-			"data":				formData,
-			"verificationData":	verificationData,
+		"data":		payload,
 	})
+	if err != nil {
+		if s.config.Debug {
+			slog.Debug("Failed to encode JSON", "error", err)
+		}
+		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
 		return
 	}
-
-	http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
 }
 
 func corsMiddleware(next http.Handler) http.Handler {
@@ -152,26 +118,22 @@ func corsMiddleware(next http.Handler) http.Handler {
 	})
 }
 
-func writeJSON(w http.ResponseWriter, data interface{}) {
-	w.Header().Set("Content-Type", "application/json")
-	if err := json.NewEncoder(w).Encode(data); err != nil {
-		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
-	}
+func NewServer(cfg config.Config) (*Server, error) {
+	expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
+	if err != nil {
+		fmt.Printf("%+v\n", err)
 	}
 
-func formToMap(r *http.Request) (map[string][]string, error) {
-	if err := r.ParseForm(); err != nil {
-		return nil, err
-	}
+	client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, expirationDuration, cfg.CheckExpire)
 
-	return r.Form, nil
+	if err != nil {
+		return &Server{}, err
 	}
 
-func NewServer(cfg config.Config) *Server {
-	client := *client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, cfg.Expire, cfg.CheckExpire)
-
 	return &Server {
+		baseUrl: cfg.BaseUrl,
 		port:	cfg.Port,
-		client:	client,
-	}
+		client:	*client,
+		config: cfg,
+	}, nil
 }

internal/client/client.go

@@ -1,6 +1,7 @@
 package client
 
 import (
+	"errors"
 	"time"
 
 	"github.com/altcha-org/altcha-lib-go"
@@ -11,11 +12,14 @@ type Client struct {
 	maxNumber	int64
 	algorithm	altcha.Algorithm
 	salt		string
-	expire		string
+	expire		time.Duration
 	checkExpire	bool
 }
 
-func NewClient(hmacKey string, maxNumber int64, algorithm string, salt string, expire string, checkExpire bool) *Client {
+func New(hmacKey string, maxNumber int64, algorithm string, salt string, expire time.Duration, checkExpire bool) (*Client, error) {
+	if len(hmacKey) == 0 {
+		return &Client{}, errors.New("HMAC key not found")
+	}
 	return &Client {
 		hmacKey:		hmacKey,
 		maxNumber:		maxNumber,
@@ -23,12 +27,11 @@ func NewClient(hmacKey string, maxNumber int64, algorithm string, salt string, e
 		salt:			salt,
 		expire:			expire,
 		checkExpire:	checkExpire,
-	}
+	}, nil
 }
 
 func (c *Client) Generate() (altcha.Challenge, error) {
-	expirationDuration, _ := time.ParseDuration(c.expire+"s")
-	expiration := time.Now().Add(expirationDuration)
+	expiration := time.Now().Add(c.expire)
 	
 	options := altcha.ChallengeOptions{
 		HMACKey:	c.hmacKey,

internal/command/generate.go

@@ -2,6 +2,7 @@ package command
 
 import (
 	"fmt"
+	"time"
 
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
 	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
@@ -21,12 +22,23 @@ func GenerateCommand() *cli.Command {
 		Action:	func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
+				return err
 			}
 			
-			c := client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, cfg.Expire, cfg.CheckExpire)
+			expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
+			if err != nil {
+				logger.Error(ctx.Context, err.Error())
+				return err
+			}
 
-			challenge, err := c.Generate()
+			client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, expirationDuration, cfg.CheckExpire)
+			if err != nil {
+				logger.Error(ctx.Context, err.Error())
+				return err
+			}
+
+			challenge, err := client.Generate()
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err

internal/command/main.go

@@ -2,7 +2,6 @@ package command
 
 import (
 	"context"
-	"fmt"
 	"os"
 	"sort"
 
@@ -17,27 +16,6 @@ func Main(commands ...*cli.Command) {
 		Name: 		"altcha-server",
 		Usage:		"create challenges and validate solutions for atlcha captcha",
 		Commands: commands,
-		Flags: []cli.Flag{
-			&cli.BoolFlag{
-				Name:		"debug",
-				EnvVars:	[]string{"ALTCHA_DEBUG"},
-				Value: 		false,
-			},
-		},
-	}
-
-	app.ExitErrHandler = func (ctx *cli.Context, err error) {
-		if err == nil {
-			return
-		}
-
-		debug := ctx.Bool("debug")
-
-		if !debug {
-			fmt.Printf("[ERROR] %v\n", err)
-		} else {
-			fmt.Printf("%+v", err)
-		}
 	}
 
 	sort.Sort(cli.FlagsByName(app.Flags))

internal/command/run.go

@@ -1,29 +1,30 @@
 package command
 
 import (
-	"fmt"
-
 	"forge.cadoles.com/cadoles/altcha-server/internal/api"
-	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/logger"
 )
 
 func RunCommand() *cli.Command {
-	flags := common.Flags()
-	
 	return &cli.Command{
 		Name:	"run",
 		Usage:	"run the atlcha api server",
-		Flags:	flags,
 		Action:	func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
+				return err
+			}
+			server, err := api.NewServer(cfg)
+			if err != nil {
+				logger.Error(ctx.Context, err.Error())
+				return err
 			}
 
-			api.NewServer(cfg).Run(ctx.Context)
+			server.Run(ctx.Context)
 			return nil
 		},
 	}

internal/command/solve.go

@@ -2,9 +2,9 @@ package command
 
 import (
 	"fmt"
+	"time"
 
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
-	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
@@ -12,27 +12,34 @@ import (
 )
 
 func SolveCommand() *cli.Command {
-	flags := common.Flags()
-
 	return &cli.Command{
 		Name:		"solve",
 		Usage:		"solve the challenge and return the solution",
-		Flags:		flags,
 		Args: 		true,
 		ArgsUsage:	"[CHALLENGE] [SALT]",
 		Action:	func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
+				return err
 			}
 
 			challenge := ctx.Args().Get(0)
 			salt := ctx.Args().Get(1)
 
-			c := client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, salt, cfg.Expire, cfg.CheckExpire)
+			expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
+			if err != nil {
+				logger.Error(ctx.Context, err.Error())
+				return err
+			}
 
+			client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, salt, expirationDuration, cfg.CheckExpire)
+			if err != nil {
+				logger.Error(ctx.Context, err.Error())
+				return err
+			}
 			
-			solution, err := c.Solve(challenge)
+			solution, err := client.Solve(challenge)
 			
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())

internal/command/verify.go

@@ -3,28 +3,27 @@ package command
 import (
 	"fmt"
 	"strconv"
+	"time"
 
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
-	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/altcha-org/altcha-lib-go"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/logger"
 )
 
 func VerifyCommand() *cli.Command {
-	flags := common.Flags()
-
 	return &cli.Command{
 		Name:	"verify",
 		Usage:	"verify the solution",
-		Flags:	flags,
 		Args:	true,
 		ArgsUsage: "[challenge] [salt] [signature] [solution]",
 		Action: func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
+				return err
 			}
 
 			challenge := ctx.Args().Get(0)
@@ -32,7 +31,17 @@ func VerifyCommand() *cli.Command {
 			signature := ctx.Args().Get(2)
 			solution, _ := strconv.ParseInt(ctx.Args().Get(3), 10, 64)
 			
-			c := client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, cfg.Expire, cfg.CheckExpire)
+			expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
+			if err != nil {
+				logger.Error(ctx.Context, err.Error())
+				return err
+			}
+
+			client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, expirationDuration, cfg.CheckExpire)
+			if err != nil {
+				logger.Error(ctx.Context, err.Error())
+				return err
+			}
 
 			payload := altcha.Payload{
 				Algorithm:	cfg.Algorithm,
@@ -42,9 +51,10 @@ func VerifyCommand() *cli.Command {
 				Signature:	signature,
 			}
 
-			verified, err := c.VerifySolution(payload)
+			verified, err := client.VerifySolution(payload)
 
 			if err != nil {
+				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 

internal/config/config.go

@@ -1,6 +1,7 @@
 package config
 
 type Config struct {
+	BaseUrl				string	`env:"ALTCHA_BASE_URL" envDefault:""`
 	Port 				string	`env:"ALTCHA_PORT" envDefault:"3333"`
 	HmacKey				string	`env:"ALTCHA_HMAC_KEY"`
 	MaxNumber			int64	`env:"ALTCHA_MAX_NUMBER" envDefault:"1000000"`
@@ -8,4 +9,6 @@ type Config struct {
 	Salt				string	`env:"ALTCHA_SALT"`
 	Expire				string	`env:"ALTCHA_EXPIRE" envDefault:"600"`
 	CheckExpire			bool	`env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"`
+	Debug				bool	`env:"ALTCHA_DEBUG" envDefault:"false"`
+	DisableValidation	bool	`env:"ALTCHA_DISABLE_VALIDATION" envDefault:"false"`
 }

misc/k6/README.md

@@ -0,0 +1,9 @@
+# K6 - Load Test
+
+Very basic load testing script for [k6](https://k6.io/).
+
+## How to run
+
+```shell
+k6 run -e LOAD_TEST_URL={altcha-api-url} TestChallenge.js
+```

misc/k6/TestChallenge.js

@@ -0,0 +1,50 @@
+import { check, group } from 'k6';
+import http from 'k6/http'
+
+export const options = {
+  scenarios: {
+    load: {
+      vus: 10,
+      iterations: 10,
+      executor: 'per-vu-iterations',
+      options: {
+        browser: {
+          type: 'chromium',
+        },
+      },
+    },
+  }
+};
+
+http.setResponseCallback(
+    http.expectedStatuses(200)
+);
+
+export default function () {
+
+    let response;
+
+    group('Request challenge', function () {
+
+        response = http.get(`${__ENV.LOAD_TEST_URL}request`);
+        check(response, {
+            'is status 200': (r) => r.status === 200, 
+            'Contenu souhaité': r => r.body.includes('algorithm') && r.body.includes('challenge') && r.body.includes('maxNumber') && r.body.includes('salt') && r.body.includes('signature'),
+        });
+
+    })
+
+    group('Verify challenge', function () {
+
+        const data = {"challenge":"d5656d52c5eadce5117024fbcafc706aad397c7befa17804d73c992d966012a8","salt":"8ec1b7ed694331baeb7416d9?expires=1727963398","signature":"781014d0a7ace7e7ae9d12e2d5c0204b60a8dbf42daa352ab40ab582b03a9dc6","number":219718,};
+        response = http.post(`${__ENV.LOAD_TEST_URL}verify`, JSON.stringify(data),
+        {
+          headers: { 'Content-Type': 'application/json' },
+        });
+        check(response, {
+            'is status 200': (r) => r.status === 200,
+            'Challenge verified': (r) => r.body.includes('true'),
+        });
+
+    })
+}