fix(anubis): store the challenge method in the store (#924)
* fix(lib): reduce challenge string size Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(internal): add host, method, and path to request logs Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(anubis): log when challenges explicitly fail Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib): make challenge validation fully deterministic Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(anubis): nuke challengeFor function Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update changelog Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
GitHub
parent
8feacc78fc
commit
4a4031450c
5 changed files with 46 additions and 32 deletions
11
lib/http.go
11
lib/http.go
|
|
@ -111,7 +111,7 @@ func randomChance(n int) bool {
|
|||
return rand.Intn(n) == 0
|
||||
}
|
||||
|
||||
func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, rule *policy.Bot, returnHTTPStatusOnly bool) {
|
||||
func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, cr policy.CheckResult, rule *policy.Bot, returnHTTPStatusOnly bool) {
|
||||
localizer := localization.GetLocalizer(r)
|
||||
|
||||
if returnHTTPStatusOnly {
|
||||
|
|
@ -125,17 +125,20 @@ func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, rule *polic
|
|||
if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") && randomChance(64) {
|
||||
lg.Error("client was given a challenge but does not in fact support gzip compression")
|
||||
s.respondWithError(w, r, localizer.T("client_error_browser"))
|
||||
return
|
||||
}
|
||||
|
||||
challengesIssued.WithLabelValues("embedded").Add(1)
|
||||
chall, err := s.challengeFor(r)
|
||||
chall, err := s.issueChallenge(r.Context(), r, lg, cr, rule)
|
||||
if err != nil {
|
||||
lg.Error("can't get challenge", "err", "err")
|
||||
lg.Error("can't get challenge", "err", err)
|
||||
s.ClearCookie(w, CookieOpts{Name: anubis.TestCookieName, Host: r.Host})
|
||||
s.respondWithError(w, r, fmt.Sprintf("%s: %s", localizer.T("internal_server_error"), rule.Challenge.Algorithm))
|
||||
return
|
||||
}
|
||||
|
||||
lg = lg.With("challenge", chall.ID)
|
||||
|
||||
var ogTags map[string]string = nil
|
||||
if s.opts.OpenGraph.Enabled {
|
||||
var err error
|
||||
|
|
@ -153,7 +156,7 @@ func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, rule *polic
|
|||
Expiry: 30 * time.Minute,
|
||||
})
|
||||
|
||||
impl, ok := challenge.Get(rule.Challenge.Algorithm)
|
||||
impl, ok := challenge.Get(chall.Method)
|
||||
if !ok {
|
||||
lg.Error("check failed", "err", "can't get algorithm", "algorithm", rule.Challenge.Algorithm)
|
||||
s.ClearCookie(w, CookieOpts{Name: anubis.TestCookieName, Host: r.Host})
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue