Commit 24f9f619 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

remvoed picasso

parent 6e27992a
......@@ -2,7 +2,7 @@
namespace App\Http\Controllers;
use App\Models\HumanVerification as ModelsHumanVerification;
use App\Models\Verification\HumanVerification as ModelsHumanVerification;
use Captcha;
use Carbon;
use Cookie;
......@@ -32,12 +32,6 @@ class HumanVerification extends Controller
}
$human_verification = \app()->make(ModelsHumanVerification::class);
if ($request->filled("bv_key") && Cache::has($request->input("bv_key"))) {
$bv_data = Cache::get($request->input("bv_key"));
if (is_array($bv_data) && \array_key_exists("js_picasso", $bv_data)) {
$human_verification->__construct($bv_data["js_picasso"]);
}
}
if (!$human_verification->isLocked()) {
return redirect($redirect_url);
......@@ -48,7 +42,6 @@ class HumanVerification extends Controller
return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
->with('uid', $human_verification->uid)
->with('id', $human_verification->id)
->with('bv_key', $request->input("bv_key", ""))
->with('url', $redirect_url)
->with('correct', $captcha["key"])
->with('image', $captcha["img"])
......@@ -68,12 +61,6 @@ class HumanVerification extends Controller
$redirect_url = url("/");
}
$human_verification = \app()->make(ModelsHumanVerification::class);
if ($request->filled("bv_key") && Cache::has($request->input("bv_key"))) {
$bv_data = Cache::get($request->input("bv_key"));
if (is_array($bv_data) && \array_key_exists("js_picasso", $bv_data)) {
$human_verification->__construct($bv_data["js_picasso"]);
}
}
$lockedKey = $request->post("c", "");
......@@ -85,9 +72,6 @@ class HumanVerification extends Controller
"url" => $redirect_url,
"e" => "",
];
if ($request->filled("bv_key")) {
$params["bv_key"] = $request->input("bv_key");
}
return redirect(route('captcha_show', $params));
} else {
\App\PrometheusExporter::CaptchaCorrect();
......@@ -153,13 +137,7 @@ class HumanVerification extends Controller
}
$human_verification = \app()->make(ModelsHumanVerification::class);
if ($request->filled("bv_key") && Cache::has($request->input("bv_key"))) {
$bv_data = Cache::get($request->input("bv_key"));
if (\is_array($bv_data) && \array_key_exists("js_picasso", $bv_data)) {
$human_verification->__construct($bv_data["js_picasso"]);
}
Cache::forget($request->input("bv_key"));
}
if ($request->input("mm") === $human_verification->uid) {
$human_verification->verifyUser();
}
......@@ -175,13 +153,7 @@ class HumanVerification extends Controller
$requiredPass = md5($mm . Carbon::NOW()->day . $url . config("metager.metager.proxy.password"));
$human_verification = \app()->make(ModelsHumanVerification::class);
if ($request->filled("bv_key") && Cache::has($request->input("bv_key"))) {
$bv_data = Cache::get($request->input("bv_key"));
if (\is_array($bv_data) && \array_key_exists("js_picasso", $bv_data)) {
$human_verification->__construct($bv_data["js_picasso"]);
}
Cache::forget($request->input("bv_key"));
}
if ($mm === $human_verification->uid && $requiredPass == $password) {
$human_verification->verifyUser();
}
......@@ -191,19 +163,10 @@ class HumanVerification extends Controller
public function botOverview(Request $request)
{
$picasso_hash = null;
if ($request->filled("pcso")) {
$picasso_hash = $request->input("pcso");
}
$human_verification = \app()->make(ModelsHumanVerification::class);
if ($picasso_hash !== null) {
$human_verification->__construct($picasso_hash);
}
return view('humanverification.botOverview')
->with('title', "Bot Overview")
->with('picasso_hash', $picasso_hash)
->with('ip', $request->ip())
->with('userList', $human_verification->getUserList())
->with('user', $human_verification->getUser())
......@@ -214,9 +177,7 @@ class HumanVerification extends Controller
public function botOverviewChange(Request $request)
{
$human_verification = \app()->make(ModelsHumanVerification::class);
if ($request->filled("pcso")) {
$human_verification->__construct($request->input("pcso"));
}
if ($request->filled("locked")) {
if (\boolval($request->input("locked"))) {
$human_verification->lockUser();
......@@ -260,19 +221,13 @@ class HumanVerification extends Controller
if (!preg_match("/^[a-f0-9]{32}$/", $key)) {
abort(404);
}
$picasso_hash = null;
if ($request->filled("c")) {
$picasso_hash = $request->input('c');
}
$bvData = Cache::get($key);
if ($bvData === null) {
$bvData = [];
}
$bvData["js_loaded"] = now();
if (!empty($picasso_hash)) {
$bvData["js_picasso"] = $picasso_hash;
}
Cache::put($key, $bvData, now()->addSeconds(30));
return response()->file(\public_path("img/1px.png", ["Content-Type" => "image/png"]));
......
......@@ -3,12 +3,10 @@
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Redis;
use Jenssegers\Agent\Agent;
use Illuminate\Http\Request;
use App\QueryTimer;
use Cache;
use App\Models\HumanVerification;
use App\SearchSettings;
class BrowserVerification
......@@ -136,9 +134,6 @@ class BrowserVerification
if (\array_key_exists("js_loaded", $bvData)) {
$search_settings->bv_key = $key;
$search_settings->javascript_enabled = true;
if (\array_key_exists("js_picasso", $bvData)) {
$search_settings->javascript_picasso = $bvData["js_picasso"];
}
}
return true;
}
......@@ -179,8 +174,6 @@ class BrowserVerification
now()->format("Y-m-d H:i:s"),
$request->input("eingabe"),
"js=" . \app()->make(SearchSettings::class)->javascript_enabled,
"picasso=" . \app()->make(SearchSettings::class)->javascript_picasso,
];
$file_path = \storage_path("logs/metager/bv_fail.csv");
$fh = fopen($file_path, "a");
......
......@@ -3,7 +3,7 @@
namespace App\Http\Middleware;
use App;
use App\Models\HumanVerification as ModelsHumanVerification;
use App\Models\Verification\HumanVerification as ModelsHumanVerification;
use Cache;
use Closure;
use Cookie;
......@@ -69,9 +69,6 @@ class HumanVerification
/** @var ModelsHumanVerification */
$user = App::make(ModelsHumanVerification::class);
$search_settings = \app()->make(SearchSettings::class);
if (!empty($search_settings->javascript_picasso)) {
$user->__construct($search_settings->javascript_picasso);
}
/**
* Directly lock any user when there are many not whitelisted accounts on this IP
......@@ -88,7 +85,7 @@ class HumanVerification
\app()->make(QueryTimer::class)->observeEnd(self::class);
$this->logCaptcha($request); // TODO remove
//return $next($request); // TODO remove
return redirect()->route('captcha_show', ["url" => URL::full(), "bv_key" => $search_settings->bv_key]); // TODO uncomment
return redirect()->route('captcha_show', ["url" => URL::full()]); // TODO uncomment
}
$user->addQuery();
......@@ -105,8 +102,6 @@ class HumanVerification
now()->format("Y-m-d H:i:s"),
$request->input("eingabe"),
"js=" . \app()->make(SearchSettings::class)->javascript_enabled,
"picasso=" . \app()->make(SearchSettings::class)->javascript_picasso,
];
$file_path = \storage_path("logs/metager/captcha.csv");
$fh = fopen($file_path, "a");
......
......@@ -2,7 +2,6 @@
namespace App\Http\Middleware;
use App\Models\HumanVerification;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Redis;
......
......@@ -2,7 +2,7 @@
namespace App;
use App\Models\HumanVerification;
use App\Models\Verification\HumanVerification;
use App\Models\Searchengine;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\Cache;
......@@ -478,9 +478,6 @@ class MetaGer
'pw' => $pw,
"url" => \bin2hex($link)
];
if (!empty($search_settings->javascript_picasso)) {
$params["bv_key"] = $search_settings->bv_key;
}
$url = route('humanverification', $params);
$proxyPw = md5($verification_id . $day . $result->proxyLink . config("metager.metager.proxy.password"));
......
<?php
namespace App\Models;
namespace App\Models\Verification;
use App\SearchSettings;
use Cache;
......@@ -18,24 +18,15 @@ class HumanVerification
public bool $alone;
public int $whitelisted_accounts;
public int $not_whitelisted_accounts;
public bool $picasso_enabled;
public int $request_count_all_users = 0;
public function __construct(string $picasso_hash = null)
public function __construct()
{
$request = \request();
$ip = $request->ip();
// Check if picasso challenge was solved
if ($picasso_hash === null) {
$this->id = hash("sha1", $ip);
$this->uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
$this->picasso_enabled = false;
} else {
$this->id = hash("sha1", $picasso_hash);
$this->uid = hash("sha1", $picasso_hash . $ip . "uid");
$this->picasso_enabled = true;
}
$this->id = hash("sha1", $ip);
$this->uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
# Get all Users of this IP
$this->users = Cache::get(self::CACHE_PREFIX . "." . $this->id, []);
......@@ -51,7 +42,6 @@ class HumanVerification
'unusedResultPages' => 0,
'whitelist' => false,
'locked' => false,
"picasso_enabled" => $this->picasso_enabled,
"expiration" => now()->addWeeks(2),
];
$this->users[$this->uid] = $this->user;
......
......@@ -3,7 +3,7 @@
namespace App\Providers;
use App\MetaGer;
use App\Models\HumanVerification;
use App\Models\Verification\HumanVerification;
use App\QueryLogger;
use Illuminate\Support\Facades\App;
use Illuminate\Support\ServiceProvider;
......
......@@ -2,7 +2,7 @@
namespace App\Providers;
use App\Models\HumanVerification;
use App\Models\Verification\HumanVerification;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Route;
use Illuminate\Cache\RateLimiting\Limit;
......
......@@ -7,7 +7,6 @@ class SearchSettings
public $bv_key = null; // Cache Key where data of BV is temporarily stored
public $javascript_enabled = false;
public $javascript_picasso = null;
public $header_printed = false;
public function __construct()
......
require('es6-promise').polyfill();
require('fetch-ie8');
import picassoCanvas from '../picasso';
if (document.location.href.match(/\/\/metager\.org/i) !== null) {
checkPicasso();
}
document.querySelectorAll("div.user input, div.user select").forEach(element => {
element.addEventListener("change", event => {
element.form.submit();
});
});
function checkPicasso() {
let pcso = document.getElementById("current-user").dataset.pcso;
if (!pcso) {
let pcso = picassoCanvas();
let new_url = new URL(document.location);
new_url.searchParams.append("pcso", pcso);
document.location = new_url;
console.log(new_url);
}
}
\ No newline at end of file
});
\ No newline at end of file
const params = {
area: {
width: 300,
height: 300,
},
offsetParameter: 2001000001,
fontSizeFactor: 1.5,
multiplier: 15000,
maxShadowBlur: 50,
};
// Number of shapes to draw. The higher the more costly it is.
// Can be used as a way to adjust the aggressiveness of the proof of work (POW)
const numShapes = 5;
const initialSeed = 53;
function x64Add(m, n) {
m = [m[0] >>> 16, m[0] & 0xffff, m[1] >>> 16, m[1] & 0xffff];
n = [n[0] >>> 16, n[0] & 0xffff, n[1] >>> 16, n[1] & 0xffff];
var o = [0, 0, 0, 0];
o[3] += m[3] + n[3];
o[2] += o[3] >>> 16;
o[3] &= 0xffff;
o[2] += m[2] + n[2];
o[1] += o[2] >>> 16;
o[2] &= 0xffff;
o[1] += m[1] + n[1];
o[0] += o[1] >>> 16;
o[1] &= 0xffff;
o[0] += m[0] + n[0];
o[0] &= 0xffff;
return [(o[0] << 16) | o[1], (o[2] << 16) | o[3]];
}
function x64Multiply(m, n) {
m = [m[0] >>> 16, m[0] & 0xffff, m[1] >>> 16, m[1] & 0xffff];
n = [n[0] >>> 16, n[0] & 0xffff, n[1] >>> 16, n[1] & 0xffff];
var o = [0, 0, 0, 0];
o[3] += m[3] * n[3];
o[2] += o[3] >>> 16;
o[3] &= 0xffff;
o[2] += m[2] * n[3];
o[1] += o[2] >>> 16;
o[2] &= 0xffff;
o[2] += m[3] * n[2];
o[1] += o[2] >>> 16;
o[2] &= 0xffff;
o[1] += m[1] * n[3];
o[0] += o[1] >>> 16;
o[1] &= 0xffff;
o[1] += m[2] * n[2];
o[0] += o[1] >>> 16;
o[1] &= 0xffff;
o[1] += m[3] * n[1];
o[0] += o[1] >>> 16;
o[1] &= 0xffff;
o[0] += (m[0] * n[3]) + (m[1] * n[2]) + (m[2] * n[1]) + (m[3] * n[0]);
o[0] &= 0xffff;
return [(o[0] << 16) | o[1], (o[2] << 16) | o[3]];
}
function x64Rotl(m, n) {
n %= 64;
if (n === 32) {
return [m[1], m[0]]
} else if (n < 32) {
return [(m[0] << n) | (m[1] >>> (32 - n)), (m[1] << n) | (m[0] >>> (32 - n))]
} else {
n -= 32;
return [(m[1] << n) | (m[0] >>> (32 - n)), (m[0] << n) | (m[1] >>> (32 - n))]
}
}
function x64LeftShift(m, n) {
n %= 64;
if (n === 0) {
return m
} else if (n < 32) {
return [(m[0] << n) | (m[1] >>> (32 - n)), m[1] << n]
} else {
return [m[1] << (n - 32), 0]
}
}
function x64Xor(m, n) {
return [m[0] ^ n[0], m[1] ^ n[1]];
}
function x64Fmix(h) {
h = x64Xor(h, [0, h[0] >>> 1]);
h = x64Multiply(h, [0xff51afd7, 0xed558ccd]);
h = x64Xor(h, [0, h[0] >>> 1]);
h = x64Multiply(h, [0xc4ceb9fe, 0x1a85ec53]);
h = x64Xor(h, [0, h[0] >>> 1]);
return h
}
function x64hash128(key, seed) {
key = key || '';
seed = seed || 0;
var remainder = key.length % 16;
var bytes = key.length - remainder;
var h1 = [0, seed];
var h2 = [0, seed];
var k1 = [0, 0];
var k2 = [0, 0];
var c1 = [0x87c37b91, 0x114253d5];
var c2 = [0x4cf5ad43, 0x2745937f];
for (var i = 0; i < bytes; i = i + 16) {
k1 = [((key.charCodeAt(i + 4) & 0xff)) | ((key.charCodeAt(i + 5) & 0xff) << 8) | ((key.charCodeAt(i + 6) & 0xff) << 16) | ((key.charCodeAt(i + 7) & 0xff) << 24), ((key.charCodeAt(i) & 0xff)) | ((key.charCodeAt(i + 1) & 0xff) << 8) | ((key.charCodeAt(i + 2) & 0xff) << 16) | ((key.charCodeAt(i + 3) & 0xff) << 24)];
k2 = [((key.charCodeAt(i + 12) & 0xff)) | ((key.charCodeAt(i + 13) & 0xff) << 8) | ((key.charCodeAt(i + 14) & 0xff) << 16) | ((key.charCodeAt(i + 15) & 0xff) << 24), ((key.charCodeAt(i + 8) & 0xff)) | ((key.charCodeAt(i + 9) & 0xff) << 8) | ((key.charCodeAt(i + 10) & 0xff) << 16) | ((key.charCodeAt(i + 11) & 0xff) << 24)];
k1 = x64Multiply(k1, c1);
k1 = x64Rotl(k1, 31);
k1 = x64Multiply(k1, c2);
h1 = x64Xor(h1, k1);
h1 = x64Rotl(h1, 27);
h1 = x64Add(h1, h2);
h1 = x64Add(x64Multiply(h1, [0, 5]), [0, 0x52dce729]);
k2 = x64Multiply(k2, c2);
k2 = x64Rotl(k2, 33);
k2 = x64Multiply(k2, c1);
h2 = x64Xor(h2, k2);
h2 = x64Rotl(h2, 31);
h2 = x64Add(h2, h1);
h2 = x64Add(x64Multiply(h2, [0, 5]), [0, 0x38495ab5]);
}
k1 = [0, 0];
k2 = [0, 0];
switch (remainder) {
case 15:
k2 = x64Xor(k2, x64LeftShift([0, key.charCodeAt(i + 14)], 48));
case 14:
k2 = x64Xor(k2, x64LeftShift([0, key.charCodeAt(i + 13)], 40));
case 13:
k2 = x64Xor(k2, x64LeftShift([0, key.charCodeAt(i + 12)], 32));
case 12:
k2 = x64Xor(k2, x64LeftShift([0, key.charCodeAt(i + 11)], 24));
case 11:
k2 = x64Xor(k2, x64LeftShift([0, key.charCodeAt(i + 10)], 16));
case 10:
k2 = x64Xor(k2, x64LeftShift([0, key.charCodeAt(i + 9)], 8));
case 9:
k2 = x64Xor(k2, [0, key.charCodeAt(i + 8)]);
k2 = x64Multiply(k2, c2);
k2 = x64Rotl(k2, 33);
k2 = x64Multiply(k2, c1);
h2 = x64Xor(h2, k2);
case 8:
k1 = x64Xor(k1, x64LeftShift([0, key.charCodeAt(i + 7)], 56));
case 7:
k1 = x64Xor(k1, x64LeftShift([0, key.charCodeAt(i + 6)], 48));
case 6:
k1 = x64Xor(k1, x64LeftShift([0, key.charCodeAt(i + 5)], 40));
case 5:
k1 = x64Xor(k1, x64LeftShift([0, key.charCodeAt(i + 4)], 32));
case 4:
k1 = x64Xor(k1, x64LeftShift([0, key.charCodeAt(i + 3)], 24));
case 3:
k1 = x64Xor(k1, x64LeftShift([0, key.charCodeAt(i + 2)], 16));
case 2:
k1 = x64Xor(k1, x64LeftShift([0, key.charCodeAt(i + 1)], 8));
case 1:
k1 = x64Xor(k1, [0, key.charCodeAt(i)]);
k1 = x64Multiply(k1, c1);
k1 = x64Rotl(k1, 31);
k1 = x64Multiply(k1, c2);
h1 = x64Xor(h1, k1);
}
h1 = x64Xor(h1, [0, key.length]);
h2 = x64Xor(h2, [0, key.length]);
h1 = x64Add(h1, h2);
h2 = x64Add(h2, h1);
h1 = x64Fmix(h1);
h2 = x64Fmix(h2);
h1 = x64Add(h1, h2);
h2 = x64Add(h2, h1);
return ('00000000' + (h1[0] >>> 0).toString(16)).slice(-8) + ('00000000' + (h1[1] >>> 0).toString(16)).slice(-8) + ('00000000' + (h2[0] >>> 0).toString(16)).slice(-8) + ('00000000' + (h2[1] >>> 0).toString(16)).slice(-8)
}
export default function picassoCanvas() {
let roundNumber = numShapes;
let seed = initialSeed;
const { area, offsetParameter, multiplier, fontSizeFactor, maxShadowBlur } = params;
class Prng {
constructor(seed) {
this.currentNumber = seed % offsetParameter;
if (this.currentNumber <= 0) {
this.currentNumber += offsetParameter
}
}
getNext() {
this.currentNumber = multiplier * this.currentNumber % offsetParameter;
return this.currentNumber;
}
}
function adaptRandomNumberToContext(randomNumber, maxBound, floatAllowed) {
randomNumber = (randomNumber - 1) / offsetParameter;
if (floatAllowed) {
return randomNumber * maxBound;
}
return Math.floor(randomNumber * maxBound);
}
function addRandomCanvasGradient(prng, context, area) {
const canvasGradient = context.createRadialGradient(
adaptRandomNumberToContext(prng.getNext(), area.width),
adaptRandomNumberToContext(prng.getNext(), area.height),
adaptRandomNumberToContext(prng.getNext(), area.width),
adaptRandomNumberToContext(prng.getNext(), area.width),
adaptRandomNumberToContext(prng.getNext(), area.height),
adaptRandomNumberToContext(prng.getNext(), area.width)
);
canvasGradient.addColorStop(0, colors[adaptRandomNumberToContext(prng.getNext(), colors.length)]);
canvasGradient.addColorStop(1, colors[adaptRandomNumberToContext(prng.getNext(), colors.length)]);
context.fillStyle = canvasGradient
}
function generateRandomWord(prng, wordLength) {
const minAscii = 65;
const maxAscii = 126;
const wordGenerated = [];
for (let i = 0; i < wordLength; i++) {
const asciiCode = minAscii + (prng.getNext() % (maxAscii - minAscii));
wordGenerated.push(String.fromCharCode(asciiCode));
}
return wordGenerated.join('');
}
if (!window.CanvasRenderingContext2D) {
return 'unknown';
}
const colors = ['#FF6633', '#FFB399', '#FF33FF', '#FFFF99', '#00B3E6',
'#E6B333', '#3366E6', '#999966', '#99FF99', '#B34D4D',
'#80B300', '#809900', '#E6B3B3', '#6680B3', '#66991A',
'#FF99E6', '#CCFF1A', '#FF1A66', '#E6331A', '#33FFCC',
'#66994D', '#B366CC', '#4D8000', '#B33300', '#CC80CC',
'#66664D', '#991AFF', '#E666FF', '#4DB3FF', '#1AB399',
'#E666B3', '#33991A', '#CC9999', '#B3B31A', '#00E680',
'#4D8066', '#809980', '#E6FF80', '#1AFF33', '#999933',
'#FF3380', '#CCCC00', '#66E64D', '#4D80CC', '#9900B3',
'#E64D66', '#4DB380', '#FF4D4D', '#99E6E6', '#6666FF'];