From 0dbbc5278b896a3bbe9fd3ec0be1d80953de2ca0 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 30 Oct 2020 00:34:51 +0000 Subject: [PATCH] Adding captcha support --- src/bunker.go | 2 +- src/captcha.go | 20 +- src/users_api.go | 9 + ui/index.html | 531 ++++++++++++++++++++++++----------------------- 4 files changed, 288 insertions(+), 274 deletions(-) diff --git a/src/bunker.go b/src/bunker.go index 2ca8c8a..fbb474f 100644 --- a/src/bunker.go +++ b/src/bunker.go @@ -181,7 +181,7 @@ func (e mainEnv) setupRouter() *httprouter.Router { router.DELETE("/v1/user/:mode/:address", e.userDelete) router.PUT("/v1/user/:mode/:address", e.userChange) - router.GET("/v1/prelogin/:mode/:address", e.userPrelogin) + router.GET("/v1/prelogin/:mode/:address/:code/:captcha", e.userPrelogin) router.GET("/v1/login/:mode/:address/:tmp", e.userLogin) router.POST("/v1/sharedrecord/token/:token", e.newSharedRecord) diff --git a/src/captcha.go b/src/captcha.go index a115f33..c5aadfc 100644 --- a/src/captcha.go +++ b/src/captcha.go @@ -10,32 +10,20 @@ import ( "image/png" "crypto/aes" "crypto/cipher" - "encoding/base64" + "encoding/hex" "github.com/julienschmidt/httprouter" "github.com/gobuffalo/packr" "github.com/afocus/captcha" ) - var ( comic []byte captchaKey = make([]byte, 16) regexCaptcha = regexp.MustCompile("^([a-zA-Z0-9]+):([0-9]+)$") ) -func (e mainEnv) genCaptcha(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - code, err := generateCaptcha() - if err != nil { - returnError(w, r, err.Error(), 405, err, nil) - return - } - finalJSON := fmt.Sprintf(`{"status":"ok","code":"%s"}`, code) - w.Header().Set("Content-Type", "application/json; charset=utf-8") - w.WriteHeader(200) - w.Write([]byte(finalJSON)) -} - func (e mainEnv) showCaptcha(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + log.Printf("Starting showCaptcha fn") code := ps.ByName("code") if len(code) == 0 { err := errors.New("Bad code") @@ -93,7 +81,7 @@ func generateCaptcha() (string, error) { return "", err } ciphertext := aesgcm.Seal(nil, nonce, []byte(plaintext), nil) - result := base64.StdEncoding.EncodeToString(ciphertext) + result := hex.EncodeToString(ciphertext) log.Printf("Encoded captcha: %s", result) //log.Printf("ciphertext : %s", result) return result, nil @@ -103,7 +91,7 @@ func decryptCaptcha(data string) (string, error) { if len(data) > 100 { return "", errors.New("Ciphertext too long") } - ciphertext, err := base64.StdEncoding.DecodeString(data) + ciphertext, err := hex.DecodeString(data) if err != nil { return "", err } diff --git a/src/users_api.go b/src/users_api.go index e0e267c..5f871ae 100644 --- a/src/users_api.go +++ b/src/users_api.go @@ -292,11 +292,20 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute } func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + captcha := ps.ByName("captcha") + code := ps.ByName("code") address := ps.ByName("address") mode := ps.ByName("mode") event := audit("user prelogin by "+mode, address, mode, address) defer func() { event.submit(e.db) }() + code0, err := decryptCaptcha(captcha) + if err != nil || code0 != code { + w.Header().Set("Content-Type", "application/json; charset=utf-8") + w.WriteHeader(200) + fmt.Fprintf(w, `{"status":"error","result":"captcha-error"}`) + return + } if mode != "phone" && mode != "email" { returnError(w, r, "bad mode", 405, nil, event) return diff --git a/ui/index.html b/ui/index.html index 2934250..48306d8 100644 --- a/ui/index.html +++ b/ui/index.html @@ -19,263 +19,280 @@ if (conf["custom_css_link"]) { -
- -
-
-

Find my data

-

Select login method and enter login details:

-
-
- -
- - - - - -
- -
-
-
-
-
-
-
-
- -
-
- -
+
+
+
+

Find my data

+

Select login method and enter login details:

+
+
+ +
+ + + +
+ +
+
+ + +
+
+
+
+
+
+
+
+ +
+
+ +
+