akkoma/lib/pleroma/captcha/kocaptcha.ex

defmodule Pleroma.Captcha.Kocaptcha do
  alias Plug.Crypto.KeyGenerator
  alias Plug.Crypto.MessageEncryptor
  alias Calendar.DateTime

  alias Pleroma.Captcha.Service
  @behaviour Service

  @impl Service
  def new() do
    endpoint = Pleroma.Config.get!([__MODULE__, :endpoint])

    case Tesla.get(endpoint <> "/new") do
      {:error, _} ->
        %{error: "Kocaptcha service unavailable"}

      {:ok, res} ->
        json_resp = Poison.decode!(res.body)

        token = json_resp["token"]
        answer_md5 = json_resp["md5"]

        secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])

        # This make salt a little different for two keys
        secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")
        sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")
        # Basicallty copy what Phoenix.Token does here, add the time to
        # the actual data and make it a binary to then encrypt it
        encrypted_captcha_answer =
          %{
            at: DateTime.now_utc(),
            answer_md5: answer_md5
          }
          |> :erlang.term_to_binary()
          |> MessageEncryptor.encrypt(secret, sign_secret)

        %{
          type: :kocaptcha,
          token: token,
          url: endpoint <> json_resp["url"],
          answer_data: encrypted_captcha_answer
        }
    end
  end

  @impl Service
  def validate(token, captcha, answer_data) do
    secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])
    secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")
    sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")

    # If the time found is less than (current_time - seconds_valid), then the time has already passed.
    # Later we check that the time found is more than the presumed invalidatation time, that means
    # that the data is still valid and the captcha can be checked
    seconds_valid = Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid])
    valid_if_after = DateTime.subtract!(DateTime.now_utc(), seconds_valid)

    with {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
         %{at: at, answer_md5: answer_md5} <- :erlang.binary_to_term(data) do
      if DateTime.after?(at, valid_if_after) do
        if not is_nil(captcha) and
             :crypto.hash(:md5, captcha) |> Base.encode16() == String.upcase(answer_md5),
           do: :ok,
           else: {:error, "Invalid CAPTCHA"}
      else
        {:error, "CAPTCHA expired"}
      end
    else
      _ -> {:error, "Invalid answer data"}
    end
  end
end
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`defmodule Pleroma.Captcha.Kocaptcha do`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`alias Plug.Crypto.KeyGenerator`
			`alias Plug.Crypto.MessageEncryptor`
Clean captchas up periodically, not schedule it after theyre created 2018-12-16 20:41:11 +00:00			`alias Calendar.DateTime`

Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`alias Pleroma.Captcha.Service`
			`@behaviour Service`

			`@impl Service`
			`def new() do`
			`endpoint = Pleroma.Config.get!([__MODULE__, :endpoint])`
Formatting fixes 2018-12-15 19:08:26 +00:00
Replace HTTPoison with Tesla for kocaptha 2018-12-15 19:43:28 +00:00			`case Tesla.get(endpoint <> "/new") do`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`{:error, _} ->`
			`%{error: "Kocaptcha service unavailable"}`
Formatting fixes 2018-12-15 19:08:26 +00:00
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`{:ok, res} ->`
			`json_resp = Poison.decode!(res.body)`

			`token = json_resp["token"]`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`answer_md5 = json_resp["md5"]`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`# This make salt a little different for two keys`
			`secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")`
			`sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")`
			`# Basicallty copy what Phoenix.Token does here, add the time to`
			`# the actual data and make it a binary to then encrypt it`
			`encrypted_captcha_answer =`
			`%{`
			`at: DateTime.now_utc(),`
			`answer_md5: answer_md5`
			`}`
			`\|> :erlang.term_to_binary()`
			`\|> MessageEncryptor.encrypt(secret, sign_secret)`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`%{`
			`type: :kocaptcha,`
			`token: token,`
			`url: endpoint <> json_resp["url"],`
			`answer_data: encrypted_captcha_answer`
			`}`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`end`
			`end`
Add a configurable auto-cleanup for captchas 2018-12-16 19:04:43 +00:00
			`@impl Service`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`def validate(token, captcha, answer_data) do`
			`secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])`
			`secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")`
			`sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")`
Clean captchas up periodically, not schedule it after theyre created 2018-12-16 20:41:11 +00:00
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`# If the time found is less than (current_time - seconds_valid), then the time has already passed.`
			`# Later we check that the time found is more than the presumed invalidatation time, that means`
			`# that the data is still valid and the captcha can be checked`
			`seconds_valid = Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid])`
			`valid_if_after = DateTime.subtract!(DateTime.now_utc(), seconds_valid)`
Clean captchas up periodically, not schedule it after theyre created 2018-12-16 20:41:11 +00:00
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 21:32:37 +00:00			`with {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),`
			`%{at: at, answer_md5: answer_md5} <- :erlang.binary_to_term(data) do`
			`if DateTime.after?(at, valid_if_after) do`
			`if not is_nil(captcha) and`
			`:crypto.hash(:md5, captcha) \|> Base.encode16() == String.upcase(answer_md5),`
			`do: :ok,`
			`else: {:error, "Invalid CAPTCHA"}`
			`else`
			`{:error, "CAPTCHA expired"}`
			`end`
			`else`
			`_ -> {:error, "Invalid answer data"}`
			`end`
Add a configurable auto-cleanup for captchas 2018-12-16 19:04:43 +00:00			`end`
Separate captcha implementation into a behaviour and use it 2018-12-15 19:06:44 +00:00			`end`