Compare commits

...

2 Commits

6 changed files with 35 additions and 125 deletions

View File

@ -2,7 +2,6 @@ package api
import ( import (
"context" "context"
"encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"log/slog" "log/slog"
@ -21,9 +20,14 @@ type Server struct {
baseUrl string baseUrl string
port string port string
client client.Client client client.Client
config config.Config
} }
func (s *Server) Run(ctx context.Context) { func (s *Server) Run(ctx context.Context) {
if s.config.Debug {
slog.SetLogLoggerLevel(slog.LevelDebug)
}
r := chi.NewRouter() r := chi.NewRouter()
r.Use(middleware.Logger) r.Use(middleware.Logger)
@ -36,7 +40,6 @@ func (s *Server) Run(ctx context.Context) {
}) })
r.Get(s.baseUrl+"/request", s.requestHandler) r.Get(s.baseUrl+"/request", s.requestHandler)
r.Post(s.baseUrl+"/verify", s.submitHandler) r.Post(s.baseUrl+"/verify", s.submitHandler)
r.Post(s.baseUrl+"/verify-spam-filter", s.submitSpamFilterHandler)
logger.Info(ctx, "altcha server listening on port "+s.port) logger.Info(ctx, "altcha server listening on port "+s.port)
if err := http.ListenAndServe(":"+s.port, r); err != nil { if err := http.ListenAndServe(":"+s.port, r); err != nil {
@ -48,101 +51,55 @@ func (s *Server) requestHandler(w http.ResponseWriter, r *http.Request) {
challenge, err := s.client.Generate() challenge, err := s.client.Generate()
if err != nil { if err != nil {
slog.Debug("Failed to create challenge,", "error", err)
http.Error(w, fmt.Sprintf("Failed to create challenge : %s", err), http.StatusInternalServerError) http.Error(w, fmt.Sprintf("Failed to create challenge : %s", err), http.StatusInternalServerError)
slog.Error(err.Error())
return return
} }
writeJSON(w, challenge) w.Header().Set("Content-Type", "application/json")
err = json.NewEncoder(w).Encode(challenge)
if err != nil {
slog.Debug("Failed to encode JSON", "error", err)
http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
return
}
} }
func (s *Server) submitHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) submitHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
return
}
formData := r.FormValue("altcha")
if formData == "" {
http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
return
}
decodedPayload, err := base64.StdEncoding.DecodeString(formData)
if err != nil {
http.Error(w, "Failed to decode Altcha payload", http.StatusBadRequest)
return
}
var payload map[string]interface{} var payload map[string]interface{}
if err := json.Unmarshal(decodedPayload, &payload); err != nil { err := json.NewDecoder(r.Body).Decode(&payload)
if err != nil {
slog.Debug("Failed to parse Altcha payload,", "error", err)
http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest) http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest)
return return
} }
verified, err := s.client.VerifySolution(payload) verified, err := s.client.VerifySolution(payload)
if err != nil || !verified {
http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
return
}
writeJSON(w, map[string]interface{}{
"success": true,
"data": formData,
})
}
func (s *Server) submitSpamFilterHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
return
}
formData, err := formToMap(r)
if err != nil { if err != nil {
http.Error(w, "Cannot read form data", http.StatusBadRequest) slog.Debug("Invalid Altcha payload", "error", err)
slog.Error(err.Error()) http.Error(w, "Invalid Altcha payload,", http.StatusBadRequest)
return return
} }
payload := r.FormValue("altcha") if !verified {
if payload == "" { slog.Debug("Invalid solution")
http.Error(w, "Atlcha payload missing", http.StatusBadRequest) http.Error(w, "Invalid solution,", http.StatusBadRequest)
return return
} }
verified, verificationData, err := s.client.VerifyServerSignature(payload) w.Header().Set("Content-Type", "application/json")
if err != nil || !verified { err = json.NewEncoder(w).Encode(map[string]interface{}{
http.Error(w, "Invalid Altcha payload", http.StatusBadRequest) "success": true,
slog.Error(err.Error()) "data": payload,
return })
} if err != nil {
if s.config.Debug {
if verificationData.Verified && verificationData.Expire > time.Now().Unix() { slog.Debug("Failed to encode JSON", "error", err)
if verificationData.Classification == "BAD" {
http.Error(w, "Classified as spam", http.StatusBadRequest)
return
} }
http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
if verificationData.FieldsHash != "" {
verified, err := s.client.VerifyFieldsHash(formData, verificationData.Fields, verificationData.FieldsHash)
if err != nil || !verified {
http.Error(w, "Invalid fields hash", http.StatusBadRequest)
slog.Error(err.Error())
return
}
}
writeJSON(w, map[string]interface{}{
"success": true,
"data": formData,
"verificationData": verificationData,
})
return return
} }
http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
} }
func corsMiddleware(next http.Handler) http.Handler { func corsMiddleware(next http.Handler) http.Handler {
@ -160,21 +117,6 @@ func corsMiddleware(next http.Handler) http.Handler {
}) })
} }
func writeJSON(w http.ResponseWriter, data interface{}) {
w.Header().Set("Content-Type", "application/json")
if err := json.NewEncoder(w).Encode(data); err != nil {
http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
}
}
func formToMap(r *http.Request) (map[string][]string, error) {
if err := r.ParseForm(); err != nil {
return nil, err
}
return r.Form, nil
}
func NewServer(cfg config.Config) (*Server, error) { func NewServer(cfg config.Config) (*Server, error) {
expirationDuration, err := time.ParseDuration(cfg.Expire+"s") expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
if err != nil { if err != nil {
@ -191,5 +133,6 @@ func NewServer(cfg config.Config) (*Server, error) {
baseUrl: cfg.BaseUrl, baseUrl: cfg.BaseUrl,
port: cfg.Port, port: cfg.Port,
client: *client, client: *client,
config: cfg,
}, nil }, nil
} }

View File

@ -2,7 +2,6 @@ package command
import ( import (
"context" "context"
"fmt"
"os" "os"
"sort" "sort"
@ -17,27 +16,6 @@ func Main(commands ...*cli.Command) {
Name: "altcha-server", Name: "altcha-server",
Usage: "create challenges and validate solutions for atlcha captcha", Usage: "create challenges and validate solutions for atlcha captcha",
Commands: commands, Commands: commands,
Flags: []cli.Flag{
&cli.BoolFlag{
Name: "debug",
EnvVars: []string{"ALTCHA_DEBUG"},
Value: false,
},
},
}
app.ExitErrHandler = func (ctx *cli.Context, err error) {
if err == nil {
return
}
debug := ctx.Bool("debug")
if !debug {
fmt.Printf("[ERROR] %v\n", err)
} else {
fmt.Printf("%+v", err)
}
} }
sort.Sort(cli.FlagsByName(app.Flags)) sort.Sort(cli.FlagsByName(app.Flags))

View File

@ -2,7 +2,6 @@ package command
import ( import (
"forge.cadoles.com/cadoles/altcha-server/internal/api" "forge.cadoles.com/cadoles/altcha-server/internal/api"
"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
"forge.cadoles.com/cadoles/altcha-server/internal/config" "forge.cadoles.com/cadoles/altcha-server/internal/config"
"github.com/caarlos0/env/v11" "github.com/caarlos0/env/v11"
"github.com/urfave/cli/v2" "github.com/urfave/cli/v2"
@ -10,12 +9,9 @@ import (
) )
func RunCommand() *cli.Command { func RunCommand() *cli.Command {
flags := common.Flags()
return &cli.Command{ return &cli.Command{
Name: "run", Name: "run",
Usage: "run the atlcha api server", Usage: "run the atlcha api server",
Flags: flags,
Action: func(ctx *cli.Context) error { Action: func(ctx *cli.Context) error {
cfg := config.Config{} cfg := config.Config{}
if err := env.Parse(&cfg); err != nil { if err := env.Parse(&cfg); err != nil {

View File

@ -5,7 +5,6 @@ import (
"time" "time"
"forge.cadoles.com/cadoles/altcha-server/internal/client" "forge.cadoles.com/cadoles/altcha-server/internal/client"
"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
"forge.cadoles.com/cadoles/altcha-server/internal/config" "forge.cadoles.com/cadoles/altcha-server/internal/config"
"github.com/caarlos0/env/v11" "github.com/caarlos0/env/v11"
"github.com/urfave/cli/v2" "github.com/urfave/cli/v2"
@ -13,12 +12,9 @@ import (
) )
func SolveCommand() *cli.Command { func SolveCommand() *cli.Command {
flags := common.Flags()
return &cli.Command{ return &cli.Command{
Name: "solve", Name: "solve",
Usage: "solve the challenge and return the solution", Usage: "solve the challenge and return the solution",
Flags: flags,
Args: true, Args: true,
ArgsUsage: "[CHALLENGE] [SALT]", ArgsUsage: "[CHALLENGE] [SALT]",
Action: func(ctx *cli.Context) error { Action: func(ctx *cli.Context) error {

View File

@ -6,7 +6,6 @@ import (
"time" "time"
"forge.cadoles.com/cadoles/altcha-server/internal/client" "forge.cadoles.com/cadoles/altcha-server/internal/client"
"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
"forge.cadoles.com/cadoles/altcha-server/internal/config" "forge.cadoles.com/cadoles/altcha-server/internal/config"
"github.com/altcha-org/altcha-lib-go" "github.com/altcha-org/altcha-lib-go"
"github.com/caarlos0/env/v11" "github.com/caarlos0/env/v11"
@ -15,12 +14,9 @@ import (
) )
func VerifyCommand() *cli.Command { func VerifyCommand() *cli.Command {
flags := common.Flags()
return &cli.Command{ return &cli.Command{
Name: "verify", Name: "verify",
Usage: "verify the solution", Usage: "verify the solution",
Flags: flags,
Args: true, Args: true,
ArgsUsage: "[challenge] [salt] [signature] [solution]", ArgsUsage: "[challenge] [salt] [signature] [solution]",
Action: func(ctx *cli.Context) error { Action: func(ctx *cli.Context) error {

View File

@ -9,4 +9,5 @@ type Config struct {
Salt string `env:"ALTCHA_SALT"` Salt string `env:"ALTCHA_SALT"`
Expire string `env:"ALTCHA_EXPIRE" envDefault:"600"` Expire string `env:"ALTCHA_EXPIRE" envDefault:"600"`
CheckExpire bool `env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"` CheckExpire bool `env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"`
Debug bool `env:"ALTCHA_DEBUG" envDefault:"false"`
} }