Skip to content

GitLab

MetaGer
MetaGer
Commit d95e28e1 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files
Options

added throttle to captcha

parent a00cfaff
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 34 deletions
app/Http/Controllers/HumanVerification.php
View file @ d95e28e1
...@@ -21,7 +21,17 @@ class HumanVerification extends Controller ...@@ -21,7 +21,17 @@ class HumanVerification extends Controller
if ($url != null) { if ($url != null) {
$url = base64_decode(str_replace("<<SLASH>>", "/", $url)); $url = base64_decode(str_replace("<<SLASH>>", "/", $url));
} else { } else {
$url = $request->input('url'); $url = $request->input('url', url("/"));
}
$protocol = "http://";
if ($request->secure()) {
$protocol = "https://";
}
if (stripos($url, $protocol . $request->getHttpHost()) !== 0) {
$url = url("/");
} }
$userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []); $userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []);
...@@ -40,7 +50,6 @@ class HumanVerification extends Controller ...@@ -40,7 +50,6 @@ class HumanVerification extends Controller
$key = strtolower($key); $key = strtolower($key);
if (!$hasher->check($key, $lockedKey)) { if (!$hasher->check($key, $lockedKey)) {
sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true); $captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"]; $user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user); HumanVerification::saveUser($user);
...@@ -67,7 +76,7 @@ class HumanVerification extends Controller ...@@ -67,7 +76,7 @@ class HumanVerification extends Controller
} }
} }
} }
sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true); $captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"]; $user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user); HumanVerification::saveUser($user);
...@@ -146,9 +155,9 @@ class HumanVerification extends Controller ...@@ -146,9 +155,9 @@ class HumanVerification extends Controller
$ip = $request->ip(); $ip = $request->ip();
$id = ""; $id = "";
if (HumanVerification::couldBeSpammer($ip)) { if (HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999"); $id = hash("sha1", "999.999.999.999");
} else { } else {
$id = hash("sha512", $ip); $id = hash("sha1", $ip);
} }
$userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []); $userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []);
...@@ -185,9 +194,9 @@ class HumanVerification extends Controller ...@@ -185,9 +194,9 @@ class HumanVerification extends Controller
$uid = ""; $uid = "";
$ip = $request->ip(); $ip = $request->ip();
if (HumanVerification::couldBeSpammer($ip)) { if (HumanVerification::couldBeSpammer($ip)) {
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else { } else {
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
} }
if ($uid === $id) { if ($uid === $id) {
...@@ -217,11 +226,11 @@ class HumanVerification extends Controller ...@@ -217,11 +226,11 @@ class HumanVerification extends Controller
$uid = ""; $uid = "";
$ip = $request->ip(); $ip = $request->ip();
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) { if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999"); $id = hash("sha1", "999.999.999.999");
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else { } else {
$id = hash("sha512", $ip); $id = hash("sha1", $ip);
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
} }
$userList = Cache::get(HumanVerification::PREFIX . "." . $id); $userList = Cache::get(HumanVerification::PREFIX . "." . $id);
...@@ -240,11 +249,11 @@ class HumanVerification extends Controller ...@@ -240,11 +249,11 @@ class HumanVerification extends Controller
$uid = ""; $uid = "";
$ip = $request->ip(); $ip = $request->ip();
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) { if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999"); $id = hash("sha1", "999.999.999.999");
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else { } else {
$id = hash("sha512", $ip); $id = hash("sha1", $ip);
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
} }
$userList = Cache::get(HumanVerification::PREFIX . "." . $id); $userList = Cache::get(HumanVerification::PREFIX . "." . $id);
......
app/Http/Middleware/HumanVerification.php
View file @ d95e28e1
...@@ -3,10 +3,8 @@ ...@@ -3,10 +3,8 @@
namespace App\Http\Middleware; namespace App\Http\Middleware;
use Cache; use Cache;
use Captcha;
use Closure; use Closure;
use Cookie; use Cookie;
use Illuminate\Http\Response;
use Log; use Log;
use URL; use URL;
...@@ -30,11 +28,11 @@ class HumanVerification ...@@ -30,11 +28,11 @@ class HumanVerification
$id = ""; $id = "";
$uid = ""; $uid = "";
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) { if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999"); $id = hash("sha1", "999.999.999.999");
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else { } else {
$id = hash("sha512", $ip); $id = hash("sha1", $ip);
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid"); $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
} }
unset($_SERVER["AGENT"]); unset($_SERVER["AGENT"]);
...@@ -101,19 +99,7 @@ class HumanVerification ...@@ -101,19 +99,7 @@ class HumanVerification
# If the user is locked we will force a Captcha validation # If the user is locked we will force a Captcha validation
if ($user["locked"]) { if ($user["locked"]) {
sleep(\random_int(1, 8)); return redirect()->route('captcha', ["id" => $id, "uid" => $uid, "url" => url()->full()]);
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
\App\PrometheusExporter::CaptchaShown();
return
new Response(
view('humanverification.captcha')
->with('title', "Bestätigung erforderlich")
->with('uid', $uid)
->with('id', $id)
->with('url', url()->full())
->with('image', $captcha["img"])
);
} }
$user["unusedResultPages"]++; $user["unusedResultPages"]++;
......
routes/web.php
View file @ d95e28e1
...@@ -199,6 +199,7 @@ Route::group( ...@@ -199,6 +199,7 @@ Route::group(
Route::get('meta/loadMore', 'MetaGerSearch@loadMore'); Route::get('meta/loadMore', 'MetaGerSearch@loadMore');
Route::post('img/cat.jpg', 'HumanVerification@remove'); Route::post('img/cat.jpg', 'HumanVerification@remove');
Route::get('verify/metager/{id}/{uid}', ['as' => 'captcha', 'uses' => 'HumanVerification@captcha', 'middleware' => 'throttle:12,1']);
Route::get('r/metager/{mm}/{pw}/{url}', ['as' => 'humanverification', 'uses' => 'HumanVerification@removeGet']); Route::get('r/metager/{mm}/{pw}/{url}', ['as' => 'humanverification', 'uses' => 'HumanVerification@removeGet']);
Route::post('img/dog.jpg', 'HumanVerification@whitelist'); Route::post('img/dog.jpg', 'HumanVerification@whitelist');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment