moleflap/door/open.lua

#!/usr/bin/env lua

require 'luasql.postgres'
require 'md5'

require 'helper'
require 'token'
require 'config'

function fail(msg)
    print "Status: 423 Locked"
    print ""
    print("Error: " .. msg)
end

function is_bruteforce(con)
  now = os.time()
  host = md5.sumhexa(os.getenv('REMOTE_ADDR'))
  clean = "delete from lock where death<" .. now .. ";"
  check = "select count(*) from lock where host='" .. host .. "';"
  rn = tonumber(con:execute(clean .. check):fetch())

  if rn < config.lock then
    con:execute("insert into lock (death, host) values(" .. (now + config.lock_time) .. ", '".. host .."');")
    return false
  else
    return true
  end
end

print "Content-Type: text/plain"

token = os.getenv("QUERY_STRING")

env = luasql.postgres()
con = env:connect(config.db)

if token == nil or token == "" then
  fail("No token given")
else
  if token:sub(1, 2) == "t=" then
    token = token:sub(3)
  end

  if token:len() == config.key_len then
    if not is_bruteforce(con) then
      print ""
      b = check_token(con, token)
      token = set_prefix(token,generate_token())
      if b ~= false then
        add_token(con, token)
        qspawn("./openseamless")
      end
      print(token)
    else
      fail("Stop bruteforcing, this box is too slow")
    end
  else
    fail("Invalid token")
  end
end

con:close()
env:close()
alpha code -- first commit 2010-02-25 08:37:50 +01:00			`#!/usr/bin/env lua`

thammis idee 2010-02-26 01:46:20 +01:00			`require 'luasql.postgres'`
add brute-force protection 2010-02-26 02:37:27 +01:00			`require 'md5'`

alpha code -- first commit 2010-02-25 08:37:50 +01:00			`require 'helper'`
			`require 'token'`
			`require 'config'`

			`function fail(msg)`
			`print "Status: 423 Locked"`
			`print ""`
			`print("Error: " .. msg)`
			`end`

little improvements 2010-02-26 03:31:22 +01:00			`function is_bruteforce(con)`
			`now = os.time()`
			`host = md5.sumhexa(os.getenv('REMOTE_ADDR'))`
			`clean = "delete from lock where death<" .. now .. ";"`
			`check = "select count(*) from lock where host='" .. host .. "';"`
			`rn = tonumber(con:execute(clean .. check):fetch())`

			`if rn < config.lock then`
			`con:execute("insert into lock (death, host) values(" .. (now + config.lock_time) .. ", '".. host .."');")`
			`return false`
			`else`
			`return true`
			`end`
			`end`

alpha code -- first commit 2010-02-25 08:37:50 +01:00			`print "Content-Type: text/plain"`

			`token = os.getenv("QUERY_STRING")`

thammis idee 2010-02-26 01:46:20 +01:00			`env = luasql.postgres()`
add brute-force protection 2010-02-26 02:37:27 +01:00			`con = env:connect(config.db)`
thammis idee 2010-02-26 01:46:20 +01:00
alpha code -- first commit 2010-02-25 08:37:50 +01:00			`if token == nil or token == "" then`
add brute-force protection 2010-02-26 02:37:27 +01:00			`fail("No token given")`
			`else`
			`if token:sub(1, 2) == "t=" then`
			`token = token:sub(3)`
			`end`

			`if token:len() == config.key_len then`
little improvements 2010-02-26 03:31:22 +01:00			`if not is_bruteforce(con) then`
add brute-force protection 2010-02-26 02:37:27 +01:00			`print ""`
			`b = check_token(con, token)`
			`token = set_prefix(token,generate_token())`
			`if b ~= false then`
			`add_token(con, token)`
removed waiting from valid token during opening process 2010-03-02 20:44:56 +01:00			`qspawn("./openseamless")`
add brute-force protection 2010-02-26 02:37:27 +01:00			`end`
			`print(token)`
			`else`
			`fail("Stop bruteforcing, this box is too slow")`
alpha code -- first commit 2010-02-25 08:37:50 +01:00			`end`
add brute-force protection 2010-02-26 02:37:27 +01:00			`else`
			`fail("Invalid token")`
			`end`
alpha code -- first commit 2010-02-25 08:37:50 +01:00			`end`
thammis idee 2010-02-26 01:46:20 +01:00
add brute-force protection 2010-02-26 02:37:27 +01:00			`con:close()`
			`env:close()`