simon987/ngx_http_js_challenge_module
1
0
Fork 0
mirror of https://github.com/simon987/ngx_http_js_challenge_module.git synced 2025-04-04 06:52:58 +00:00
Code Issues Projects Releases Wiki Activity
ngx_http_js_challenge_module/ngx_http_js_challenge.c

267 lines
8.0 KiB
C
Raw Blame History

#include <stdio.h>
#include "ngx_http.c"
static ngx_int_t ngx_http_js_challenge(ngx_conf_t *cf);
static char *setup1(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
static ngx_int_t ngx_http_js_challenge_handler(ngx_http_request_t *r);
static ngx_command_t ngx_http_js_challenge_commands[] = {
{ngx_string("hello_world"),
// NGX_CONF_TAKE1, for 1 arg etc
// NGX_CONF_FLAG for boolean
NGX_HTTP_LOC_CONF | NGX_HTTP_SRV_CONF | NGX_CONF_NOARGS,
setup1, /* configuration setup function */
0, /* No offset. Only one context is supported. */
0, /* No offset when storing the module configuration on struct. */
NULL},
ngx_null_command
};
/**
* Module context
*/
static ngx_http_module_t ngx_http_js_challenge_module_ctx = {
NULL, /* preconfiguration */
ngx_http_js_challenge, /* postconfiguration */
NULL, /* create main configuration */
NULL, /* init main configuration */
NULL, /* create server configuration */
NULL, /* merge server configuration */
//todo
NULL, /* create location configuration */
NULL /* merge location configuration */
};
/* Module definition. */
ngx_module_t ngx_http_js_challenge_module = {
NGX_MODULE_V1,
&ngx_http_js_challenge_module_ctx, /* module context */
ngx_http_js_challenge_commands, /* module directives */
NGX_HTTP_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
__always_inline
static void buf2hex(const unsigned char *buf, size_t buflen, char *hex_string) {
static const char hexdig[] = "0123456789ABCDEF";
const unsigned char *p;
size_t i;
char *s = hex_string;
for (i = 0, p = buf; i < buflen; i++, p++) {
*s++ = hexdig[(*p >> 4) & 0x0f];
*s++ = hexdig[*p & 0x0f];
}
}
#define SHA1_MD_LEN 20
#define SHA1_STR_LEN 40
const int JS_SOLVER_CHALLENGE_OFFSET = 84 + 8 + 13;
//static const u_char JS_SOLVER[] = "Hello, workd";
static const u_char JS_SOLVER[] =
"<script src='https://cdn.jsdelivr.net/gh/emn178/js-sha1/build/sha1.min.js'></script>"
"<script>"
" let c = '0000000000000000000000000000000000000000';"
" let i = 0;"
" let n1 = parseInt('0x' + c[0]);"
" while (true) {"
" let s = sha1.array(c + i);"
" if (s[n1] === 0xB0 && s[n1 + 1] === 0x0B && (s[n1 + 2] & 0xF0) === 0x50) {"
" document.cookie = 'res=' + c + i + ';';"
" window.location.reload();"
" break;"
" }"
" i++;"
" }"
"</script>Hello";
int serve_challenge(ngx_http_request_t *r, const char *challenge) {
ngx_buf_t *b = ngx_pcalloc(r->pool, sizeof(ngx_buf_t));
ngx_chain_t out;
unsigned char buf[9000];
memcpy(buf, JS_SOLVER, sizeof(JS_SOLVER));
memcpy(buf + JS_SOLVER_CHALLENGE_OFFSET, challenge, SHA1_STR_LEN);
out.buf = b;
out.next = NULL;
// TODO: is that stack buffer gonna cause problems?
b->pos = buf;
b->last = buf + sizeof(JS_SOLVER) - 1;
b->memory = 1;
b->last_buf = 1;
r->headers_out.status = NGX_HTTP_OK;
r->headers_out.content_length_n = sizeof(JS_SOLVER) - 1;
ngx_http_send_header(r);
return ngx_http_output_filter(r, &out);
}
/**
* @param bucket
* @param addr
* @param secret
* @param out 40 bytes long string!
*/
void get_challenge_string(int32_t bucket, ngx_str_t addr, const char *secret, char *out) {
char buf[4096];
unsigned char md[SHA1_MD_LEN];
/*
* Challenge= hex( SHA1( concat(bucket, addr, secret) ) )
*/
*((int32_t *) buf) = bucket;
memcpy((buf + sizeof(int32_t)), addr.data, addr.len);
memcpy((buf + sizeof(int32_t) + addr.len), secret, strlen(secret));
SHA1((unsigned char *) buf, (size_t) (sizeof(int32_t) + addr.len + strlen(secret)), md);
buf2hex(md, SHA1_MD_LEN, out);
}
int verify_response(int32_t bucket, ngx_str_t addr, const char *secret, ngx_str_t response, char *challenge) {
/*
* Response is valid if it starts by the challenge, and
* its SHA1 hash contains the digits 0xB00B5 at the offset
* of the first digit
*
* e.g.
* challenge = "CC003677C91D53E29F7095FF90C670C69C7C46E7"
* response = "CC003677C91D53E29F7095FF90C670C69C7C46E7635919"
* SHA1(response) = "CCAE6E414FA62F9C2DFC2742B00B5C94A549BAE6"
* ^ offset 24
*/
//todo also check if the response is too large
if (response.len <= SHA1_STR_LEN) {
return -1;
}
if (strncmp(challenge, (char *) response.data, SHA1_STR_LEN) != 0) {
return -1;
}
unsigned char md[SHA1_MD_LEN];
SHA1((unsigned char *) response.data, response.len, md);
unsigned int nibble1 = challenge[0] & 0xF0;
return md[nibble1] == 0 && md[nibble1 + 1] == 0;
}
int get_cookie(ngx_http_request_t *r, ngx_str_t *name, ngx_str_t *value) {
ngx_table_elt_t **h;
h = r->headers_in.cookies.elts;
for (ngx_uint_t i = 0; i < r->headers_in.cookies.nelts; i++) {
u_char *start = h[i]->value.data;
u_char *end = h[i]->value.data + h[i]->value.len;
while (start < end) {
while (start < end && *start == ' ') { start++; }
if (ngx_strncmp(start, name->data, name->len) == 0) {
u_char *last;
for (last = start; last < end && *last != ';'; last++) {}
while (*start++ != '=' && start < last) {}
value->data = start;
value->len = (last - start);
return 0;
}
while (*start++ != ';' && start < end) {}
}
}
return -1;
}
static ngx_int_t ngx_http_js_challenge_handler(ngx_http_request_t *r) {
//TODO: If the bucket is less than 5sec away from the next one, accept both current and latest bucket
//TODO: argument
const char *secret = "my secret";
//TODO: argument
const long bucketSize = 30;
long bucket = r->start_sec - (r->start_sec % bucketSize);
ngx_str_t addr = r->connection->addr_text;
// Use real-ip ?
char challenge[SHA1_STR_LEN];
get_challenge_string(bucket, addr, secret, challenge);
ngx_str_t response;
int ret = get_cookie(r, &((ngx_str_t) ngx_string("res")), &response);
//TODO: remove debug msg
char msg[4096];
sprintf(msg, "TS=%lu BUCKET=%lu SECRET=%s CHALLENGE=%s RET=%d COOKIE=%s",
r->start_sec, bucket, secret, challenge, ret, response.data);
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, msg);
get_challenge_string(bucket, addr, secret, challenge);
if (ret == NGX_DECLINED || verify_response(bucket, addr, secret, response, challenge) != 0) {
//Serve challenge
return serve_challenge(r, challenge);
}
return NGX_DECLINED;
}
//ngx_conf_set_flag_slot: translates "on" or "off" to 1 or 0
//ngx_conf_set_str_slot: saves a string as an ngx_str_t
//ngx_conf_set_num_slot: parses a number and saves it to an int
//ngx_conf_set_size_slot: parses a data size ("8k", "1m", etc.) and saves it to a size_t
static char *setup1(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
// ngx_http_core_loc_conf_t *clcf; /* pointer to core location configuration */
// clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
// clcf->handler = ngx_http_js_challenge_handler;
return NGX_CONF_OK;
}
static ngx_int_t ngx_http_js_challenge(ngx_conf_t *cf) {
ngx_http_handler_pt *h;
ngx_http_core_main_conf_t *cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
h = ngx_array_push(&cmcf->phases[NGX_HTTP_CONTENT_PHASE].handlers);
if (h == NULL) {
ngx_log_error(NGX_LOG_ERR, cf->log, 0, "null");
return NGX_ERROR;
}
*h = ngx_http_js_challenge_handler;
return NGX_OK;
}
Reference in New Issue View Git Blame Copy Permalink