distraction.party/lib/pleroma/captcha/captcha.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Captcha do
  alias Calendar.DateTime
  alias Plug.Crypto.KeyGenerator
  alias Plug.Crypto.MessageEncryptor

  use GenServer

  @doc false
  def start_link do
    GenServer.start_link(__MODULE__, [], name: __MODULE__)
  end

  @doc false
  def init(_) do
    {:ok, nil}
  end

  @doc """
  Ask the configured captcha service for a new captcha
  """
  def new do
    GenServer.call(__MODULE__, :new)
  end

  @doc """
  Ask the configured captcha service to validate the captcha
  """
  def validate(token, captcha, answer_data) do
    GenServer.call(__MODULE__, {:validate, token, captcha, answer_data})
  end

  @doc false
  def handle_call(:new, _from, state) do
    enabled = Pleroma.Config.get([__MODULE__, :enabled])

    if !enabled do
      {:reply, %{type: :none}, state}
    else
      new_captcha = method().new()

      secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])

      # This make salt a little different for two keys
      token = new_captcha[:token]
      secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")
      sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")
      # Basicallty copy what Phoenix.Token does here, add the time to
      # the actual data and make it a binary to then encrypt it
      encrypted_captcha_answer =
        %{
          at: DateTime.now_utc(),
          answer_data: new_captcha[:answer_data]
        }
        |> :erlang.term_to_binary()
        |> MessageEncryptor.encrypt(secret, sign_secret)

      {
        :reply,
        # Repalce the answer with the encrypted answer
        %{new_captcha | answer_data: encrypted_captcha_answer},
        state
      }
    end
  end

  @doc false
  def handle_call({:validate, token, captcha, answer_data}, _from, state) do
    secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])
    secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")
    sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")

    # If the time found is less than (current_time-seconds_valid) then the time has already passed
    # Later we check that the time found is more than the presumed invalidatation time, that means
    # that the data is still valid and the captcha can be checked
    seconds_valid = Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid])
    valid_if_after = DateTime.subtract!(DateTime.now_utc(), seconds_valid)

    result =
      with {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
           %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
        try do
          if DateTime.before?(at, valid_if_after), do: throw({:error, "CAPTCHA expired"})

          if not is_nil(Cachex.get!(:used_captcha_cache, token)),
            do: throw({:error, "CAPTCHA already used"})

          res = method().validate(token, captcha, answer_md5)
          # Throw if an error occurs
          if res != :ok, do: throw(res)

          # Mark this captcha as used
          {:ok, _} =
            Cachex.put(:used_captcha_cache, token, true, ttl: :timer.seconds(seconds_valid))

          :ok
        catch
          :throw, e -> e
        end
      else
        _ -> {:error, "Invalid answer data"}
      end

    {:reply, result, state}
  end

  defp method, do: Pleroma.Config.get!([__MODULE__, :method])
end
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# Pleroma: A lightweight social networking server`
update copyright years to 2019 2018-12-31 15:41:47 +00:00			`# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`defmodule Pleroma.Captcha do`
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 19:39:08 +00:00			`alias Calendar.DateTime`
de-group alias/es 2019-02-09 15:16:26 +00:00			`alias Plug.Crypto.KeyGenerator`
			`alias Plug.Crypto.MessageEncryptor`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00
			`use GenServer`

			`@doc false`
[Credo] Remove parentesis on argument-less functions 2019-03-05 03:18:43 +00:00			`def start_link do`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`GenServer.start_link(__MODULE__, [], name: __MODULE__)`
			`end`

			`@doc false`
			`def init(_) do`
			`{:ok, nil}`
			`end`

			`@doc """`
			`Ask the configured captcha service for a new captcha`
			`"""`
[Credo] Remove parentesis on argument-less functions 2019-03-05 03:18:43 +00:00			`def new do`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`GenServer.call(__MODULE__, :new)`
			`end`

			`@doc """`
			`Ask the configured captcha service to validate the captcha`
			`"""`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`def validate(token, captcha, answer_data) do`
			`GenServer.call(__MODULE__, {:validate, token, captcha, answer_data})`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`end`

			`@doc false`
			`def handle_call(:new, _from, state) do`
			`enabled = Pleroma.Config.get([__MODULE__, :enabled])`

			`if !enabled do`
			`{:reply, %{type: :none}, state}`
			`else`
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 19:39:08 +00:00			`new_captcha = method().new()`

			`secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])`

			`# This make salt a little different for two keys`
			`token = new_captcha[:token]`
			`secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")`
			`sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")`
			`# Basicallty copy what Phoenix.Token does here, add the time to`
			`# the actual data and make it a binary to then encrypt it`
			`encrypted_captcha_answer =`
			`%{`
			`at: DateTime.now_utc(),`
			`answer_data: new_captcha[:answer_data]`
			`}`
			`\|> :erlang.term_to_binary()`
			`\|> MessageEncryptor.encrypt(secret, sign_secret)`

			`{`
			`:reply,`
			`# Repalce the answer with the encrypted answer`
			`%{new_captcha \| answer_data: encrypted_captcha_answer},`
			`state`
			`}`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`end`
			`end`

			`@doc false`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`def handle_call({:validate, token, captcha, answer_data}, _from, state) do`
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 19:39:08 +00:00			`secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])`
			`secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")`
			`sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00
[Credo] fix Credo.Check.Readability.MaxLineLength 2019-03-05 04:37:33 +00:00			`# If the time found is less than (current_time-seconds_valid) then the time has already passed`
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 19:39:08 +00:00			`# Later we check that the time found is more than the presumed invalidatation time, that means`
			`# that the data is still valid and the captcha can be checked`
			`seconds_valid = Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid])`
			`valid_if_after = DateTime.subtract!(DateTime.now_utc(), seconds_valid)`

			`result =`
			`with {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),`
			`%{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do`
Up captcha timer to 60 secs again, save used captchas in cachex 2018-12-26 21:12:20 +00:00			`try do`
			`if DateTime.before?(at, valid_if_after), do: throw({:error, "CAPTCHA expired"})`

			`if not is_nil(Cachex.get!(:used_captcha_cache, token)),`
			`do: throw({:error, "CAPTCHA already used"})`

			`res = method().validate(token, captcha, answer_md5)`
			`# Throw if an error occurs`
			`if res != :ok, do: throw(res)`

			`# Mark this captcha as used`
			`{:ok, _} =`
			`Cachex.put(:used_captcha_cache, token, true, ttl: :timer.seconds(seconds_valid))`
Clean captchas up periodically, not schedule it after theyre created 2018-12-16 20:41:11 +00:00
Up captcha timer to 60 secs again, save used captchas in cachex 2018-12-26 21:12:20 +00:00			`:ok`
			`catch`
			`:throw, e -> e`
			`end`
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 19:39:08 +00:00			`else`
			`_ -> {:error, "Invalid answer data"}`
			`end`
Add a configurable auto-cleanup for captchas 2018-12-16 19:04:43 +00:00
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 19:39:08 +00:00			`{:reply, result, state}`
Add a configurable auto-cleanup for captchas 2018-12-16 19:04:43 +00:00			`end`

Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`defp method, do: Pleroma.Config.get!([__MODULE__, :method])`
			`end`