mirror of https://github.com/jlelse/GoBlog
102 lines
2.9 KiB
Go
102 lines
2.9 KiB
Go
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/dchest/captcha"
|
|
"go.goblog.app/app/pkgs/contenttype"
|
|
)
|
|
|
|
const captchaSolvedKey contextKey = "captchaSolved"
|
|
|
|
func (a *goBlog) captchaMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Check if captcha already solved
|
|
if solved, ok := r.Context().Value(captchaSolvedKey).(bool); ok && solved {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
// Check Cookie
|
|
ses, err := a.captchaSessions.Get(r, "c")
|
|
if err == nil && ses != nil {
|
|
if captcha, ok := ses.Values["captcha"]; ok && captcha.(bool) {
|
|
next.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), captchaSolvedKey, true)))
|
|
return
|
|
}
|
|
}
|
|
// Show Captcha
|
|
w.Header().Set("Cache-Control", "no-store,max-age=0")
|
|
h, _ := json.Marshal(r.Header)
|
|
b, _ := io.ReadAll(io.LimitReader(r.Body, 20*1000*1000)) // Only allow 20 MB
|
|
_ = r.Body.Close()
|
|
if len(b) == 0 {
|
|
// Maybe it's a form
|
|
_ = r.ParseForm()
|
|
b = []byte(r.PostForm.Encode())
|
|
}
|
|
a.renderWithStatusCode(w, r, http.StatusUnauthorized, templateCaptcha, &renderData{
|
|
BlogString: r.Context().Value(blogKey).(string),
|
|
Data: map[string]string{
|
|
"captchamethod": r.Method,
|
|
"captchaheaders": base64.StdEncoding.EncodeToString(h),
|
|
"captchabody": base64.StdEncoding.EncodeToString(b),
|
|
"captchaid": captcha.New(),
|
|
},
|
|
})
|
|
})
|
|
}
|
|
|
|
func (a *goBlog) checkIsCaptcha(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
if !a.checkCaptcha(rw, r) {
|
|
next.ServeHTTP(rw, r)
|
|
}
|
|
})
|
|
}
|
|
|
|
func (a *goBlog) checkCaptcha(w http.ResponseWriter, r *http.Request) bool {
|
|
if r.Method != http.MethodPost {
|
|
return false
|
|
}
|
|
if !strings.Contains(r.Header.Get(contentType), contenttype.WWWForm) {
|
|
return false
|
|
}
|
|
if r.FormValue("captchaaction") != "captcha" {
|
|
return false
|
|
}
|
|
// Prepare original request
|
|
captchabody, _ := base64.StdEncoding.DecodeString(r.FormValue("captchabody"))
|
|
req, _ := http.NewRequest(r.FormValue("captchamethod"), r.RequestURI, bytes.NewReader(captchabody))
|
|
// Copy original headers
|
|
captchaheaders, _ := base64.StdEncoding.DecodeString(r.FormValue("captchaheaders"))
|
|
var headers http.Header
|
|
_ = json.Unmarshal(captchaheaders, &headers)
|
|
for k, v := range headers {
|
|
req.Header[k] = v
|
|
}
|
|
// Check captcha and create cookie
|
|
if captcha.VerifyString(r.FormValue("captchaid"), r.FormValue("digits")) {
|
|
ses, err := a.captchaSessions.Get(r, "c")
|
|
if err != nil {
|
|
a.serveError(w, r, err.Error(), http.StatusInternalServerError)
|
|
return true
|
|
}
|
|
ses.Values["captcha"] = true
|
|
err = a.captchaSessions.Save(r, w, ses)
|
|
if err != nil {
|
|
a.serveError(w, r, err.Error(), http.StatusInternalServerError)
|
|
return true
|
|
}
|
|
req = req.WithContext(context.WithValue(req.Context(), captchaSolvedKey, true))
|
|
}
|
|
// Serve original request
|
|
a.d.ServeHTTP(w, req)
|
|
return true
|
|
}
|