Fijxu/lua-cs-bouncer-mcaptcha
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
alteredCoder 2022-01-31 13:25:07 +01:00
parent 8014c96072
commit 821449cac9
2 changed files with 19 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nginx/config.lua
View file

@ -35,7 +35,7 @@ function config.loadConfig(file)
return nil, "File ".. file .." doesn't exist" return nil, "File ".. file .." doesn't exist"
end end
local conf = {} local conf = {}
local valid_params = {'API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION'} local valid_params = {'API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION', 'FALLBACK_REMEDIATION'}
local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION'} local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION'}
local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'} local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
local default_values = { local default_values = {

19
nginx/crowdsec.lua
View file

@ -30,6 +30,8 @@ function csmod.init(configFile, userAgent)
runtime.conf = conf runtime.conf = conf
runtime.userAgent = userAgent runtime.userAgent = userAgent
runtime.cache = ngx.shared.crowdsec_cache runtime.cache = ngx.shared.crowdsec_cache
runtime.fallback = runtime.conf["FALLBACK_REMEDIATION"]
captcha_ok = true captcha_ok = true
if runtime.conf["REDIRECT_LOCATION"] == "/" then if runtime.conf["REDIRECT_LOCATION"] == "/" then
@ -399,11 +401,25 @@ function csmod.Allow(ip)
ngx.log(ngx.ERR, "[Crowdsec] bouncer error: " .. err) ngx.log(ngx.ERR, "[Crowdsec] bouncer error: " .. err)
end end
-- if the ip is now allowed, try to delete its captcha state in cache
if ok == true then if ok == true then
ngx.shared.crowdsec_cache:delete("captcha_" .. ip) ngx.shared.crowdsec_cache:delete("captcha_" .. ip)
end end
captcha_ok = runtime.cache:get("captcha_ok") captcha_ok = runtime.cache:get("captcha_ok")
if runtime.fallback ~= "" then
-- if we can't use recaptcha, fallback
if remediation == "captcha" and captcha_ok == false then
remediation = runtime.fallback
end
-- if remediation is not supported, fallback
if remediation ~= "captcha" and remediation ~= "ban" then
remediation = runtime.fallback
end
end
if captcha_ok then -- if captcha can be use (configuration is valid) if captcha_ok then -- if captcha can be use (configuration is valid)
-- we check if the IP need to validate its captcha before checking it against crowdsec local API -- we check if the IP need to validate its captcha before checking it against crowdsec local API
previous_uri, state_id = ngx.shared.crowdsec_cache:get("captcha_"..ngx.var.remote_addr) previous_uri, state_id = ngx.shared.crowdsec_cache:get("captcha_"..ngx.var.remote_addr)
@ -436,8 +452,8 @@ function csmod.Allow(ip)
end end
if not ok then if not ok then
ngx.log(ngx.ALERT, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "' with '"..remediation.."'")
if remediation == "ban" then if remediation == "ban" then
ngx.log(ngx.ALERT, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "' with '"..remediation.."'")
ban.apply() ban.apply()
return return
end end
@ -465,6 +481,7 @@ function csmod.Allow(ip)
if forcible then if forcible then
ngx.log(ngx.ERR, "Lua shared dict (crowdsec cache) is full, please increase dict size in config") ngx.log(ngx.ERR, "Lua shared dict (crowdsec cache) is full, please increase dict size in config")
end end
ngx.log(ngx.ALERT, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "' with '"..remediation.."'")
end end
end end
end end