Compare commits
2 Commits
e90b6a57d8
...
efa824357f
Author | SHA1 | Date |
---|---|---|
Valentin Carroy | efa824357f | |
Valentin Carroy | 5c070dc16d |
|
@ -2,7 +2,6 @@ package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/base64"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
|
@ -21,9 +20,14 @@ type Server struct {
|
||||||
baseUrl string
|
baseUrl string
|
||||||
port string
|
port string
|
||||||
client client.Client
|
client client.Client
|
||||||
|
config config.Config
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) Run(ctx context.Context) {
|
func (s *Server) Run(ctx context.Context) {
|
||||||
|
if s.config.Debug {
|
||||||
|
slog.SetLogLoggerLevel(slog.LevelDebug)
|
||||||
|
}
|
||||||
|
|
||||||
r := chi.NewRouter()
|
r := chi.NewRouter()
|
||||||
|
|
||||||
r.Use(middleware.Logger)
|
r.Use(middleware.Logger)
|
||||||
|
@ -36,7 +40,6 @@ func (s *Server) Run(ctx context.Context) {
|
||||||
})
|
})
|
||||||
r.Get(s.baseUrl+"/request", s.requestHandler)
|
r.Get(s.baseUrl+"/request", s.requestHandler)
|
||||||
r.Post(s.baseUrl+"/verify", s.submitHandler)
|
r.Post(s.baseUrl+"/verify", s.submitHandler)
|
||||||
r.Post(s.baseUrl+"/verify-spam-filter", s.submitSpamFilterHandler)
|
|
||||||
|
|
||||||
logger.Info(ctx, "altcha server listening on port "+s.port)
|
logger.Info(ctx, "altcha server listening on port "+s.port)
|
||||||
if err := http.ListenAndServe(":"+s.port, r); err != nil {
|
if err := http.ListenAndServe(":"+s.port, r); err != nil {
|
||||||
|
@ -48,101 +51,55 @@ func (s *Server) requestHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
challenge, err := s.client.Generate()
|
challenge, err := s.client.Generate()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
slog.Debug("Failed to create challenge,", "error", err)
|
||||||
http.Error(w, fmt.Sprintf("Failed to create challenge : %s", err), http.StatusInternalServerError)
|
http.Error(w, fmt.Sprintf("Failed to create challenge : %s", err), http.StatusInternalServerError)
|
||||||
slog.Error(err.Error())
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
writeJSON(w, challenge)
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
err = json.NewEncoder(w).Encode(challenge)
|
||||||
|
if err != nil {
|
||||||
|
slog.Debug("Failed to encode JSON", "error", err)
|
||||||
|
http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) submitHandler(w http.ResponseWriter, r *http.Request) {
|
func (s *Server) submitHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.Method != http.MethodPost {
|
|
||||||
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
formData := r.FormValue("altcha")
|
|
||||||
if formData == "" {
|
|
||||||
http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
decodedPayload, err := base64.StdEncoding.DecodeString(formData)
|
|
||||||
if err != nil {
|
|
||||||
http.Error(w, "Failed to decode Altcha payload", http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
var payload map[string]interface{}
|
var payload map[string]interface{}
|
||||||
if err := json.Unmarshal(decodedPayload, &payload); err != nil {
|
err := json.NewDecoder(r.Body).Decode(&payload)
|
||||||
|
if err != nil {
|
||||||
|
slog.Debug("Failed to parse Altcha payload,", "error", err)
|
||||||
http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest)
|
http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
verified, err := s.client.VerifySolution(payload)
|
verified, err := s.client.VerifySolution(payload)
|
||||||
|
|
||||||
if err != nil || !verified {
|
|
||||||
http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
writeJSON(w, map[string]interface{}{
|
|
||||||
"success": true,
|
|
||||||
"data": formData,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) submitSpamFilterHandler(w http.ResponseWriter, r *http.Request) {
|
|
||||||
if r.Method != http.MethodPost {
|
|
||||||
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
formData, err := formToMap(r)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, "Cannot read form data", http.StatusBadRequest)
|
slog.Debug("Invalid Altcha payload", "error", err)
|
||||||
slog.Error(err.Error())
|
http.Error(w, "Invalid Altcha payload,", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
payload := r.FormValue("altcha")
|
if !verified {
|
||||||
if payload == "" {
|
slog.Debug("Invalid solution")
|
||||||
http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
|
http.Error(w, "Invalid solution,", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
verified, verificationData, err := s.client.VerifyServerSignature(payload)
|
w.Header().Set("Content-Type", "application/json")
|
||||||
if err != nil || !verified {
|
err = json.NewEncoder(w).Encode(map[string]interface{}{
|
||||||
http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
|
"success": true,
|
||||||
slog.Error(err.Error())
|
"data": payload,
|
||||||
return
|
})
|
||||||
}
|
if err != nil {
|
||||||
|
if s.config.Debug {
|
||||||
if verificationData.Verified && verificationData.Expire > time.Now().Unix() {
|
slog.Debug("Failed to encode JSON", "error", err)
|
||||||
if verificationData.Classification == "BAD" {
|
|
||||||
http.Error(w, "Classified as spam", http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
|
||||||
if verificationData.FieldsHash != "" {
|
|
||||||
verified, err := s.client.VerifyFieldsHash(formData, verificationData.Fields, verificationData.FieldsHash)
|
|
||||||
if err != nil || !verified {
|
|
||||||
http.Error(w, "Invalid fields hash", http.StatusBadRequest)
|
|
||||||
slog.Error(err.Error())
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
writeJSON(w, map[string]interface{}{
|
|
||||||
"success": true,
|
|
||||||
"data": formData,
|
|
||||||
"verificationData": verificationData,
|
|
||||||
})
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func corsMiddleware(next http.Handler) http.Handler {
|
func corsMiddleware(next http.Handler) http.Handler {
|
||||||
|
@ -160,21 +117,6 @@ func corsMiddleware(next http.Handler) http.Handler {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func writeJSON(w http.ResponseWriter, data interface{}) {
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
|
||||||
if err := json.NewEncoder(w).Encode(data); err != nil {
|
|
||||||
http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func formToMap(r *http.Request) (map[string][]string, error) {
|
|
||||||
if err := r.ParseForm(); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return r.Form, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewServer(cfg config.Config) (*Server, error) {
|
func NewServer(cfg config.Config) (*Server, error) {
|
||||||
expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
|
expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -191,5 +133,6 @@ func NewServer(cfg config.Config) (*Server, error) {
|
||||||
baseUrl: cfg.BaseUrl,
|
baseUrl: cfg.BaseUrl,
|
||||||
port: cfg.Port,
|
port: cfg.Port,
|
||||||
client: *client,
|
client: *client,
|
||||||
|
config: cfg,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
|
@ -2,7 +2,6 @@ package command
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
|
||||||
"os"
|
"os"
|
||||||
"sort"
|
"sort"
|
||||||
|
|
||||||
|
@ -17,27 +16,6 @@ func Main(commands ...*cli.Command) {
|
||||||
Name: "altcha-server",
|
Name: "altcha-server",
|
||||||
Usage: "create challenges and validate solutions for atlcha captcha",
|
Usage: "create challenges and validate solutions for atlcha captcha",
|
||||||
Commands: commands,
|
Commands: commands,
|
||||||
Flags: []cli.Flag{
|
|
||||||
&cli.BoolFlag{
|
|
||||||
Name: "debug",
|
|
||||||
EnvVars: []string{"ALTCHA_DEBUG"},
|
|
||||||
Value: false,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
app.ExitErrHandler = func (ctx *cli.Context, err error) {
|
|
||||||
if err == nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
debug := ctx.Bool("debug")
|
|
||||||
|
|
||||||
if !debug {
|
|
||||||
fmt.Printf("[ERROR] %v\n", err)
|
|
||||||
} else {
|
|
||||||
fmt.Printf("%+v", err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sort.Sort(cli.FlagsByName(app.Flags))
|
sort.Sort(cli.FlagsByName(app.Flags))
|
||||||
|
|
|
@ -2,7 +2,6 @@ package command
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/api"
|
"forge.cadoles.com/cadoles/altcha-server/internal/api"
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
|
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/config"
|
"forge.cadoles.com/cadoles/altcha-server/internal/config"
|
||||||
"github.com/caarlos0/env/v11"
|
"github.com/caarlos0/env/v11"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
|
@ -10,12 +9,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func RunCommand() *cli.Command {
|
func RunCommand() *cli.Command {
|
||||||
flags := common.Flags()
|
|
||||||
|
|
||||||
return &cli.Command{
|
return &cli.Command{
|
||||||
Name: "run",
|
Name: "run",
|
||||||
Usage: "run the atlcha api server",
|
Usage: "run the atlcha api server",
|
||||||
Flags: flags,
|
|
||||||
Action: func(ctx *cli.Context) error {
|
Action: func(ctx *cli.Context) error {
|
||||||
cfg := config.Config{}
|
cfg := config.Config{}
|
||||||
if err := env.Parse(&cfg); err != nil {
|
if err := env.Parse(&cfg); err != nil {
|
||||||
|
|
|
@ -5,7 +5,6 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/client"
|
"forge.cadoles.com/cadoles/altcha-server/internal/client"
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
|
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/config"
|
"forge.cadoles.com/cadoles/altcha-server/internal/config"
|
||||||
"github.com/caarlos0/env/v11"
|
"github.com/caarlos0/env/v11"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
|
@ -13,12 +12,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func SolveCommand() *cli.Command {
|
func SolveCommand() *cli.Command {
|
||||||
flags := common.Flags()
|
|
||||||
|
|
||||||
return &cli.Command{
|
return &cli.Command{
|
||||||
Name: "solve",
|
Name: "solve",
|
||||||
Usage: "solve the challenge and return the solution",
|
Usage: "solve the challenge and return the solution",
|
||||||
Flags: flags,
|
|
||||||
Args: true,
|
Args: true,
|
||||||
ArgsUsage: "[CHALLENGE] [SALT]",
|
ArgsUsage: "[CHALLENGE] [SALT]",
|
||||||
Action: func(ctx *cli.Context) error {
|
Action: func(ctx *cli.Context) error {
|
||||||
|
|
|
@ -6,7 +6,6 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/client"
|
"forge.cadoles.com/cadoles/altcha-server/internal/client"
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
|
|
||||||
"forge.cadoles.com/cadoles/altcha-server/internal/config"
|
"forge.cadoles.com/cadoles/altcha-server/internal/config"
|
||||||
"github.com/altcha-org/altcha-lib-go"
|
"github.com/altcha-org/altcha-lib-go"
|
||||||
"github.com/caarlos0/env/v11"
|
"github.com/caarlos0/env/v11"
|
||||||
|
@ -15,12 +14,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func VerifyCommand() *cli.Command {
|
func VerifyCommand() *cli.Command {
|
||||||
flags := common.Flags()
|
|
||||||
|
|
||||||
return &cli.Command{
|
return &cli.Command{
|
||||||
Name: "verify",
|
Name: "verify",
|
||||||
Usage: "verify the solution",
|
Usage: "verify the solution",
|
||||||
Flags: flags,
|
|
||||||
Args: true,
|
Args: true,
|
||||||
ArgsUsage: "[challenge] [salt] [signature] [solution]",
|
ArgsUsage: "[challenge] [salt] [signature] [solution]",
|
||||||
Action: func(ctx *cli.Context) error {
|
Action: func(ctx *cli.Context) error {
|
||||||
|
|
|
@ -9,4 +9,5 @@ type Config struct {
|
||||||
Salt string `env:"ALTCHA_SALT"`
|
Salt string `env:"ALTCHA_SALT"`
|
||||||
Expire string `env:"ALTCHA_EXPIRE" envDefault:"600"`
|
Expire string `env:"ALTCHA_EXPIRE" envDefault:"600"`
|
||||||
CheckExpire bool `env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"`
|
CheckExpire bool `env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"`
|
||||||
|
Debug bool `env:"ALTCHA_DEBUG" envDefault:"false"`
|
||||||
}
|
}
|
Loading…
Reference in New Issue