Merge branch '334-botprotection-einbauen' into 'development'

Resolve "Botprotection einbauen" Closes #334 See merge request !524

Merge branch '334-botprotection-einbauen' into 'development'
Resolve "Botprotection einbauen" Closes #334 See merge request !524
727cc257 · Dominik Hebeler · 61eff307 · b5d7527d · 727cc257 · 727cc257
Commit 727cc257 authored Nov 02, 2016 by Dominik Hebeler
--- a/app/Http/Controllers/MetaGerSearch.php
+++ b/app/Http/Controllers/MetaGerSearch.php
@@ -15,11 +15,15 @@ class MetaGerSearch extends Controller
        $time = microtime();
        # Mit gelieferte Formulardaten parsen und abspeichern:
        $metager->parseFormData($request);
-        #if($metager->getFokus() !== "bilder" )
-        #{
+
+        # Ein Schutz gegen bestimmte Bot-Angriffe, die uns passiert sind.
+        if ($metager->doBotProtection($request->input('bot', ""))) {
+            return redirect(LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), url("/noaccess", ['redirect' => base64_encode(url()->full())])));
+        }
+
        # Nach Spezialsuchen überprüfen:
        $metager->checkSpecialSearches($request);
-        #}
+
        # Alle Suchmaschinen erstellen
        $metager->createSearchEngines($request);

@@ -33,6 +37,14 @@ class MetaGerSearch extends Controller
        return $metager->createView();
    }

+    public function botProtection($redirect)
+    {
+        $hash = md5(date('YmdHi'));
+        return view('botProtection')
+            ->with('hash', $hash)
+            ->with('r', $redirect);
+    }
+
    public function quicktips(Request $request)
    {
        $q = $request->input('q', '');

--- a/app/MetaGer.php
+++ b/app/MetaGer.php
@@ -310,6 +310,25 @@ class MetaGer
        }
    }

+    /**
+     * Diese Funktion überprüft, ob wir einen erweiterten Check auf Bots machen müssen.
+     * Z.B.: Wurden wir von einem Bot (dessen Anfragen aus dem Tor-Netzwerk kamen) mit tausenden
+     * Anfragen zu Telefonnummern überschwemmt. Bei diesen werden wir nun eine erweiterte Überprüfung
+     * durchführen.
+     * Für den Anfang werden wir alle Anfragen, die unter diese Kriterien fallen, nur noch beantworten, wenn
+     * JavaScript ausgeführt wird. (Mal schauen ob und wie lange dies ausreicht)
+     */
+    public function doBotProtection($bot)
+    {
+        $hash = md5(date('YmdHi'));
+        if (preg_match("/^\d+$/s", $this->getEingabe()) && $bot !== $hash) {
+            return true;
+        } else {
+            return false;
+        }
+
+    }
+
    public function combineResults($engines)
    {
        foreach ($engines as $engine) {

--- a/public/js/all.js
+++ b/public/js/all.js
@@ -3583,6 +3583,7 @@ $(document).ready(function() {
    $('iframe').iFrameResize({
        'autoResize': false
    });
+    botProtection();
 });

 function tabs() {
@@ -3793,6 +3794,14 @@ function fokiChanger() {
    });
 })(jQuery);

+function botProtection() {
+    if ($("meta[name=pqr]").length > 0) {
+        var link = atob($("meta[name=pqr]").attr("content"));
+        var hash = $("meta[name=pq]").attr("content");
+        document.location.href = link + "&bot=" + hash;
+    }
+}
+
 function productWidget() {
    var isMobile = false; //initiate as false
    // device detection

--- a/public/js/all.js.map
+++ b/public/js/all.js.map
--- a/resources/assets/js/scriptResultPage.js
+++ b/resources/assets/js/scriptResultPage.js
@@ -3,6 +3,7 @@ $(document).ready(function() {
    $('iframe').iFrameResize({
        'autoResize': false
    });
+    botProtection();
 });

 function tabs() {
@@ -213,6 +214,14 @@ function fokiChanger() {
    });
 })(jQuery);

+function botProtection() {
+    if ($("meta[name=pqr]").length > 0) {
+        var link = atob($("meta[name=pqr]").attr("content"));
+        var hash = $("meta[name=pq]").attr("content");
+        document.location.href = link + "&bot=" + hash;
+    }
+}
+
 function productWidget() {
    var isMobile = false; //initiate as false
    // device detection

--- a/resources/views/botProtection.blade.php
+++ b/resources/views/botProtection.blade.php
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Access Denied</title>
+	<link href="/favicon.ico" rel="icon" type="image/x-icon" />
+	<link href="/favicon.ico" rel="shortcut icon" type="image/x-icon" />
+	<meta content="width=device-width, initial-scale=1.0, user-scalable=no" name="viewport" />
+	<meta content="{{ getmypid() }}" name="p" />
+	<meta content="#wknekjnbweignipwep==" name="q" />
+	<meta content="{{ $hash }}" name="pq" />
+	<meta content="{{ $r }}" name="pqr" />
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<link type="text/css" rel="stylesheet" href="/css/themes/{{ app('request')->input('theme', 'default') }}.css" />
+</head>
+<body>
+	<h1 class="hidden">Your Access to this site has been denied. Please contact <a href="mailto:office@suma-ev.de">office@suma-ev.de</a> if this is not correct</h1>
+<script type="text/javascript" src="/js/all.js"></script>
+</body>
+</html>
--- a/routes/web.php
+++ b/routes/web.php
@@ -135,6 +135,7 @@ Route::group(
        Route::get('settings', 'StartpageController@loadSettings');

        Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search');
+        Route::get('noaccess/{redirect}', 'MetaGerSearch@botProtection');
        Route::get('meta/picture', 'Pictureproxy@get');
        Route::get('clickstats', 'LogController@clicklog');
        Route::get('pluginClose', 'LogController@pluginClose');