lua-cs-bouncer-mcaptcha/lib/plugins/crowdsec/recaptcha.lua

local http = require "resty.http"
local cjson = require "cjson"
local template = require "plugins.crowdsec.template"
local utils = require "plugins.crowdsec.utils"


local M = {_TYPE='module', _NAME='recaptcha.funcs', _VERSION='1.0-0'}

local recaptcha_verify_url = "https://www.google.com/recaptcha/api/siteverify"

M._VERIFY_STATE = "to_verify"
M._VALIDATED_STATE = "validated"


M.State = {}
M.State["1"] = M._VERIFY_STATE
M.State["2"] = M._VALIDATED_STATE

M.SecretKey = ""
M.SiteKey = ""
M.Template = ""


function M.GetStateID(state)
    for k, v in pairs(M.State) do
        if v == state then
            return tonumber(k)
        end
    end
    return nil
end


function M.New(siteKey, secretKey, TemplateFilePath)

    if siteKey == nil or siteKey == "" then
      return "no recaptcha site key provided, can't use recaptcha"
    end
    M.SiteKey = siteKey

    if secretKey == nil or secretKey == "" then
      return "no recaptcha secret key provided, can't use recaptcha"
    end

    M.SecretKey = secretKey

    if TemplateFilePath == nil then
      return "CAPTCHA_TEMPLATE_PATH variable is empty, will ban without template"
    end
    if utils.file_exist(TemplateFilePath) == false then
      return "captcha template file doesn't exist, can't use recaptcha"
    end

    local captcha_template = utils.read_file(TemplateFilePath)
    if captcha_template == nil then
        return "Template file " .. TemplateFilePath .. "not found."
    end

    local template_data = {}
    template_data["recaptcha_site_key"] =  M.SiteKey
    local view = template.compile(captcha_template, template_data)
    M.Template = view

    return nil
end


function M.GetTemplate()
    return M.Template
end


function table_to_encoded_url(args)
    local params = {}
    for k, v in pairs(args) do table.insert(params, k .. '=' .. v) end
    return table.concat(params, "&")
end

function M.Validate(g_captcha_res, remote_ip)
    local body = {
        secret   = M.SecretKey,
        response = g_captcha_res,
        remoteip = remote_ip
    }

    local data = table_to_encoded_url(body)
    local httpc = http.new()
    httpc:set_timeout(2000)
    local res, err = httpc:request_uri(recaptcha_verify_url, {
      method = "POST",
      body = data,
      headers = {
          ["Content-Type"] = "application/x-www-form-urlencoded",
      },
    })
    httpc:close()
    if err ~= nil then
      return true, err
    end

    local result = cjson.decode(res.body)

    if result.success == false then
      for k, v in pairs(result["error-codes"]) do
        if v == "invalid-input-secret" then
          ngx.log(ngx.ERR, "reCaptcha secret key is invalid")
          return true, nil
        end
      end 
    end

    return result.success, nil
end


return M
update 2022-01-26 16:59:32 +01:00			`local http = require "resty.http"`
update 2022-01-26 17:44:50 +01:00			`local cjson = require "cjson"`
add our template lib 2022-01-30 16:21:10 +01:00			`local template = require "plugins.crowdsec.template"`
update 2022-01-30 17:07:51 +01:00			`local utils = require "plugins.crowdsec.utils"`
add our template lib 2022-01-30 16:21:10 +01:00
add new lib for nginx based only 2022-01-05 15:10:54 +01:00
update 2022-01-26 12:23:49 +01:00			`local M = {_TYPE='module', _NAME='recaptcha.funcs', _VERSION='1.0-0'}`

update 2022-01-26 17:01:47 +01:00			`local recaptcha_verify_url = "https://www.google.com/recaptcha/api/siteverify"`

update 2022-01-26 16:50:29 +01:00			`M._VERIFY_STATE = "to_verify"`
			`M._VALIDATED_STATE = "validated"`
update 2022-01-26 12:23:49 +01:00

			`M.State = {}`
update 2022-01-26 16:50:29 +01:00			`M.State["1"] = M._VERIFY_STATE`
			`M.State["2"] = M._VALIDATED_STATE`

update 2022-01-26 12:23:49 +01:00			`M.SecretKey = ""`
			`M.SiteKey = ""`
			`M.Template = ""`

update 2022-01-26 16:50:29 +01:00
			`function M.GetStateID(state)`
			`for k, v in pairs(M.State) do`
			`if v == state then`
			`return tonumber(k)`
			`end`
			`end`
			`return nil`
			`end`

update 2022-01-30 17:07:51 +01:00
update 2022-01-26 18:15:09 +01:00
update 2022-01-26 12:41:45 +01:00			`function M.New(siteKey, secretKey, TemplateFilePath)`
update 2022-01-26 18:15:09 +01:00
			`if siteKey == nil or siteKey == "" then`
			`return "no recaptcha site key provided, can't use recaptcha"`
			`end`
update 2022-01-26 12:23:49 +01:00			`M.SiteKey = siteKey`

update 2022-01-26 18:15:09 +01:00			`if secretKey == nil or secretKey == "" then`
			`return "no recaptcha secret key provided, can't use recaptcha"`
			`end`

			`M.SecretKey = secretKey`

improve captcha template path verif 2022-02-08 17:50:28 +01:00			`if TemplateFilePath == nil then`
			`return "CAPTCHA_TEMPLATE_PATH variable is empty, will ban without template"`
			`end`
update 2022-01-30 17:07:51 +01:00			`if utils.file_exist(TemplateFilePath) == false then`
update 2022-01-26 18:15:09 +01:00			`return "captcha template file doesn't exist, can't use recaptcha"`
			`end`

update 2022-01-30 17:07:51 +01:00			`local captcha_template = utils.read_file(TemplateFilePath)`
update code 2022-01-26 12:35:51 +01:00			`if captcha_template == nil then`
update 2022-01-26 12:41:45 +01:00			`return "Template file " .. TemplateFilePath .. "not found."`
update code 2022-01-26 12:35:51 +01:00			`end`
add our template lib 2022-01-30 16:21:10 +01:00
add local to all missing variables 2022-02-01 11:51:10 +01:00			`local template_data = {}`
update 2022-01-30 16:25:58 +01:00			`template_data["recaptcha_site_key"] = M.SiteKey`
add our template lib 2022-01-30 16:21:10 +01:00			`local view = template.compile(captcha_template, template_data)`
			`M.Template = view`
update code 2022-01-26 12:35:51 +01:00
update 2022-01-26 12:41:45 +01:00			`return nil`
update 2022-01-26 12:23:49 +01:00			`end`


update code 2022-01-26 12:32:09 +01:00			`function M.GetTemplate()`
			`return M.Template`
			`end`


update 2022-01-26 12:23:49 +01:00			`function table_to_encoded_url(args)`
			`local params = {}`
			`for k, v in pairs(args) do table.insert(params, k .. '=' .. v) end`
			`return table.concat(params, "&")`
add local to all missing variables 2022-02-01 11:51:10 +01:00			`end`
update 2022-01-26 12:23:49 +01:00
			`function M.Validate(g_captcha_res, remote_ip)`
add local to all missing variables 2022-02-01 11:51:10 +01:00			`local body = {`
update code 2022-01-26 12:28:49 +01:00			`secret = M.SecretKey,`
update 2022-01-26 12:23:49 +01:00			`response = g_captcha_res,`
			`remoteip = remote_ip`
add local to all missing variables 2022-02-01 11:51:10 +01:00			`}`

			`local data = table_to_encoded_url(body)`
			`local httpc = http.new()`
Close HTTP connections 2022-02-09 15:37:06 +01:00			`httpc:set_timeout(2000)`
add local to all missing variables 2022-02-01 11:51:10 +01:00			`local res, err = httpc:request_uri(recaptcha_verify_url, {`
			`method = "POST",`
			`body = data,`
			`headers = {`
			`["Content-Type"] = "application/x-www-form-urlencoded",`
			`},`
			`})`
Close HTTP connections 2022-02-09 15:37:06 +01:00			`httpc:close()`
add local to all missing variables 2022-02-01 11:51:10 +01:00			`if err ~= nil then`
			`return true, err`
			`end`

			`local result = cjson.decode(res.body)`

			`if result.success == false then`
			`for k, v in pairs(result["error-codes"]) do`
			`if v == "invalid-input-secret" then`
			`ngx.log(ngx.ERR, "reCaptcha secret key is invalid")`
			`return true, nil`
			`end`
			`end`
			`end`

			`return result.success, nil`
update 2022-01-26 12:23:49 +01:00			`end`

add new lib for nginx based only 2022-01-05 15:10:54 +01:00
update code 2022-01-26 12:26:45 +01:00			`return M`