add brute-force protection
This commit is contained in:
parent
25a3addc1f
commit
05c6c42070
|
@ -8,5 +8,7 @@ config = {
|
|||
['ttl'] = 60 * 60 * 24 * 7 * 8, -- s m h d w factor Time To Life (while alive)
|
||||
['ttrd'] = 60 * 60 * 24 * 365, -- s m h d y Time To Real Death (while in graveyard)
|
||||
['ruttl'] = 60 * 60 * 24 * 7, -- s m h d Random time added to Time To Life (after used) (will be randomized)
|
||||
['lock'] = 20, -- allowed requests per time
|
||||
['lock_time'] = 60, -- sec per allowed request
|
||||
}
|
||||
|
||||
|
|
|
@ -13,6 +13,7 @@ con = env:connect(config.db)
|
|||
assert(con:execute("create table tokens ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttl int );")) -- ttl - time to live
|
||||
assert(con:execute("create table graveyard ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttrd int );")) -- ttrd - time to real death
|
||||
assert(con:execute("create table users ( name text primary key, ntc int );")) -- ntc - new token count
|
||||
assert(con:execute("create table lock (death int, host text);"))
|
||||
|
||||
con:close()
|
||||
env:close()
|
||||
|
|
|
@ -16,9 +16,11 @@ if first == "yes" then
|
|||
|
||||
env = luasql.postgres()
|
||||
con = env:connect(config.db)
|
||||
con:execute("drop table if exists graveyard;")
|
||||
con:execute("drop table if exists tokens;")
|
||||
con:execute("drop table if exists users;")
|
||||
t = "drop table if exists graveyard;" ..
|
||||
"drop table if exists tokens;" ..
|
||||
"drop table if exists users;" ..
|
||||
"drop table if exists lock;"
|
||||
assert(con:execute(t))
|
||||
con:close()
|
||||
env:close()
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
#!/usr/bin/env lua
|
||||
|
||||
require 'luasql.postgres'
|
||||
require 'md5'
|
||||
|
||||
require 'helper'
|
||||
require 'token'
|
||||
require 'config'
|
||||
|
@ -16,29 +18,39 @@ print "Content-Type: text/plain"
|
|||
token = os.getenv("QUERY_STRING")
|
||||
|
||||
env = luasql.postgres()
|
||||
con = env:connect()
|
||||
con = env:connect(config.db)
|
||||
|
||||
if token == nil or token == "" then
|
||||
fail("No token given")
|
||||
fail("No token given")
|
||||
else
|
||||
if token:sub(1, 2) == "t=" then
|
||||
token = token:sub(3)
|
||||
end
|
||||
|
||||
if token:len() == config.key_len then
|
||||
now = os.time()
|
||||
host = md5.sumhexa(os.getenv('REMOTE_ADDR'))
|
||||
clean = "delete from lock where death<" .. now .. ";"
|
||||
check = "select count(*) from lock where host='" .. host .. "';"
|
||||
rn = tonumber(con:execute(clean .. check):fetch())
|
||||
|
||||
if rn < config.lock then
|
||||
con:execute("insert into lock (death, host) values(" .. (now + config.lock_time) .. ", '".. host .."');")
|
||||
print ""
|
||||
b = check_token(con, token)
|
||||
token = set_prefix(token,generate_token())
|
||||
if b ~= false then
|
||||
add_token(con, token)
|
||||
qspawn("lua door.lua")
|
||||
end
|
||||
print(token)
|
||||
else
|
||||
fail("Stop bruteforcing, this box is too slow")
|
||||
end
|
||||
else
|
||||
if token:sub(1, 2) == "t=" then
|
||||
token = token:sub(3)
|
||||
end
|
||||
|
||||
if token:len() == config.key_len then
|
||||
print ""
|
||||
b = check_token(con, token)
|
||||
token = set_prefix(token,generate_token())
|
||||
if b ~= false then
|
||||
add_token(con, token)
|
||||
qspawn("lua door.lua")
|
||||
end
|
||||
print(token)
|
||||
else
|
||||
fail("Invalid token")
|
||||
end
|
||||
|
||||
fail("Invalid token")
|
||||
end
|
||||
end
|
||||
|
||||
con:fickdochclose()
|
||||
env:sollichsnochmalsagen?close()
|
||||
con:close()
|
||||
env:close()
|
||||
|
|
|
@ -22,7 +22,7 @@ function add_token(con, token) -- add token to the database
|
|||
local gravedigger = "insert into graveyard (prefix, token, ttrd) select prefix, token, ttl+"..config.ttrd.." from tokens where ttl<"..now..";"
|
||||
local clean = "delete from tokens where ttl<"..now..";"
|
||||
local dig = "delete from graveyard where ttrd<"..now..";"
|
||||
assert(con:execute(gravedigger .. clean .. dig .. update .. insert .. update .. insert))
|
||||
con:execute(gravedigger .. clean .. dig .. update .. insert .. update .. insert)
|
||||
end
|
||||
|
||||
function check_token(con, token) -- checks if the token is valid
|
||||
|
|
Loading…
Reference in New Issue