add brute-force protection
This commit is contained in:
parent
25a3addc1f
commit
05c6c42070
|
@ -8,5 +8,7 @@ config = {
|
||||||
['ttl'] = 60 * 60 * 24 * 7 * 8, -- s m h d w factor Time To Life (while alive)
|
['ttl'] = 60 * 60 * 24 * 7 * 8, -- s m h d w factor Time To Life (while alive)
|
||||||
['ttrd'] = 60 * 60 * 24 * 365, -- s m h d y Time To Real Death (while in graveyard)
|
['ttrd'] = 60 * 60 * 24 * 365, -- s m h d y Time To Real Death (while in graveyard)
|
||||||
['ruttl'] = 60 * 60 * 24 * 7, -- s m h d Random time added to Time To Life (after used) (will be randomized)
|
['ruttl'] = 60 * 60 * 24 * 7, -- s m h d Random time added to Time To Life (after used) (will be randomized)
|
||||||
|
['lock'] = 20, -- allowed requests per time
|
||||||
|
['lock_time'] = 60, -- sec per allowed request
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ con = env:connect(config.db)
|
||||||
assert(con:execute("create table tokens ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttl int );")) -- ttl - time to live
|
assert(con:execute("create table tokens ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttl int );")) -- ttl - time to live
|
||||||
assert(con:execute("create table graveyard ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttrd int );")) -- ttrd - time to real death
|
assert(con:execute("create table graveyard ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttrd int );")) -- ttrd - time to real death
|
||||||
assert(con:execute("create table users ( name text primary key, ntc int );")) -- ntc - new token count
|
assert(con:execute("create table users ( name text primary key, ntc int );")) -- ntc - new token count
|
||||||
|
assert(con:execute("create table lock (death int, host text);"))
|
||||||
|
|
||||||
con:close()
|
con:close()
|
||||||
env:close()
|
env:close()
|
||||||
|
|
|
@ -16,9 +16,11 @@ if first == "yes" then
|
||||||
|
|
||||||
env = luasql.postgres()
|
env = luasql.postgres()
|
||||||
con = env:connect(config.db)
|
con = env:connect(config.db)
|
||||||
con:execute("drop table if exists graveyard;")
|
t = "drop table if exists graveyard;" ..
|
||||||
con:execute("drop table if exists tokens;")
|
"drop table if exists tokens;" ..
|
||||||
con:execute("drop table if exists users;")
|
"drop table if exists users;" ..
|
||||||
|
"drop table if exists lock;"
|
||||||
|
assert(con:execute(t))
|
||||||
con:close()
|
con:close()
|
||||||
env:close()
|
env:close()
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
#!/usr/bin/env lua
|
#!/usr/bin/env lua
|
||||||
|
|
||||||
require 'luasql.postgres'
|
require 'luasql.postgres'
|
||||||
|
require 'md5'
|
||||||
|
|
||||||
require 'helper'
|
require 'helper'
|
||||||
require 'token'
|
require 'token'
|
||||||
require 'config'
|
require 'config'
|
||||||
|
@ -16,29 +18,39 @@ print "Content-Type: text/plain"
|
||||||
token = os.getenv("QUERY_STRING")
|
token = os.getenv("QUERY_STRING")
|
||||||
|
|
||||||
env = luasql.postgres()
|
env = luasql.postgres()
|
||||||
con = env:connect()
|
con = env:connect(config.db)
|
||||||
|
|
||||||
if token == nil or token == "" then
|
if token == nil or token == "" then
|
||||||
fail("No token given")
|
fail("No token given")
|
||||||
|
else
|
||||||
|
if token:sub(1, 2) == "t=" then
|
||||||
|
token = token:sub(3)
|
||||||
|
end
|
||||||
|
|
||||||
|
if token:len() == config.key_len then
|
||||||
|
now = os.time()
|
||||||
|
host = md5.sumhexa(os.getenv('REMOTE_ADDR'))
|
||||||
|
clean = "delete from lock where death<" .. now .. ";"
|
||||||
|
check = "select count(*) from lock where host='" .. host .. "';"
|
||||||
|
rn = tonumber(con:execute(clean .. check):fetch())
|
||||||
|
|
||||||
|
if rn < config.lock then
|
||||||
|
con:execute("insert into lock (death, host) values(" .. (now + config.lock_time) .. ", '".. host .."');")
|
||||||
|
print ""
|
||||||
|
b = check_token(con, token)
|
||||||
|
token = set_prefix(token,generate_token())
|
||||||
|
if b ~= false then
|
||||||
|
add_token(con, token)
|
||||||
|
qspawn("lua door.lua")
|
||||||
|
end
|
||||||
|
print(token)
|
||||||
|
else
|
||||||
|
fail("Stop bruteforcing, this box is too slow")
|
||||||
|
end
|
||||||
else
|
else
|
||||||
if token:sub(1, 2) == "t=" then
|
fail("Invalid token")
|
||||||
token = token:sub(3)
|
end
|
||||||
end
|
|
||||||
|
|
||||||
if token:len() == config.key_len then
|
|
||||||
print ""
|
|
||||||
b = check_token(con, token)
|
|
||||||
token = set_prefix(token,generate_token())
|
|
||||||
if b ~= false then
|
|
||||||
add_token(con, token)
|
|
||||||
qspawn("lua door.lua")
|
|
||||||
end
|
|
||||||
print(token)
|
|
||||||
else
|
|
||||||
fail("Invalid token")
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
con:fickdochclose()
|
con:close()
|
||||||
env:sollichsnochmalsagen?close()
|
env:close()
|
||||||
|
|
|
@ -22,7 +22,7 @@ function add_token(con, token) -- add token to the database
|
||||||
local gravedigger = "insert into graveyard (prefix, token, ttrd) select prefix, token, ttl+"..config.ttrd.." from tokens where ttl<"..now..";"
|
local gravedigger = "insert into graveyard (prefix, token, ttrd) select prefix, token, ttl+"..config.ttrd.." from tokens where ttl<"..now..";"
|
||||||
local clean = "delete from tokens where ttl<"..now..";"
|
local clean = "delete from tokens where ttl<"..now..";"
|
||||||
local dig = "delete from graveyard where ttrd<"..now..";"
|
local dig = "delete from graveyard where ttrd<"..now..";"
|
||||||
assert(con:execute(gravedigger .. clean .. dig .. update .. insert .. update .. insert))
|
con:execute(gravedigger .. clean .. dig .. update .. insert .. update .. insert)
|
||||||
end
|
end
|
||||||
|
|
||||||
function check_token(con, token) -- checks if the token is valid
|
function check_token(con, token) -- checks if the token is valid
|
||||||
|
|
Loading…
Reference in New Issue