commit 0fb00ba58515959864bf1bef68e0c3d605b57d7a
parent de01f1a197763aa731d07b1e768ef3f70e277f89
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Sat, 27 May 2023 21:04:07 -0700
add pow to guest account creation flow
Diffstat:
3 files changed, 27 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/chat.go b/pkg/web/handlers/chat.go
@@ -1,14 +1,17 @@
package handlers
import (
+ "crypto/sha256"
"dkforest/pkg/captcha"
"dkforest/pkg/config"
"dkforest/pkg/database"
"dkforest/pkg/managers"
"dkforest/pkg/utils"
hutils "dkforest/pkg/web/handlers/utils"
+ "encoding/hex"
"github.com/labstack/echo"
"net/http"
+ "strings"
"time"
)
@@ -25,6 +28,7 @@ func chatHandler(c echo.Context, redRoom, stream bool) error {
}
var data chatData
+ data.PowEnabled = config.PowEnabled.Load()
data.RedRoom = redRoom
preventRefresh := utils.DoParseBool(c.QueryParam("r"))
data.TogglePms = utils.DoParseInt64(c.QueryParam("pmonly"))
@@ -181,6 +185,7 @@ func handleChatPasswordPost(db *database.DkfDB, c echo.Context, data chatData, a
// If no user set, we verify the captcha and username for the guest account
if authUser == nil {
data.GuestUsername = c.Request().PostFormValue("guest_username")
+ data.Pow = c.Request().PostFormValue("pow")
captchaID := c.Request().PostFormValue("captcha_id")
captchaInput := c.Request().PostFormValue("captcha")
if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
@@ -192,6 +197,17 @@ func handleChatPasswordPost(db *database.DkfDB, c echo.Context, data chatData, a
data.ErrGuestUsername = err.Error()
return c.Render(http.StatusOK, chatPasswordTmplName, data)
}
+
+ // verify POW
+ if config.PowEnabled.IsTrue() {
+ h := sha256.Sum256([]byte(data.GuestUsername + ":" + data.Pow))
+ hashed := hex.EncodeToString(h[:])
+ prefix := strings.Repeat("0", config.PowDifficulty)
+ if !strings.HasPrefix(hashed, prefix) {
+ data.ErrPow = "invalid proof of work"
+ return c.Render(http.StatusOK, chatPasswordTmplName, data)
+ }
+ }
}
// Verify room password is correct
diff --git a/pkg/web/handlers/data.go b/pkg/web/handlers/data.go
@@ -367,6 +367,7 @@ type chatData struct {
Error string
RoomPassword string
GuestUsername string
+ Pow string
Room database.ChatRoom
IsOfficialRoom bool
DisplayTutorial bool
@@ -380,10 +381,12 @@ type chatData struct {
CaptchaImg string
CaptchaAnswerImg string
ErrGuestUsername string
+ ErrPow string
ErrCaptcha string
TutoSecs int64
TutoFrames []string
IsStream bool
+ PowEnabled bool
}
type chatHelpData struct {
diff --git a/pkg/web/public/views/pages/standalone/chat-password.gohtml b/pkg/web/public/views/pages/standalone/chat-password.gohtml
@@ -25,6 +25,14 @@
{{ if .Data.ErrGuestUsername }}<div class="invalid-feedback bg-label d-block">{{ .Data.ErrGuestUsername }}</div>{{ end }}
</div>
+ {{ if .Data.PowEnabled }}
+ <div class="form-group">
+ <div class="text-center mb-2 bg-label"><a href="/pow-help" target="_blank" rel="noopener noreferrer">Proof of work help</a></div>
+ <input class="transparent-input form-control{{ if .Data.ErrPow }} is-invalid{{ end }}" placeholder="{{ t "Proof of work" . }}" name="pow" type="text" value="{{ .Data.Pow }}" />
+ {{ if .Data.ErrPow }}<div class="invalid-feedback d-block">{{ .Data.ErrPow }}</div>{{ end }}
+ </div>
+ {{ end }}
+
<div class="form-group">
<div class="mb-2 text-center">
<img src="data:image/png;base64,{{ .Data.CaptchaImg }}" alt="captcha" style="background-color: hsl(0, 0%, 90%);" class="captcha-img" />
