From df1ace8e3048e277661724b082e76aac2561dcf5 Mon Sep 17 00:00:00 2001 From: Dominik Hebeler Date: Thu, 28 Feb 2019 15:23:24 +0100 Subject: [PATCH 1/6] Switched almost everything to Redis humanverification. Tests need to be done! --- app/Console/Kernel.php | 7 -- app/Http/Controllers/HumanVerification.php | 79 ++++++++++++---- app/Http/Controllers/MetaGerSearch.php | 1 - app/Http/Middleware/HumanVerification.php | 105 +++++++++++---------- 4 files changed, 114 insertions(+), 78 deletions(-) diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php index c3bb802d..4489d002 100644 --- a/app/Console/Kernel.php +++ b/app/Console/Kernel.php @@ -31,13 +31,6 @@ class Kernel extends ConsoleKernel DB::table('monthlyrequests')->truncate(); DB::disconnect('mysql'); })->monthlyOn(1, '00:00'); - - // Delete all of the old humanverification entries - $schedule->call(function () { - DB::delete('DELETE FROM humanverification WHERE updated_at < (now() - interval 72 hour) AND whitelist = 0 ORDER BY updated_at DESC'); - DB::delete('DELETE FROM humanverification WHERE updated_at < (now() - interval 2 week) AND whitelist = 1 ORDER BY updated_at DESC'); - DB::disconnect('mysql'); - })->everyThirtyMinutes(); } /** diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php index 2498a09f..d236ecf2 100644 --- a/app/Http/Controllers/HumanVerification.php +++ b/app/Http/Controllers/HumanVerification.php @@ -4,15 +4,18 @@ namespace App\Http\Controllers; use Captcha; use Carbon; -use DB; use Illuminate\Hashing\BcryptHasher as Hasher; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Redis; use Input; class HumanVerification extends Controller { + const PREFIX = "humanverification"; + public static function captcha(Request $request, Hasher $hasher, $id, $url = null) { + if ($url != null) { $url = base64_decode(str_replace("<>", "/", $url)); } else { @@ -20,15 +23,23 @@ class HumanVerification extends Controller } if ($request->getMethod() == 'POST') { - $user = DB::table('humanverification')->where('uid', $id)->first(); - $lockedKey = $user->lockedKey; + $user = Redis::hgetall(HumanVerification::PREFIX . "." . $id); + $user = ['uid' => $user["uid"], + 'id' => $user["id"], + 'unusedResultPages' => intval($user["unusedResultPages"]), + 'whitelist' => filter_var($user["whitelist"], FILTER_VALIDATE_BOOLEAN), + 'locked' => filter_var($user["locked"], FILTER_VALIDATE_BOOLEAN), + "lockedKey" => $user["lockedKey"], + ]; + + $lockedKey = $user["lockedKey"]; $key = $request->input('captcha'); $key = strtolower($key); if (!$hasher->check($key, $lockedKey)) { $captcha = Captcha::create("default", true); - DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]); + Redis::hset(HumanVerification::PREFIX . "." . $id, 'lockedKey', $captcha["key"]); return view('humanverification.captcha')->with('title', 'Bestätigung notwendig') ->with('id', $id) ->with('url', $url) @@ -36,9 +47,9 @@ class HumanVerification extends Controller ->with('errorMessage', 'Fehler: Falsches Captcha eingegeben!'); } else { # If we can unlock the Account of this user we will redirect him to the result page - if ($user !== null && $user->locked === 1) { + if ($user !== null && $user["locked"]) { # The Captcha was correct. We can remove the key from the user - DB::table('humanverification')->where('uid', $id)->update(['locked' => false, 'lockedKey' => "", 'whitelist' => 1]); + Redis::hmset(HumanVerification::PREFIX . "." . $id, ['locked' => "0", 'lockedKey' => ""]); return redirect($url); } else { return redirect('/'); @@ -46,7 +57,7 @@ class HumanVerification extends Controller } } $captcha = Captcha::create("default", true); - DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]); + Redis::hset(HumanVerification::PREFIX . "." . $id, 'lockedKey', $captcha["key"]); return view('humanverification.captcha')->with('title', 'Bestätigung notwendig') ->with('id', $id) ->with('url', $url) @@ -83,28 +94,58 @@ class HumanVerification extends Controller { $id = hash("sha512", $request->ip()); - $sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages'); - $user = DB::table('humanverification')->where('uid', $uid)->first(); + $userList = Redis::smembers(HumanVerification::PREFIX . "." . $id); + $pipe = Redis::pipeline(); + foreach ($userList as $userid) { + $pipe->hgetall(HumanVerification::PREFIX . "." . $userid); + } + $usersData = $pipe->execute(); + + $user = []; + $users = []; + $sum = 0; + foreach ($usersData as $userTmp) { + if (empty($userTmp)) { + continue; + } + $userNew = ['uid' => $userTmp["uid"], + 'id' => $userTmp["id"], + 'unusedResultPages' => intval($userTmp["unusedResultPages"]), + 'whitelist' => filter_var($userTmp["whitelist"], FILTER_VALIDATE_BOOLEAN), + 'locked' => filter_var($userTmp["locked"], FILTER_VALIDATE_BOOLEAN), + "lockedKey" => $userTmp["lockedKey"], + ]; + + if ($uid === $userTmp["uid"]) { + $user = $userNew; + } else { + $users[] = $userNew; + } + if ($userNew["whitelist"]) { + $sum += intval($userTmp["unusedResultPages"]); + } + + } - if ($user === null) { + if (empty($user)) { return; } + $pipeline = Redis::pipeline(); # Check if we have to whitelist the user or if we can simply delete the data - if ($user->unusedResultPages < $sum && $user->whitelist === 0) { + if ($user["unusedResultPages"] < $sum && !$user["whitelist"]) { # Whitelist - DB::table('humanverification')->where('uid', $uid)->update(['whitelist' => true, 'whitelistCounter' => 0]); - $user->whitelist = 1; - $user->whitelistCounter = 0; + $pipeline->hset(HumanVerification::PREFIX . "." . $uid, 'whitelist', "1"); + $user["whitelist"] = true; } - if ($user->whitelist === 1) { - DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => 0]); + if ($user["whitelist"]) { + $pipeline->hset(HumanVerification::PREFIX . "." . $uid, 'unusedResultPages', "0"); } else { - DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete(); - + $pipeline->hdel(HumanVerification::PREFIX . "." . $uid); + $pipeline->srem(HumanVerification::PREFIX . "." . $id, $uid); } - + $pipeline->execute(); } private static function checkId($request, $id) diff --git a/app/Http/Controllers/MetaGerSearch.php b/app/Http/Controllers/MetaGerSearch.php index 31df5b28..56566146 100644 --- a/app/Http/Controllers/MetaGerSearch.php +++ b/app/Http/Controllers/MetaGerSearch.php @@ -12,7 +12,6 @@ class MetaGerSearch extends Controller { public function search(Request $request, MetaGer $metager) { - $focus = $request->input("focus", "web"); if ($focus === "maps") { diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php index 56ee27b6..21613656 100644 --- a/app/Http/Middleware/HumanVerification.php +++ b/app/Http/Middleware/HumanVerification.php @@ -3,10 +3,9 @@ namespace App\Http\Middleware; use Captcha; -use Carbon; use Closure; -use DB; use Illuminate\Http\Response; +use Illuminate\Support\Facades\Redis; use URL; class HumanVerification @@ -22,8 +21,8 @@ class HumanVerification { // The specific user $user = null; - $newUser = true; $update = true; + $prefix = "humanverification"; try { $id = hash("sha512", $request->ip()); $uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]); @@ -40,42 +39,54 @@ class HumanVerification return $next($request); } - $users = DB::select('select * from humanverification where id = ?', [$id]); + # Get all Users of this IP + $userList = Redis::smembers($prefix . "." . $id); + $pipe = Redis::pipeline(); + foreach ($userList as $userid) { + $pipe->hgetall($prefix . "." . $userid); + } + + $usersData = $pipe->execute(); + + $user = []; + $users = []; # Lock out everyone in a Bot network # Find out how many requests this IP has made $sum = 0; - foreach ($users as $userTmp) { - if ($uid == $userTmp->uid) { - $user = ['uid' => $userTmp->uid, - 'id' => $userTmp->id, - 'unusedResultPages' => intval($userTmp->unusedResultPages), - 'whitelist' => filter_var($userTmp->whitelist, FILTER_VALIDATE_BOOLEAN), - 'whitelistCounter' => $userTmp->whitelistCounter, - 'locked' => filter_var($userTmp->locked, FILTER_VALIDATE_BOOLEAN), - "lockedKey" => $userTmp->lockedKey, - 'updated_at' => Carbon::now(), - ]; - $newUser = false; + foreach ($usersData as $userTmp) { + if (empty($userTmp)) { + continue; } - if ($userTmp->whitelist === 0) { - $sum += $userTmp->unusedResultPages; + $userNew = ['uid' => $userTmp["uid"], + 'id' => $userTmp["id"], + 'unusedResultPages' => intval($userTmp["unusedResultPages"]), + 'whitelist' => filter_var($userTmp["whitelist"], FILTER_VALIDATE_BOOLEAN), + 'locked' => filter_var($userTmp["locked"], FILTER_VALIDATE_BOOLEAN), + "lockedKey" => $userTmp["lockedKey"], + ]; + + if ($uid === $userTmp["uid"]) { + $user = $userNew; + } else { + $users[] = $userNew; + } + if ($userNew["whitelist"]) { + $sum += intval($userTmp["unusedResultPages"]); } } - # If this user doesn't have an entry we will create one - if ($user === null) { + # If this user doesn't have an entry we will create one + if (empty($user)) { $user = [ 'uid' => $uid, 'id' => $id, 'unusedResultPages' => 0, 'whitelist' => false, - 'whitelistCounter' => 0, 'locked' => false, "lockedKey" => "", - 'updated_at' => Carbon::now(), ]; } @@ -96,7 +107,7 @@ class HumanVerification // Defines if this is the only user using that IP Adress $alone = true; foreach ($users as $userTmp) { - if ($userTmp->uid != $uid && !$userTmp->whitelist) { + if ($userTmp["uid"] != $uid && !$userTmp["whitelist"]) { $alone = false; } @@ -133,41 +144,33 @@ class HumanVerification } } - } catch (\Illuminate\Database\QueryException $e) { - // Failure in contacting metager3.de + } catch (\Predis\Connection\ConnectionException $e) { + $update = false; } finally { if ($update) { + // Update the user in the database - if ($newUser) { - DB::table('humanverification')->insert( - [ - 'uid' => $user["uid"], - 'id' => $user["id"], - 'unusedResultPages' => $user['unusedResultPages'], - 'whitelist' => $user["whitelist"], - 'whitelistCounter' => $user["whitelistCounter"], - 'locked' => $user["locked"], - "lockedKey" => $user["lockedKey"], - 'updated_at' => $user["updated_at"], - ] - ); + $pipeline = Redis::pipeline(); + + $pipeline->hmset($prefix . "." . $user['uid'], $user); + $pipeline->sadd($prefix . "." . $user["id"], $user["uid"]); + + $expireDate = now(); + $expireDateLong = date_add($expireDate, date_interval_create_from_date_string('2 weeks'))->timestamp; + $expireDateShort = date_add($expireDate, date_interval_create_from_date_string('2 weeks'))->timestamp; + + if ($user["whitelist"]) { + $pipeline->expireat($prefix . "." . $user['uid'], $expireDateLong); } else { - DB::table('humanverification')->where('uid', $uid)->update( - [ - 'uid' => $user["uid"], - 'id' => $user["id"], - 'unusedResultPages' => $user['unusedResultPages'], - 'whitelist' => $user["whitelist"], - 'whitelistCounter' => $user["whitelistCounter"], - 'locked' => $user["locked"], - "lockedKey" => $user["lockedKey"], - 'updated_at' => $user["updated_at"], - ] - ); + $pipeline->expireat($prefix . "." . $user['uid'], $expireDateShort); } + + $pipeline->expireat($prefix . "." . $user["id"], $expireDateLong); + + $pipeline->execute(); } - DB::disconnect('mysql'); } + $request->request->add(['verification_id' => $user["uid"], 'verification_count' => $user["unusedResultPages"]]); return $next($request); -- GitLab From 0638fedf2b712925f6a93738a99edabb1810efaf Mon Sep 17 00:00:00 2001 From: Dominik Hebeler Date: Thu, 28 Feb 2019 15:29:19 +0100 Subject: [PATCH 2/6] changed order of partners on mobile --- resources/lang/de/index.php | 2 +- resources/lang/en/index.php | 2 +- resources/lang/fr/index.php | 22 ++++++++++---------- resources/less/metager/pages/start-page.less | 2 ++ resources/views/ad-info.blade.php | 2 +- 5 files changed, 16 insertions(+), 14 deletions(-) diff --git a/resources/lang/de/index.php b/resources/lang/de/index.php index 667daa3e..7b4428ad 100644 --- a/resources/lang/de/index.php +++ b/resources/lang/de/index.php @@ -32,7 +32,7 @@ return [ 'slogan.2' => 'Mit MetaGer bewahren Sie einen neutralen Blick auf’s Web!', 'preredesign' => 'Rückblick auf die vorige MetaGer Version', - 'sponsors.head' => 'Sponsoren', + 'sponsors.head' => 'Partner', 'sponsors.woxikon' => 'SEO Agentur', 'sponsors.gutscheine' => 'STERN.de: Günstige Kredite im Kreditvergleich', 'sponsors.seo' => 'Weihnachtsfeier', diff --git a/resources/lang/en/index.php b/resources/lang/en/index.php index fea37d08..b9ee07a3 100644 --- a/resources/lang/en/index.php +++ b/resources/lang/en/index.php @@ -32,7 +32,7 @@ return [ 'slogan.2' => 'You keep a neutral view on the web by using MetaGer', 'preredesign' => 'Flashback to the previous MetaGer version', - "sponsors.head" => "Sponsors", + "sponsors.head" => "Partners", 'sponsors.woxikon' => 'Tagesgeld jetzt!', 'sponsors.gutscheine' => 'Aktuelle Gutscheine auf Gutschein-Magazin.de', 'sponsors.seo' => 'Suchmaschinenoptimierung', diff --git a/resources/lang/fr/index.php b/resources/lang/fr/index.php index 4ec84714..1b22aa04 100644 --- a/resources/lang/fr/index.php +++ b/resources/lang/fr/index.php @@ -1,16 +1,16 @@ "Web", - "foki.bilder" => "Images", - "foki.nachrichten" => "News/Politique", + "foki.web" => "Web", + "foki.bilder" => "Images", + "foki.nachrichten" => "News/Politique", "foki.wissenschaft" => "Sciènces", - "foki.produkte" => "Produits", - "foki.angepasst" => "ajusté(e)", - "foki.maps" => "Maps.metager.de", - "design" => "Choisir un design personnel", - "partnertitle" => "Soutenir MetaGer, sans frais supplémentaires pour vous", - "plugin" => "Ajouter un plug-in MetaGer", - "plugin-title" => "Ajouter MetaGer à votre browser", - "sponsors.head" => "Sponsors", + "foki.produkte" => "Produits", + "foki.angepasst" => "ajusté(e)", + "foki.maps" => "Maps.metager.de", + "design" => "Choisir un design personnel", + "partnertitle" => "Soutenir MetaGer, sans frais supplémentaires pour vous", + "plugin" => "Ajouter un plug-in MetaGer", + "plugin-title" => "Ajouter MetaGer à votre browser", + "sponsors.head" => "Partners", ]; diff --git a/resources/less/metager/pages/start-page.less b/resources/less/metager/pages/start-page.less index 76d8b0f3..a2754109 100644 --- a/resources/less/metager/pages/start-page.less +++ b/resources/less/metager/pages/start-page.less @@ -69,6 +69,7 @@ margin: 0px; max-width: 100%; .card-medium; + order: 2; p { text-align: justify; } @@ -92,6 +93,7 @@ list-style-type: none; padding: 0px; text-align: left; + margin-bottom: 0; li.sr { a { color: inherit; diff --git a/resources/views/ad-info.blade.php b/resources/views/ad-info.blade.php index 04561257..1890c56c 100644 --- a/resources/views/ad-info.blade.php +++ b/resources/views/ad-info.blade.php @@ -6,7 +6,7 @@

Werbung bei MetaGer

Warum wir Werbung zeigen

-

MetaGer ist nicht einfach nur eine Webseite, sondern ein ganzer Service der gepflegt, gewartet und ständig verbessert werden muss. Dabei entstehen laufende Kosten, die sich derzeit nicht alleine durch Mitgliedsbeiträge und Spenden decken lassen. Deshalb zeigen wir zusätzlich zu unseren Suchergebnissen auch Werbeergebnisse an, die möglichst gut zur Suche passen. Zusätzlich finden sich auf unserer Startseite Sponsorenlinks von ausgewählten Firmen.

+

MetaGer ist nicht einfach nur eine Webseite, sondern ein ganzer Service der gepflegt, gewartet und ständig verbessert werden muss. Dabei entstehen laufende Kosten, die sich derzeit nicht alleine durch Mitgliedsbeiträge und Spenden decken lassen. Deshalb zeigen wir zusätzlich zu unseren Suchergebnissen auch Werbeergebnisse an, die möglichst gut zur Suche passen. Zusätzlich finden sich auf unserer Startseite Partnerlinks von ausgewählten Firmen.

MetaGer wird betrieben und stetig weiterentwickelt vom SUMA-EV - Verein für freien Wissenszugang. Der SUMA-EV ist ein als gemeinnützig anerkannter Verein und erhält keine öffentlichen Fördergelder. Deshalb sind wir auf ihre Mithilfe angewiesen.

{{-- ~ Hier grafik mit benötigten Mitgliedern / Spenden für Werbefreiheit einfügen ~ --}} {{--

Helfen Sie uns jetzt dieses Ziel zu erreichen:

--}} -- GitLab From cec37aceb6e131fb12f9536597bef1d665d90c9b Mon Sep 17 00:00:00 2001 From: Dominik Hebeler Date: Mon, 4 Mar 2019 10:39:26 +0100 Subject: [PATCH 3/6] Changed Human Verification to use Redis --- app/Http/Controllers/HumanVerification.php | 32 +++++++++++++++++----- app/Http/Middleware/HumanVerification.php | 29 ++++++++++++-------- 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php index d236ecf2..4bf67f6a 100644 --- a/app/Http/Controllers/HumanVerification.php +++ b/app/Http/Controllers/HumanVerification.php @@ -12,9 +12,12 @@ use Input; class HumanVerification extends Controller { const PREFIX = "humanverification"; + const EXPIRELONG = 60 * 60 * 24 * 14; + const EXPIRESHORT = 60 * 60 * 72; public static function captcha(Request $request, Hasher $hasher, $id, $url = null) { + $redis = Redis::connection('REDIS_CACHE_HOST'); if ($url != null) { $url = base64_decode(str_replace("<>", "/", $url)); @@ -24,7 +27,7 @@ class HumanVerification extends Controller if ($request->getMethod() == 'POST') { - $user = Redis::hgetall(HumanVerification::PREFIX . "." . $id); + $user = $redis->hgetall(HumanVerification::PREFIX . "." . $id); $user = ['uid' => $user["uid"], 'id' => $user["id"], 'unusedResultPages' => intval($user["unusedResultPages"]), @@ -39,7 +42,10 @@ class HumanVerification extends Controller if (!$hasher->check($key, $lockedKey)) { $captcha = Captcha::create("default", true); - Redis::hset(HumanVerification::PREFIX . "." . $id, 'lockedKey', $captcha["key"]); + $pipeline = $redis->pipeline(); + $pipeline->hset(HumanVerification::PREFIX . "." . $id, 'lockedKey', $captcha["key"]); + $pipeline->expire(HumanVerification::PREFIX . "." . $id, $user["whitelist"] ? HumanVerification::EXPIRELONG : HumanVerification::EXPIRESHORT); + $pipeline->execute(); return view('humanverification.captcha')->with('title', 'Bestätigung notwendig') ->with('id', $id) ->with('url', $url) @@ -49,7 +55,13 @@ class HumanVerification extends Controller # If we can unlock the Account of this user we will redirect him to the result page if ($user !== null && $user["locked"]) { # The Captcha was correct. We can remove the key from the user - Redis::hmset(HumanVerification::PREFIX . "." . $id, ['locked' => "0", 'lockedKey' => ""]); + # If the sum of all users with that ip is too high we need to whitelist the user or they will receive a captcha again on the next request + $sum = 0; + $users = []; + $pipeline = $redis->pipeline(); + $pipeline->hmset(HumanVerification::PREFIX . "." . $id, ['locked' => "0", 'lockedKey' => "", 'whitelist' => '1']); + $pipeline->expire(HumanVerification::PREFIX . "." . $id, $user["whitelist"] ? HumanVerification::EXPIRELONG : HumanVerification::EXPIRESHORT); + $pipeline->execute(); return redirect($url); } else { return redirect('/'); @@ -57,7 +69,10 @@ class HumanVerification extends Controller } } $captcha = Captcha::create("default", true); - Redis::hset(HumanVerification::PREFIX . "." . $id, 'lockedKey', $captcha["key"]); + $pipeline = $redis->pipeline(); + $pipeline->hset(HumanVerification::PREFIX . "." . $id, 'lockedKey', $captcha["key"]); + $pipeline->expire(HumanVerification::PREFIX . "." . $id, $user["whitelist"] ? HumanVerification::EXPIRELONG : HumanVerification::EXPIRESHORT); + $pipeline->execute(); return view('humanverification.captcha')->with('title', 'Bestätigung notwendig') ->with('id', $id) ->with('url', $url) @@ -92,10 +107,11 @@ class HumanVerification extends Controller private static function removeUser($request, $uid) { + $redis = Redis::conection('REDIS_CACHE_HOST'); $id = hash("sha512", $request->ip()); - $userList = Redis::smembers(HumanVerification::PREFIX . "." . $id); - $pipe = Redis::pipeline(); + $userList = $redis->smembers(HumanVerification::PREFIX . "." . $id); + $pipe = $redis->pipeline(); foreach ($userList as $userid) { $pipe->hgetall(HumanVerification::PREFIX . "." . $userid); } @@ -131,7 +147,7 @@ class HumanVerification extends Controller return; } - $pipeline = Redis::pipeline(); + $pipeline = $redis->pipeline(); # Check if we have to whitelist the user or if we can simply delete the data if ($user["unusedResultPages"] < $sum && !$user["whitelist"]) { # Whitelist @@ -145,6 +161,8 @@ class HumanVerification extends Controller $pipeline->hdel(HumanVerification::PREFIX . "." . $uid); $pipeline->srem(HumanVerification::PREFIX . "." . $id, $uid); } + $pipeline->expire(HumanVerification::PREFIX . "." . $uid, $user["whitelist"] ? HumanVerification::EXPIRELONG : HumanVerification::EXPIRESHORT); + $pipeline->expire(HumanVerification::PREFIX . "." . $id, HumanVerification::EXPIRELONG); $pipeline->execute(); } diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php index 21613656..bb1247af 100644 --- a/app/Http/Middleware/HumanVerification.php +++ b/app/Http/Middleware/HumanVerification.php @@ -4,6 +4,7 @@ namespace App\Http\Middleware; use Captcha; use Closure; +use Cookie; use Illuminate\Http\Response; use Illuminate\Support\Facades\Redis; use URL; @@ -23,6 +24,7 @@ class HumanVerification $user = null; $update = true; $prefix = "humanverification"; + $redis = Redis::connection('REDIS_CACHE_HOST'); try { $id = hash("sha512", $request->ip()); $uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]); @@ -34,14 +36,14 @@ class HumanVerification * If someone that uses a bot finds this out we * might have to change it at some point. */ - if ($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) { + if ($request->filled('password') || $request->filled('key') || Cookie::get('key') !== null || $request->filled('appversion') || !env('BOT_PROTECTION', false)) { $update = false; return $next($request); } # Get all Users of this IP - $userList = Redis::smembers($prefix . "." . $id); - $pipe = Redis::pipeline(); + $userList = $redis->smembers($prefix . "." . $id); + $pipe = $redis->pipeline(); foreach ($userList as $userid) { $pipe->hgetall($prefix . "." . $userid); @@ -54,8 +56,10 @@ class HumanVerification # Lock out everyone in a Bot network # Find out how many requests this IP has made $sum = 0; - foreach ($usersData as $userTmp) { + foreach ($usersData as $index => $userTmp) { if (empty($userTmp)) { + // This is a key that has been expired and should be deleted + $redis->srem($prefix . "." . $id, $userList[$index]); continue; } $userNew = ['uid' => $userTmp["uid"], @@ -71,7 +75,7 @@ class HumanVerification } else { $users[] = $userNew; } - if ($userNew["whitelist"]) { + if (!$userNew["whitelist"]) { $sum += intval($userTmp["unusedResultPages"]); } @@ -150,22 +154,23 @@ class HumanVerification if ($update) { // Update the user in the database - $pipeline = Redis::pipeline(); + $pipeline = $redis->pipeline(); $pipeline->hmset($prefix . "." . $user['uid'], $user); $pipeline->sadd($prefix . "." . $user["id"], $user["uid"]); - $expireDate = now(); - $expireDateLong = date_add($expireDate, date_interval_create_from_date_string('2 weeks'))->timestamp; - $expireDateShort = date_add($expireDate, date_interval_create_from_date_string('2 weeks'))->timestamp; + // Expire in two weeks + $expireLong = 60 * 60 * 24 * 14; + // Expire in 72h + $expireShort = 60 * 60 * 72; if ($user["whitelist"]) { - $pipeline->expireat($prefix . "." . $user['uid'], $expireDateLong); + $pipeline->expire($prefix . "." . $user['uid'], $expireLong); } else { - $pipeline->expireat($prefix . "." . $user['uid'], $expireDateShort); + $pipeline->expire($prefix . "." . $user['uid'], $expireShort); } - $pipeline->expireat($prefix . "." . $user["id"], $expireDateLong); + $pipeline->expire($prefix . "." . $user["id"], $expireLong); $pipeline->execute(); } -- GitLab From 4b01570cfdd11568ec8006f1f4459ed05fd9dffe Mon Sep 17 00:00:00 2001 From: Dominik Hebeler Date: Mon, 4 Mar 2019 10:42:26 +0100 Subject: [PATCH 4/6] Fixed a bug in redis connection --- app/Http/Controllers/HumanVerification.php | 4 ++-- app/Http/Middleware/HumanVerification.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php index 4bf67f6a..e7261709 100644 --- a/app/Http/Controllers/HumanVerification.php +++ b/app/Http/Controllers/HumanVerification.php @@ -17,7 +17,7 @@ class HumanVerification extends Controller public static function captcha(Request $request, Hasher $hasher, $id, $url = null) { - $redis = Redis::connection('REDIS_CACHE_HOST'); + $redis = Redis::connection('redisCache'); if ($url != null) { $url = base64_decode(str_replace("<>", "/", $url)); @@ -107,7 +107,7 @@ class HumanVerification extends Controller private static function removeUser($request, $uid) { - $redis = Redis::conection('REDIS_CACHE_HOST'); + $redis = Redis::conection('redisCache'); $id = hash("sha512", $request->ip()); $userList = $redis->smembers(HumanVerification::PREFIX . "." . $id); diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php index bb1247af..a9f459d4 100644 --- a/app/Http/Middleware/HumanVerification.php +++ b/app/Http/Middleware/HumanVerification.php @@ -24,7 +24,7 @@ class HumanVerification $user = null; $update = true; $prefix = "humanverification"; - $redis = Redis::connection('REDIS_CACHE_HOST'); + $redis = Redis::connection('redisCache'); try { $id = hash("sha512", $request->ip()); $uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]); -- GitLab From 3a86ea9d5732f2f32d34be38fcd2bcd39f5fa142 Mon Sep 17 00:00:00 2001 From: Dominik Hebeler Date: Mon, 4 Mar 2019 10:57:31 +0100 Subject: [PATCH 5/6] Bugfix typo --- app/Http/Controllers/HumanVerification.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php index e7261709..fce2cd09 100644 --- a/app/Http/Controllers/HumanVerification.php +++ b/app/Http/Controllers/HumanVerification.php @@ -107,7 +107,7 @@ class HumanVerification extends Controller private static function removeUser($request, $uid) { - $redis = Redis::conection('redisCache'); + $redis = Redis::connection('redisCache'); $id = hash("sha512", $request->ip()); $userList = $redis->smembers(HumanVerification::PREFIX . "." . $id); -- GitLab From a8bd7ade18fca9fa617e0363af497420f6e86cb0 Mon Sep 17 00:00:00 2001 From: Dominik Hebeler Date: Mon, 4 Mar 2019 11:01:06 +0100 Subject: [PATCH 6/6] used wrong command to delete hash --- app/Http/Controllers/HumanVerification.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php index fce2cd09..67ea50d1 100644 --- a/app/Http/Controllers/HumanVerification.php +++ b/app/Http/Controllers/HumanVerification.php @@ -158,7 +158,7 @@ class HumanVerification extends Controller if ($user["whitelist"]) { $pipeline->hset(HumanVerification::PREFIX . "." . $uid, 'unusedResultPages', "0"); } else { - $pipeline->hdel(HumanVerification::PREFIX . "." . $uid); + $pipeline->del(HumanVerification::PREFIX . "." . $uid); $pipeline->srem(HumanVerification::PREFIX . "." . $id, $uid); } $pipeline->expire(HumanVerification::PREFIX . "." . $uid, $user["whitelist"] ? HumanVerification::EXPIRELONG : HumanVerification::EXPIRESHORT); -- GitLab