diff --git a/Dockerfile b/Dockerfile index dc9735e..3c30b2b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16-bullseye AS static +FROM node:18-bullseye AS static ADD . /src @@ -11,7 +11,7 @@ RUN cd /src/web \ && echo "front build ended" \ && rm -rf .gitignore -FROM golang:1.17-buster AS builder +FROM golang:1.19-buster AS builder ADD . /src diff --git a/aclstorage.go b/aclstorage.go deleted file mode 100644 index 0a78316..0000000 --- a/aclstorage.go +++ /dev/null @@ -1,71 +0,0 @@ -package main - -import ( - "sync" - "time" -) - -type aclStorageItem struct { - rule string - name string - userName string - expire int64 -} - -type aclStorage struct { - mu sync.Mutex - count int - items map[string]aclStorageItem -} - -func newACLStorage() *aclStorage { - items := make(map[string]aclStorageItem) - - a := aclStorage{ - count: 0, - items: items, - } - - return &a -} - -func (a *aclStorage) add(key string, rule string, name string, userName string, ttl int64) { - a.mu.Lock() - defer a.mu.Unlock() - - i := aclStorageItem{ - rule: rule, - name: name, - userName: userName, - expire: time.Now().Unix() + ttl, - } - - a.items[key] = i - a.count++ -} - -func (a *aclStorage) exist(key string) *aclStorageItem { - a.mu.Lock() - defer a.mu.Unlock() - - storageItem, foundExpire := a.items[key] - - if foundExpire && storageItem.expire >= time.Now().Unix() { - return &storageItem - } - - return nil -} - -func (a *aclStorage) gc() int { - a.mu.Lock() - defer a.mu.Unlock() - - for key, registerTime := range a.items { - if registerTime.expire < time.Now().Unix() { - delete(a.items, key) - } - } - a.count = len(a.items) - return a.count -} diff --git a/aclstorage_test.go b/aclstorage_test.go deleted file mode 100644 index 1e69c8e..0000000 --- a/aclstorage_test.go +++ /dev/null @@ -1,24 +0,0 @@ -package main - -import ( - "testing" - "time" -) - -func TestACLStorage(t *testing.T) { - cs := newACLStorage() - cs.gc() - if cs.exist("n") != nil { - t.Errorf("must not exist") - } - cs.add("n", "acl", "name", "", 1) - cs.add("m", "acl", "name", "", 5) - if cs.exist("n") == nil { - t.Errorf("exist") - } - time.Sleep(time.Second * 2) - cs.gc() - if cs.exist("n") != nil { - t.Errorf("must gc") - } -} diff --git a/challenge.go b/challenge.go index cf6da3f..b78e2da 100644 --- a/challenge.go +++ b/challenge.go @@ -6,7 +6,7 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "net/http" "time" @@ -119,7 +119,7 @@ func (ch *challenge) setCaptchaValue(restCaptchaURL string, difficultyLevel stri } defer resp.Body.Close() - body, _ := ioutil.ReadAll(resp.Body) + body, _ := io.ReadAll(resp.Body) var captchaRes captchaResponse err2 := json.Unmarshal(body, &captchaRes) if err2 != nil { diff --git a/challengestorage.go b/challengestorage.go deleted file mode 100644 index 28e23b0..0000000 --- a/challengestorage.go +++ /dev/null @@ -1,57 +0,0 @@ -package main - -import ( - "sync" - "time" -) - -type challengeStorage struct { - mu sync.Mutex - count int - items map[string]int64 -} - -func newChallengeStorage() *challengeStorage { - items := make(map[string]int64) - - cs := challengeStorage{ - items: items, - count: 0, - } - - return &cs -} - -func (s *challengeStorage) exist(key string) bool { - s.mu.Lock() - defer s.mu.Unlock() - - registerTime, foundExpire := s.items[key] - - if foundExpire && registerTime >= time.Now().Unix() { - return true - } - - return false -} - -func (s *challengeStorage) set(key string, lifeTime int64) { - s.mu.Lock() - defer s.mu.Unlock() - - s.items[key] = time.Now().Unix() + lifeTime - s.count++ -} - -func (s *challengeStorage) gc() int { - s.mu.Lock() - defer s.mu.Unlock() - - for key, registerTime := range s.items { - if registerTime < time.Now().Unix() { - delete(s.items, key) - } - } - s.count = len(s.items) - return s.count -} diff --git a/challengestorage_test.go b/challengestorage_test.go deleted file mode 100644 index f1b2088..0000000 --- a/challengestorage_test.go +++ /dev/null @@ -1,24 +0,0 @@ -package main - -import ( - "testing" - "time" -) - -func TestChallengeStorage(t *testing.T) { - cs := newChallengeStorage() - cs.gc() - if cs.exist("n") { - t.Errorf("must not exist") - } - cs.set("n", 0) - cs.set("m", 5) - if !cs.exist("n") { - t.Errorf("exist") - } - time.Sleep(time.Second * 1) - cs.gc() - if cs.exist("n") { - t.Errorf("must gc") - } -} diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index c402236..30e1ad2 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -17,4 +17,4 @@ services: container_name: protection-rest-captcha-test image: ghcr.io/aasaam/rest-captcha:latest network_mode: host - command: -test-image -return-value + command: run -test-image -return-value diff --git a/go.mod b/go.mod index 2fad8ce..027724a 100644 --- a/go.mod +++ b/go.mod @@ -1,20 +1,20 @@ module github.com/aasaam/nginx-protection -go 1.17 +go 1.19 require ( github.com/aasaam/aes-go v0.0.4 github.com/go-ldap/ldap/v3 v3.4.4 - github.com/gofiber/adaptor/v2 v2.1.30 - github.com/gofiber/fiber/v2 v2.40.1 - github.com/gofiber/helmet/v2 v2.2.22 - github.com/gofiber/template v1.7.3 + github.com/gofiber/adaptor/v2 v2.1.31 + github.com/gofiber/fiber/v2 v2.41.0 + github.com/gofiber/helmet/v2 v2.2.23 + github.com/gofiber/template v1.7.4 github.com/mdp/qrterminal v1.0.1 github.com/pquerna/otp v1.4.0 github.com/prometheus/client_golang v1.14.0 github.com/rs/zerolog v1.28.0 github.com/urfave/cli/v2 v2.23.7 - golang.org/x/text v0.5.0 + golang.org/x/text v0.6.0 gopkg.in/yaml.v2 v2.4.0 ) @@ -29,7 +29,7 @@ require ( github.com/golang/protobuf v1.5.2 // indirect github.com/klauspost/compress v1.15.9 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.16 // indirect + github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/prometheus/client_model v0.3.0 // indirect @@ -38,7 +38,7 @@ require ( github.com/rivo/uniseg v0.2.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect - github.com/valyala/fasthttp v1.41.0 // indirect + github.com/valyala/fasthttp v1.44.0 // indirect github.com/valyala/tcplisten v1.0.0 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect diff --git a/go.sum b/go.sum index 0b5e620..b2d736f 100644 --- a/go.sum +++ b/go.sum @@ -49,10 +49,9 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno= -github.com/CloudyKit/jet/v6 v6.1.0/go.mod h1:d3ypHeIRNo2+XyqnGA8s+aphtcVpjP5hPwP/Lzo7Ro4= +github.com/CloudyKit/jet/v6 v6.2.0/go.mod h1:d3ypHeIRNo2+XyqnGA8s+aphtcVpjP5hPwP/Lzo7Ro4= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Joker/hpp v1.0.0/go.mod h1:8x5n+M1Hp5hC0g8okX3sR3vFQwynaX/UgSOM9MeBKzY= github.com/Joker/jade v1.1.3/go.mod h1:T+2WLyt7VH6Lp0TRxQrUYEs64nRc83wkMQrfeIQKduM= @@ -83,7 +82,6 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBW github.com/cbroglie/mustache v1.4.0/go.mod h1:SS1FTIghy0sjse4DUVGV1k/40B1qE1XkD9DtDsHo9iM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= @@ -149,14 +147,14 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofiber/adaptor/v2 v2.1.30 h1:ak5sCY8HbnafdMjvxUhS8wz5JWghwfxhnvig3/ACjVo= -github.com/gofiber/adaptor/v2 v2.1.30/go.mod h1:20KxTjpAea1f+9mcMwManJWKvWl37YxW1yuNGoNoGS4= -github.com/gofiber/fiber/v2 v2.40.1 h1:pc7n9VVpGIqNsvg9IPLQhyFEMJL8gCs1kneH5D1pIl4= -github.com/gofiber/fiber/v2 v2.40.1/go.mod h1:Gko04sLksnHbzLSRBFWPFdzM9Ws9pRxvvIaohJK1dsk= -github.com/gofiber/helmet/v2 v2.2.22 h1:kACyVKnu3RpBmr0IomxwxwFzTLJuWllRCA5DQEminxQ= -github.com/gofiber/helmet/v2 v2.2.22/go.mod h1:8eDCsQ6XV+Ye41c+vQKyPQdG6NW9iQhlgdnwRIvp01M= -github.com/gofiber/template v1.7.3 h1:ddWRgCB7kDdsgH7Qakwmlj6qM3kjggaT0aIhxLGatD0= -github.com/gofiber/template v1.7.3/go.mod h1:MI/DIYL6czowb8KLkkNAojCifLnAVQcN3KGEUDvlFtU= +github.com/gofiber/adaptor/v2 v2.1.31 h1:E7LJre4uBc+RDsQfHCE+LKVkFcciSMYu4KhzbvoWgKU= +github.com/gofiber/adaptor/v2 v2.1.31/go.mod h1:vdSG9JhOhOLYjE4j14fx6sJvLJNFVf9o6rSyB5GkU4s= +github.com/gofiber/fiber/v2 v2.41.0 h1:YhNoUS/OTjEz+/WLYuQ01xI7RXgKEFnGBKMagAu5f0M= +github.com/gofiber/fiber/v2 v2.41.0/go.mod h1:RdebcCuCRFp4W6hr3968/XxwJVg0K+jr9/Ae0PFzZ0Q= +github.com/gofiber/helmet/v2 v2.2.23 h1:hEastMbezQwbqJgSIFvgtx/lmb51bqi6T6GW/SBhiwo= +github.com/gofiber/helmet/v2 v2.2.23/go.mod h1:wqmrFiOYWkoOXtsf4OOdNVUABkjCvwJi9AU8xa/7SAA= +github.com/gofiber/template v1.7.4 h1:3K86NpBhDOBAhk6keecxNwqSgALqaHlUIhNItR96N2Y= +github.com/gofiber/template v1.7.4/go.mod h1:rePzgcCYbLaUvaaU7XeAOOg3c0Sif4vRVw3TFjLabxY= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -207,7 +205,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -307,8 +304,9 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-slim v0.0.0-20200618151855-bde33eecb5ee/go.mod h1:ma9TUJeni8LGZMJvOwbAv/FOwiwqIMQN570LnpqCBSM= @@ -415,8 +413,9 @@ github.com/urfave/cli/v2 v2.23.7 h1:YHDQ46s3VghFHFf1DdF+Sh7H4RqhcM+t0TmZRJx4oJY= github.com/urfave/cli/v2 v2.23.7/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.41.0 h1:zeR0Z1my1wDHTRiamBCXVglQdbUwgb9uWG3k1HQz6jY= -github.com/valyala/fasthttp v1.41.0/go.mod h1:f6VbjjoI3z1NDOZOv17o6RvtRSWxC77seBFc2uWtgiY= +github.com/valyala/fasthttp v1.43.0/go.mod h1:f6VbjjoI3z1NDOZOv17o6RvtRSWxC77seBFc2uWtgiY= +github.com/valyala/fasthttp v1.44.0 h1:R+gLUhldIsfg1HokMuQjdQ5bh9nuXHPIfvkYUu9eR5Q= +github.com/valyala/fasthttp v1.44.0/go.mod h1:f6VbjjoI3z1NDOZOv17o6RvtRSWxC77seBFc2uWtgiY= github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8= github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= @@ -428,7 +427,6 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= @@ -453,7 +451,6 @@ golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -494,7 +491,6 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -542,7 +538,6 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -573,8 +568,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -648,8 +641,6 @@ golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab h1:2QkjZIsXupsJbJIdSjjUOgWK3aEtzyuh2mPt3l/CkeU= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -664,8 +655,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -724,7 +715,6 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/http.go b/http.go index ae58d45..bc77c2a 100644 --- a/http.go +++ b/http.go @@ -22,7 +22,7 @@ var templates embed.FS //go:embed static/* var static embed.FS -func newHTTPServer(config *config, challengeStorage *challengeStorage, aclStorage *aclStorage) *fiber.App { +func newHTTPServer(config *config) *fiber.App { engine := html.NewFileSystem(http.FS(templates), ".html") engine.Delims("[[", "]]") engine.AddFunc( @@ -40,6 +40,7 @@ func newHTTPServer(config *config, challengeStorage *challengeStorage, aclStorag DisableStartupMessage: true, Prefork: false, Views: engine, + BodyLimit: 1024 * 1024 * 4, ErrorHandler: func(c *fiber.Ctx, err error) error { code := fiber.StatusInternalServerError if e, ok := err.(*fiber.Error); ok { @@ -101,8 +102,9 @@ func newHTTPServer(config *config, challengeStorage *challengeStorage, aclStorag return fiber.NewError(misconfigureStatus, "Configuration failed: "+configError.Error()) } - success := checkAuth(c, config, aclStorage, true) + success := checkAuth(c, config, true) if success { + c.Status(200) return c.JSON("Authorized") } @@ -117,11 +119,6 @@ func newHTTPServer(config *config, challengeStorage *challengeStorage, aclStorag return fiber.NewError(misconfigureStatus, "Configuration failed: "+configError.Error()) } - success := checkAuth(c, config, aclStorage, false) - if success { - return c.Redirect(getProtectedPath(c)) - } - return httpChallenge(c, config) }) @@ -140,7 +137,7 @@ func newHTTPServer(config *config, challengeStorage *challengeStorage, aclStorag return fiber.NewError(misconfigureStatus, "Configuration failed: "+configError.Error()) } - return httpChallengePost(c, config, challengeStorage) + return httpChallengePost(c, config) }) // static serve diff --git a/http_auth.go b/http_auth.go index 25209a8..0838e88 100644 --- a/http_auth.go +++ b/http_auth.go @@ -1,6 +1,8 @@ package main import ( + "fmt" + "github.com/gofiber/fiber/v2" "github.com/prometheus/client_golang/prometheus" ) @@ -19,7 +21,6 @@ func failedResponse(config *config, ip string, realCheck bool) bool { func successResponse( config *config, - aclStorage *aclStorage, clientPersistChecksum string, aclRule string, value string, @@ -40,27 +41,15 @@ func successResponse( Str(logPropertyUsername, username). Send() - aclStorage.add(clientPersistChecksum, aclRule, value, username, minMaxDefault64(ttl, 60, 600)) } return true } -func checkAuth(c *fiber.Ctx, config *config, aclStorage *aclStorage, realCheck bool) bool { +func checkAuth(c *fiber.Ctx, config *config, realCheck bool) bool { ttl := getConfigTTLSeconds(c) persistChecksum := c.Locals(localVarClientPersistChecksum).(string) ip := c.Locals(localVarIP).(string) - storageItem := aclStorage.exist(persistChecksum) - if storageItem != nil { - defer config.getLogger(). - Info(). - Str(logType, logTypeAuthCache). - Str(logPropertyIP, ip). - Str(logPropertyUsername, storageItem.userName). - Send() - return successResponse(config, aclStorage, persistChecksum, storageItem.rule, storageItem.name, storageItem.userName, ttl, ip, realCheck) - } - defer config.getLogger(). Info(). Str(logType, logTypeAuthCheck). @@ -70,33 +59,34 @@ func checkAuth(c *fiber.Ctx, config *config, aclStorage *aclStorage, realCheck b // api keys success, apiClientName := aclCheckAPIKeys(c) if success { - return successResponse(config, aclStorage, persistChecksum, aclRuleAPI, apiClientName, "", ttl, ip, realCheck) + return successResponse(config, persistChecksum, aclRuleAPI, apiClientName, "", ttl, ip, realCheck) } // country success, countryCode := aclCheckCountries(c) if success { - return successResponse(config, aclStorage, persistChecksum, aclRuleCountry, countryCode, "", ttl, ip, realCheck) + return successResponse(config, persistChecksum, aclRuleCountry, countryCode, "", ttl, ip, realCheck) } // cidr success, cidr := aclCheckCIDRs(c) if success { - return successResponse(config, aclStorage, persistChecksum, aclRuleCIDR, cidr, "", ttl, ip, realCheck) + return successResponse(config, persistChecksum, aclRuleCIDR, cidr, "", ttl, ip, realCheck) } // asn success, asn := aclCheckASNs(c) if success { - return successResponse(config, aclStorage, persistChecksum, aclRuleASN, asn, "", ttl, ip, realCheck) + return successResponse(config, persistChecksum, aclRuleASN, asn, "", ttl, ip, realCheck) } // cookie check cookieVar := c.Cookies(c.Get(httpRequestHeaderConfigCookie, defaultCookieName), "") if cookieVar != "" { + fmt.Println(cookieVar) cookieToken, cookieErr := newPersistTokenFromString(cookieVar, config.tokenSecret) if cookieErr == nil { - return successResponse(config, aclStorage, persistChecksum, aclRuleChallenge, cookieToken.Type, cookieToken.Username, ttl, ip, realCheck) + return successResponse(config, persistChecksum, aclRuleChallenge, cookieToken.Type, cookieToken.Username, ttl, ip, realCheck) } } diff --git a/http_challenge_post.go b/http_challenge_post.go index cefaedf..89823ad 100644 --- a/http_challenge_post.go +++ b/http_challenge_post.go @@ -7,7 +7,7 @@ import ( "github.com/gofiber/fiber/v2" ) -func httpChallengePost(c *fiber.Ctx, config *config, challengeStorage *challengeStorage) error { +func httpChallengePost(c *fiber.Ctx, config *config) error { ip := c.Locals(localVarIP).(string) requestID := c.Locals(localVarRequestID).(string) temporaryChecksum := c.Locals(localVarClientTemporaryChecksum).(string) @@ -43,20 +43,6 @@ func httpChallengePost(c *fiber.Ctx, config *config, challengeStorage *challenge return errors.New(errorMessage) } - if challengeStorage.exist(challenge.ID) { - errorMessage := "duplicate try for solve" - - defer config.getLogger(). - Warn(). - Str(logPropertyChallengeType, challenge.ChallengeType). - Str(logType, logTypeChallengeFailed). - Str(logPropertyIP, ip). - Str(logPropertyRequestID, requestID). - Msg(errorMessage) - - return errors.New(errorMessage) - } - if !challenge.verify(temporaryChecksum) { errorMessage := "token invalid, timeout or expired" @@ -71,8 +57,6 @@ func httpChallengePost(c *fiber.Ctx, config *config, challengeStorage *challenge return errors.New(errorMessage) } - challengeStorage.set(challenge.ID, challenge.TTL) - valid := false var ldapCookie *fiber.Cookie = nil diff --git a/http_test.go b/http_test.go index e44988c..20fa66a 100644 --- a/http_test.go +++ b/http_test.go @@ -17,14 +17,12 @@ func TestHTTPTest01(t *testing.T) { tokenSecret := aesGo.GenerateKey() clientSecret := aesGo.GenerateKey() config := newConfig("fatal", false, "en", "en,fa", tokenSecret, clientSecret, "/.well-known/protection", "", "", "") - challengeStorage := newChallengeStorage() - aclStorage := newACLStorage() clientPersistChecksum := aesGo.GenerateKey() clientTemporaryChecksum := aesGo.GenerateKey() ip := "1.1.1.1" // http server - httpApp := newHTTPServer(config, challengeStorage, aclStorage) + httpApp := newHTTPServer(config) // misconfigure: X-Forwarded-For req00 := httptest.NewRequest("GET", "/.well-known/protection/challenge", nil) @@ -107,14 +105,13 @@ func TestHTTPTest02(t *testing.T) { tokenSecret := aesGo.GenerateKey() clientSecret := aesGo.GenerateKey() config := newConfig("fatal", false, "en", "en,fa", tokenSecret, clientSecret, "/.well-known/protection", "", "", "") - challengeStorage := newChallengeStorage() - aclStorage := newACLStorage() + clientPersistChecksum := aesGo.GenerateKey() clientTemporaryChecksum := aesGo.GenerateKey() ip := "1.1.1.1" // http server - httpApp := newHTTPServer(config, challengeStorage, aclStorage) + httpApp := newHTTPServer(config) // cidr req1 := httptest.NewRequest("GET", "/.well-known/protection/auth", nil) @@ -198,14 +195,13 @@ func TestHTTPTest03(t *testing.T) { tokenSecret := aesGo.GenerateKey() clientSecret := aesGo.GenerateKey() config := newConfig("fatal", false, "en", "en,fa", tokenSecret, clientSecret, "/.well-known/protection", "", "", "") - challengeStorage := newChallengeStorage() - aclStorage := newACLStorage() + clientPersistChecksum := aesGo.GenerateKey() clientTemporaryChecksum := aesGo.GenerateKey() ip := "1.1.1.1, aa , 8.8.8.8" // http server - httpApp := newHTTPServer(config, challengeStorage, aclStorage) + httpApp := newHTTPServer(config) // block req1 := httptest.NewRequest("GET", "/.well-known/protection/challenge", nil) @@ -297,14 +293,13 @@ func TestHTTPTest04(t *testing.T) { tokenSecret := aesGo.GenerateKey() clientSecret := aesGo.GenerateKey() config := newConfig("fatal", false, "en", "en,fa", tokenSecret, clientSecret, "/.well-known/protection", "", "", "") - challengeStorage := newChallengeStorage() - aclStorage := newACLStorage() + clientPersistChecksum := aesGo.GenerateKey() clientTemporaryChecksum := aesGo.GenerateKey() ip := "1.1.1.1, aa , 8.8.8.8" // http server - httpApp := newHTTPServer(config, challengeStorage, aclStorage) + httpApp := newHTTPServer(config) // js req2 := httptest.NewRequest("GET", "/.well-known/protection/challenge", nil) @@ -376,34 +371,3 @@ func TestHTTPTest04(t *testing.T) { t.Errorf("must authorized country") } } - -func BenchmarkACLStorageOnHTTP(b *testing.B) { - // variables - tokenSecret := aesGo.GenerateKey() - clientSecret := aesGo.GenerateKey() - clientPersistChecksum := aesGo.GenerateKey() - clientTemporaryChecksum := aesGo.GenerateKey() - config := newConfig("fatal", false, "en", "en,fa", tokenSecret, clientSecret, "/.well-known/protection", "", "", "") - challengeStorage := newChallengeStorage() - aclStorage := newACLStorage() - ip := "192.168.1.1" - - // http server - httpApp := newHTTPServer(config, challengeStorage, aclStorage) - - for i := 0; i < b.N; i++ { - // asn ranges - req := httptest.NewRequest("GET", "/.well-known/protection/auth", nil) - req.Header.Set("X-Forwarded-For", ip) - req.Header.Set(httpRequestHeaderRequestID, aesGo.GenerateKey()) - req.Header.Set(httpRequestHeaderClientPersistChecksum, clientPersistChecksum) - req.Header.Set(httpRequestHeaderClientTemporaryChecksum, clientTemporaryChecksum) - req.Header.Set(httpRequestHeaderConfigChallenge, challengeTypeBlock) - req.Header.Set(httpRequestHeaderClientASNNumber, "1000") - req.Header.Set(httpRequestHeaderACLASNRanges, "10-100,1000-1100") - resp, _ := httpApp.Test(req) - if resp.StatusCode != 200 { - b.Error("must valid") - } - } -} diff --git a/locale.go b/locale.go index d40ce05..b49f40a 100644 --- a/locale.go +++ b/locale.go @@ -2,7 +2,6 @@ package main import ( "embed" - "io/ioutil" "os" "golang.org/x/text/language" @@ -24,7 +23,7 @@ func isFileLocaleExist(path, lang string) bool { } func loadFileLocale(path, lang string) map[string]string { - file, err := ioutil.ReadFile(path + "/" + lang + ".yml") + file, err := os.ReadFile(path + "/" + lang + ".yml") if err != nil { panic(err) } diff --git a/locale/en.yml b/locale/en.yml index 6a091ea..b5bb7bd 100644 --- a/locale/en.yml +++ b/locale/en.yml @@ -14,7 +14,7 @@ yourIP: IP yourASN: ISP yourChecksum: Checksum yourNodeID: Node ID -yourTimeAccuracy: Time sync problem? +yourTimeAccuracy: Is your date time synced? yourInformation: Your information validationFailed: Validation process failed. checkYourTimeAccuracy: | diff --git a/locale/fa.yml b/locale/fa.yml index 74d9e69..f1cf5e5 100644 --- a/locale/fa.yml +++ b/locale/fa.yml @@ -18,7 +18,7 @@ yourIP: آی‌پی(IP) yourASN: آی‌اس‌پی(ISP) yourChecksum: Checksum yourNodeID: نقطه اتصال(Node ID) -yourTimeAccuracy: وضعیت دقت زمانی +yourTimeAccuracy: زمان رایانه شما صحیح هست؟ yourInformation: مشخصات شما validationFailed: اعتبار سنجی موفقیت آمیز نبود. checkYourTimeAccuracy: | diff --git a/main.go b/main.go index 5e92875..c91a23a 100644 --- a/main.go +++ b/main.go @@ -65,6 +65,7 @@ func totpCheck(c *cli.Context) error { return err } valid := passCode == c.String("pass") + fmt.Println(passCode) fmt.Println(valid) return nil } @@ -102,9 +103,6 @@ func ldapCheck(c *cli.Context) error { func runServer(c *cli.Context) error { - challengeStorage := newChallengeStorage() - aclStorage := newACLStorage() - config := newConfig( c.String("log-level"), c.Bool("aasaam-web-server"), @@ -118,23 +116,8 @@ func runServer(c *cli.Context) error { c.String("locale-path"), ) - go func() { - for { - challengeStorageCount := challengeStorage.gc() - aclStorageCount := aclStorage.gc() - config.getLogger(). - Debug(). - Str(logType, logTypeApp). - Int("challenge_storage_count", challengeStorageCount). - Int("acl_storage_count", aclStorageCount). - Send() - - time.Sleep(time.Second * 10) - } - }() - loadLocales(config) - app := newHTTPServer(config, challengeStorage, aclStorage) + app := newHTTPServer(config) return app.Listen(c.String("listen")) } diff --git a/templates/captcha.html b/templates/captcha.html index e86e507..de76e19 100644 --- a/templates/captcha.html +++ b/templates/captcha.html @@ -59,14 +59,12 @@ name="captcha" dir="ltr" required - min="10000" - max="9999999" data-ng-model="formData.captchaValue" data-ng-keypress="($event.charCode === 13 ) ? solve($event) : return" - inputmode="numeric" class="input is-large" data-ng-class="{'is-danger': main.captcha.$touched && main.captcha.$invalid, 'is-success': main.captcha.$touched && main.captcha.$valid }" - type="number" + type="text" + pattern="[0-9]{5,7}" placeholder="[[ .i18n.captchaLabel ]]" title="[[ .i18n.captchaLabel ]]" /> diff --git a/templates/ldap.html b/templates/ldap.html index 20d97bc..caf5f65 100644 --- a/templates/ldap.html +++ b/templates/ldap.html @@ -95,14 +95,13 @@ name="captcha" dir="ltr" required - min="10000" - max="9999999" data-ng-model="formData.captchaValue" data-ng-keypress="($event.charCode === 13 ) ? solve($event) : return" inputmode="numeric" class="input is-large" data-ng-class="{'is-danger': main.captcha.$touched && main.captcha.$invalid, 'is-success': main.captcha.$touched && main.captcha.$valid }" - type="number" + type="text" + pattern="[0-9]{5,7}" placeholder="[[ .i18n.captchaLabel ]]" title="[[ .i18n.captchaLabel ]]" /> diff --git a/templates/totp.html b/templates/totp.html index 19f3e64..dbfe483 100644 --- a/templates/totp.html +++ b/templates/totp.html @@ -55,14 +55,12 @@ name="totp" dir="ltr" required - min="100000" - max="999999" data-ng-model="formData.totpValue" data-ng-keypress="($event.charCode === 13 ) ? solve($event) : return" - inputmode="numeric" class="input is-large" data-ng-class="{'is-danger': main.totp.$touched && main.totp.$invalid, 'is-success': main.totp.$touched && main.totp.$valid }" - type="number" + type="text" + pattern="[0-9]{6}" placeholder="[[ .i18n.totpLabel ]]" title="[[ .i18n.totpLabel ]]" /> diff --git a/test/nginx-dev.conf b/test/nginx-dev.conf index 254eb65..078f2bb 100644 --- a/test/nginx-dev.conf +++ b/test/nginx-dev.conf @@ -23,7 +23,7 @@ http { listen 10090; location / { - add_header 'Content-Type' 'text/plain'; + add_header 'content-type' 'text/plain' always; return 200 'upstream sample'; } } @@ -62,7 +62,7 @@ http { set $protection_config_brandicon $arg_config_brandicon; } - set $protection_config_challenge 'ldap'; + set $protection_config_challenge 'totp'; if ($cookie_challenge) { set $protection_config_challenge $cookie_challenge; } @@ -99,7 +99,7 @@ http { location / { auth_request /.well-known/protection/auth; # add_header "X-Protection-ACL" $auth_resp_x_protection_acl always; - # add_header "Content-Type" 'text/plain' always; + add_header "Content-Type" 'text/plain' always; proxy_pass http://127.0.0.1:10090; # return 200 $auth_resp_x_protection_acl; } @@ -121,7 +121,7 @@ http { proxy_set_header X-Protection-Config-Challenge $protection_config_challenge; proxy_set_header X-Protection-Config-Lang $protection_config_lang; proxy_set_header X-Protection-Config-Supported-Languages 'de,ar'; - proxy_set_header X-Protection-Config-TOTP-Secret '3WSEAHOMKLDH3DDV'; + proxy_set_header X-Protection-Config-TOTP-Secret 'O55EKMMUNCEJIIP7'; proxy_set_header X-Protection-Config-Organization-Brand-Icon $protection_config_brandicon; proxy_set_header X-Protection-Config-Support-Email 'support@$host'; proxy_set_header X-Protection-Config-Support-Tel '+982100000000'; @@ -162,7 +162,7 @@ http { proxy_set_header X-Protection-Config-Challenge $protection_config_challenge; proxy_set_header X-Protection-Config-Lang $protection_config_lang; proxy_set_header X-Protection-Config-Supported-Languages 'en,fa'; - proxy_set_header X-Protection-Config-TOTP-Secret '3WSEAHOMKLDH3DDV'; + proxy_set_header X-Protection-Config-TOTP-Secret 'O55EKMMUNCEJIIP7'; proxy_set_header X-Protection-Config-Captcha-Difficulty 'easy'; proxy_set_header X-Protection-Config-Organization-Brand-Icon $protection_config_brandicon; proxy_set_header X-Protection-Config-Support-Email 'support@$host'; diff --git a/web/js/app/app.js b/web/js/app/app.js index 7582e9b..0aa9397 100644 --- a/web/js/app/app.js +++ b/web/js/app/app.js @@ -176,10 +176,15 @@ }; // challengePOST + $rootScope.challengePOSTCalled = false; $rootScope.challengePOST = function challengePOST( dataObject, errorCallback, ) { + if ($rootScope.challengePOSTCalled) { + return; + } + $rootScope.challengePOSTCalled = true; $http({ url: window.config.baseURL + '/challenge', method: 'POST', diff --git a/web/package.json b/web/package.json index bcdb23d..3e3e6a9 100644 --- a/web/package.json +++ b/web/package.json @@ -31,7 +31,7 @@ "eslint-plugin-prettier": "^4", "eslint-plugin-react": "^7", "eslint-plugin-sonarjs": "^0", - "node-sass": "^7", + "node-sass": "^8", "prettier": "^2", "strip-comments": "^2", "uglify-js": "^3"