website/static/api-docs/m_captcha/0.1.3/m_captcha/index.html

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `m_captcha` crate."><meta name="keywords" content="rust, rustlang, rust-lang, m_captcha"><title>m_captcha - Rust</title><link rel="stylesheet" type="text/css" href="../normalize.css"><link rel="stylesheet" type="text/css" href="../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../light.css"  id="themeStyle"><link rel="stylesheet" type="text/css" href="../dark.css" disabled ><link rel="stylesheet" type="text/css" href="../ayu.css" disabled ><script id="default-settings"></script><script src="../storage.js"></script><noscript><link rel="stylesheet" href="../noscript.css"></noscript><link rel="icon" type="image/svg+xml" href="../favicon.svg">
<link rel="alternate icon" type="image/png" href="../favicon-16x16.png">
<link rel="alternate icon" type="image/png" href="../favicon-32x32.png"><style type="text/css">#crate-search{background-image:url("../down-arrow.svg");}</style></head><body class="rustdoc mod"><!--[if lte IE 8]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="sidebar-menu">&#9776;</div><a href='../m_captcha/index.html'><div class='logo-container rust-logo'><img src='../rust-logo.png' alt='logo'></div></a><p class="location">Crate m_captcha</p><div class="block version"><p>Version 0.1.3</p></div><div class="sidebar-elems"><a id="all-types" href="all.html"><p>See all m_captcha's items</p></a><div class="block items"><ul><li><a href="#reexports">Re-exports</a></li><li><a href="#modules">Modules</a></li></ul></div><p class="location"></p><div id="sidebar-vars" data-name="m_captcha" data-ty="mod" data-relpath="../"></div></div></nav><div class="theme-picker"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu"><img src="../brush.svg" width="18" alt="Pick another theme!"></button><div id="theme-choices" role="menu"></div></div><script src="../theme.js"></script><nav class="sub"><form class="search-form"><div class="search-container"><div><select id="crate-search"><option value="All crates">All crates</option></select><input class="search-input" name="search" disabled autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"></div><button type="button" class="help-button">?</button>
                <a id="settings-menu" href="../settings.html"><img src="../wheel.svg" width="18" alt="Change settings"></a></div></form></nav><section id="main" class="content"><h1 class="fqn"><span class="in-band">Crate <a class="mod" href="">m_captcha</a></span><span class="out-of-band"><span id="render-detail"><a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span><a class="srclink" href="../src/m_captcha/lib.rs.html#18-200" title="goto source code">[src]</a></span></h1><div class="docblock"><p>mCaptcha is a proof of work based Denaial-of-Service attack protection system.
This is is a server library that you can embed in your services to protect your
servers.</p>
<p>A commercial managed solution is in the works but I'd much rather prefer
folks host their own instances as it will make the more decentralized and free.</p>
<p>In mCaptcha, defense is adjusted in discrete levels that depend on the
ammount of traffic that a service is experiencing. So users of this library are
requested to benchmark their target machines before configuring their mCaptcha
component.</p>
<h2 id="terminology" class="section-header"><a href="#terminology">Terminology:</a></h2>
<ul>
<li>Difficulty(Factor): Minimum ammount of work that a client must do to make a valid
request.</li>
<li><a href="../m_captcha/defense/struct.Defense.html" title="Defense">Defense</a>: A datatype that various visitor-difficulty mappigns</li>
<li>Visitor: Smallest unit of traffic, usually a single request. The more you have, the busier
your service is. Determines mCaptcha defense defense</li>
<li>Visitor threshold: The threshold at which <a href="../m_captcha/mcaptcha/struct.MCaptcha.html" title="MCaptcha">MCaptcha</a> will adjust defense defense</li>
<li><a href="../m_captcha/cache/index.html" title="crate::cache">Cache</a> : A datatype that implements <a href="../m_captcha/cache/trait.Save.html" title="crate::cache::Save">Save</a>. Used to store
PoW requirements to defend against replay attacks and dictionary attacks.</li>
<li><a href="../m_captcha/master/struct.Master.html" title="crate::master::Master">Master</a>: A datatype that manages
<a href="../m_captcha/mcaptcha/struct.MCaptcha.html" title="crate::mcaptcha::MCaptcha">MCaptcha</a> actors. Works like a DNS for
<a href="../m_captcha/mcaptcha/struct.AddVisitor.html" title="crate::mcaptcha::AddVisitor">AddVisitor</a> messages.</li>
<li><a href="../m_captcha/system/struct.System.html" title="crate::system::System">System</a>: mCaptcha system that manages cache, master and provides
useful abstractions. An mCaptcha system/instance can have only a single
<a href="../m_captcha/system/struct.System.html" title="crate::system::System">System</a></li>
</ul>
<h2 id="example" class="section-header"><a href="#example">Example:</a></h2>
<div class="example-wrap"><pre class="rust rust-example-rendered">
<span class="kw">use</span> <span class="ident">m_captcha</span>::{
    <span class="ident">cache</span>::{<span class="ident">messages</span>::<span class="ident">VerifyCaptchaResult</span>, <span class="ident">HashCache</span>},
    <span class="ident">master</span>::{<span class="ident">AddSiteBuilder</span>, <span class="ident">Master</span>},
    <span class="ident">pow</span>::{<span class="ident">ConfigBuilder</span>, <span class="ident">Work</span>},
    <span class="ident">system</span>::<span class="ident">SystemBuilder</span>,
    <span class="ident">DefenseBuilder</span>, <span class="ident">LevelBuilder</span>, <span class="ident">MCaptchaBuilder</span>,
};
<span class="comment">// traits from actix needs to be in scope for starting actor</span>
<span class="kw">use</span> <span class="ident">actix</span>::<span class="ident">prelude</span>::<span class="kw-2">*</span>;

<span class="attribute">#[<span class="ident">actix_rt</span>::<span class="ident">main</span>]</span>
<span class="kw">async</span> <span class="kw">fn</span> <span class="ident">main</span>() <span class="op">-</span><span class="op">&gt;</span> <span class="ident">std</span>::<span class="ident">io</span>::<span class="prelude-ty">Result</span><span class="op">&lt;</span>()<span class="op">&gt;</span> {
    <span class="comment">// start cahce actor</span>
    <span class="comment">// cache is used to store PoW requirements that are sent to clients</span>
    <span class="comment">// This way, it can be verified that the client computed work over a config</span>
    <span class="comment">// that _we_ sent. Offers protection against rainbow tables powered dictionary attacks</span>
    <span class="kw">let</span> <span class="ident">cache</span> <span class="op">=</span> <span class="ident">HashCache</span>::<span class="ident">default</span>().<span class="ident">start</span>();

    <span class="comment">// create PoW config with unique salt. Salt has to be safely guarded.</span>
    <span class="comment">// salts protect us from replay attacks</span>
    <span class="kw">let</span> <span class="ident">pow</span> <span class="op">=</span> <span class="ident">ConfigBuilder</span>::<span class="ident">default</span>()
        .<span class="ident">salt</span>(<span class="string">&quot;myrandomsaltisnotlongenoug&quot;</span>.<span class="ident">into</span>())
        .<span class="ident">build</span>()
        .<span class="ident">unwrap</span>();

    <span class="comment">// start master actor. Master actor is responsible for managing MCaptcha actors</span>
    <span class="comment">// each mCaptcha system should have only one master</span>
    <span class="kw">let</span> <span class="ident">master</span> <span class="op">=</span> <span class="ident">Master</span>::<span class="ident">new</span>(<span class="number">5</span>).<span class="ident">start</span>();

    <span class="comment">// Create system. System encapsulates master and cache and provides useful abstraction</span>
    <span class="comment">// each mCaptcha system should have only one system</span>
    <span class="kw">let</span> <span class="ident">system</span> <span class="op">=</span> <span class="ident">SystemBuilder</span>::<span class="ident">default</span>()
        .<span class="ident">master</span>(<span class="ident">master</span>)
        .<span class="ident">cache</span>(<span class="ident">cache</span>)
        .<span class="ident">pow</span>(<span class="ident">pow</span>.<span class="ident">clone</span>())
        .<span class="ident">build</span>()
        .<span class="ident">unwrap</span>();

    <span class="comment">// configure defense. This is a per site configuration. A site can have several levels</span>
    <span class="comment">// of defenses configured</span>
    <span class="kw">let</span> <span class="ident">defense</span> <span class="op">=</span> <span class="ident">DefenseBuilder</span>::<span class="ident">default</span>()
        <span class="comment">// add as many defense as you see fit</span>
        .<span class="ident">add_level</span>(
            <span class="ident">LevelBuilder</span>::<span class="ident">default</span>()
                <span class="comment">// visitor_threshold is the threshold/limit at which</span>
                <span class="comment">// mCaptcha will adjust difficulty defense</span>
                <span class="comment">// it is advisable to set small values for the first</span>
                <span class="comment">// defense visitor_threshold and difficulty_factor</span>
                <span class="comment">// as this will be the work that clients will be</span>
                <span class="comment">// computing when there&#39;s no load</span>
                .<span class="ident">visitor_threshold</span>(<span class="number">50</span>)
                .<span class="ident">difficulty_factor</span>(<span class="number">500</span>)
                .<span class="ident">unwrap</span>()
                .<span class="ident">build</span>()
                .<span class="ident">unwrap</span>(),
        )
        .<span class="ident">unwrap</span>()
        .<span class="ident">add_level</span>(
            <span class="ident">LevelBuilder</span>::<span class="ident">default</span>()
                .<span class="ident">visitor_threshold</span>(<span class="number">5000</span>)
                .<span class="ident">difficulty_factor</span>(<span class="number">50000</span>)
                .<span class="ident">unwrap</span>()
                .<span class="ident">build</span>()
                .<span class="ident">unwrap</span>(),
        )
        .<span class="ident">unwrap</span>()
        .<span class="ident">build</span>()
        .<span class="ident">unwrap</span>();

    <span class="comment">// create and start MCaptcha actor that uses the above defense configuration</span>
    <span class="comment">// This is what manages the difficulty factor of sites that an mCaptcha protects</span>
    <span class="kw">let</span> <span class="ident">mcaptcha</span> <span class="op">=</span> <span class="ident">MCaptchaBuilder</span>::<span class="ident">default</span>()
        .<span class="ident">defense</span>(<span class="ident">defense</span>)
        <span class="comment">// leaky bucket algorithm&#39;s emission interval</span>
        .<span class="ident">duration</span>(<span class="number">30</span>)
        <span class="comment">//   .cache(cache)</span>
        .<span class="ident">build</span>()
        .<span class="ident">unwrap</span>()
        .<span class="ident">start</span>();

    <span class="comment">// unique value identifying an MCaptcha actor</span>
    <span class="kw">let</span> <span class="ident">mcaptcha_name</span> <span class="op">=</span> <span class="string">&quot;batsense.net&quot;</span>;

    <span class="comment">// add MCaptcha to Master</span>
    <span class="kw">let</span> <span class="ident">msg</span> <span class="op">=</span> <span class="ident">AddSiteBuilder</span>::<span class="ident">default</span>()
        .<span class="ident">id</span>(<span class="ident">mcaptcha_name</span>.<span class="ident">into</span>())
        .<span class="ident">addr</span>(<span class="ident">mcaptcha</span>.<span class="ident">clone</span>())
        .<span class="ident">build</span>()
        .<span class="ident">unwrap</span>();
    <span class="ident">system</span>.<span class="ident">master</span>.<span class="ident">send</span>(<span class="ident">msg</span>).<span class="kw">await</span>.<span class="ident">unwrap</span>();

    <span class="comment">// Get PoW config. Should be called everytime there&#39;s a visitor for a</span>
    <span class="comment">// managed site(here mcaptcha_name)</span>
    <span class="kw">let</span> <span class="ident">work_req</span> <span class="op">=</span> <span class="ident">system</span>.<span class="ident">get_pow</span>(<span class="ident">mcaptcha_name</span>.<span class="ident">into</span>()).<span class="kw">await</span>.<span class="ident">unwrap</span>();

    <span class="comment">// the following computation should be done on the client but for the purpose</span>
    <span class="comment">// of this illustration, we are going to do it on the server it self</span>
    <span class="kw">let</span> <span class="ident">work</span> <span class="op">=</span> <span class="ident">pow</span>
        .<span class="ident">prove_work</span>(<span class="kw-2">&amp;</span><span class="ident">work_req</span>.<span class="ident">string</span>, <span class="ident">work_req</span>.<span class="ident">difficulty_factor</span>)
        .<span class="ident">unwrap</span>();

    <span class="comment">// the payload that the client sends to the server</span>
    <span class="kw">let</span> <span class="ident">payload</span> <span class="op">=</span> <span class="ident">Work</span> {
        <span class="ident">string</span>: <span class="ident">work_req</span>.<span class="ident">string</span>,
        <span class="ident">result</span>: <span class="ident">work</span>.<span class="ident">result</span>,
        <span class="ident">nonce</span>: <span class="ident">work</span>.<span class="ident">nonce</span>,
        <span class="ident">key</span>: <span class="ident">mcaptcha_name</span>.<span class="ident">into</span>(),
    };

    <span class="comment">// Server evaluates client&#39;s work. Returns true if everything</span>
    <span class="comment">// checksout and Err() if something fishy is happening</span>
    <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">system</span>.<span class="ident">verify_pow</span>(<span class="ident">payload</span>.<span class="ident">clone</span>()).<span class="kw">await</span>;
    <span class="macro">assert</span><span class="macro">!</span>(<span class="ident">res</span>.<span class="ident">is_ok</span>());

   <span class="comment">// The client should submit the token to the mCaptcha protected service</span>
   <span class="comment">// The service should validate the token received from the client</span>
   <span class="comment">// with the mCaptcha server before processing client&#39;s</span>
   <span class="comment">// request</span>

   <span class="comment">// mcaptcha protected service sends the following paylaod to mCaptcha</span>
   <span class="comment">// server:</span>
   <span class="kw">let</span> <span class="ident">verify_msg</span> <span class="op">=</span> <span class="ident">VerifyCaptchaResult</span> {
       <span class="ident">token</span>: <span class="ident">res</span>.<span class="ident">unwrap</span>(),
       <span class="ident">key</span>: <span class="ident">mcaptcha_name</span>.<span class="ident">into</span>(),
   };

   <span class="comment">// on mCaptcha server:</span>
   <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">system</span>.<span class="ident">validate_verification_tokens</span>(<span class="ident">verify_msg</span>).<span class="kw">await</span>;
   <span class="comment">// mCaptcha will return true if token is valid and false if</span>
   <span class="comment">// token is invalid</span>
   <span class="macro">assert</span><span class="macro">!</span>(<span class="ident">res</span>.<span class="ident">is_ok</span>());
   <span class="macro">assert</span><span class="macro">!</span>(<span class="ident">res</span>.<span class="ident">unwrap</span>());

   <span class="prelude-val">Ok</span>(())
}</pre></div>
</div><h2 id="reexports" class="section-header"><a href="#reexports">Re-exports</a></h2>
<table><tr><td><code>pub use crate::cache::hashcache::<a class="struct" href="../m_captcha/cache/hashcache/struct.HashCache.html" title="struct m_captcha::cache::hashcache::HashCache">HashCache</a>;</code></td></tr><tr><td><code>pub use defense::<a class="struct" href="../m_captcha/defense/struct.Defense.html" title="struct m_captcha::defense::Defense">Defense</a>;</code></td></tr><tr><td><code>pub use defense::<a class="struct" href="../m_captcha/defense/struct.DefenseBuilder.html" title="struct m_captcha::defense::DefenseBuilder">DefenseBuilder</a>;</code></td></tr><tr><td><code>pub use defense::<a class="struct" href="../m_captcha/defense/struct.LevelBuilder.html" title="struct m_captcha::defense::LevelBuilder">LevelBuilder</a>;</code></td></tr><tr><td><code>pub use mcaptcha::<a class="struct" href="../m_captcha/mcaptcha/struct.MCaptcha.html" title="struct m_captcha::mcaptcha::MCaptcha">MCaptcha</a>;</code></td></tr><tr><td><code>pub use mcaptcha::<a class="struct" href="../m_captcha/mcaptcha/struct.MCaptchaBuilder.html" title="struct m_captcha::mcaptcha::MCaptchaBuilder">MCaptchaBuilder</a>;</code></td></tr></table><h2 id="modules" class="section-header"><a href="#modules">Modules</a></h2>
<table><tr class="module-item"><td><a class="mod" href="cache/index.html" title="m_captcha::cache mod">cache</a></td><td class="docblock-short"><p>message datatypes to interact with <a href="../m_captcha/mcaptcha/struct.MCaptcha.html" title="MCaptcha">MCaptcha</a> actor
Cache is used to save proofof work details and nonces to prevent replay attacks
and rainbow/dictionary attacks</p>
</td></tr><tr class="module-item"><td><a class="mod" href="defense/index.html" title="m_captcha::defense mod">defense</a></td><td class="docblock-short"><p>Defense datatypes</p>
</td></tr><tr class="module-item"><td><a class="mod" href="errors/index.html" title="m_captcha::errors mod">errors</a></td><td class="docblock-short"><p>Errors and Result module</p>
</td></tr><tr class="module-item"><td><a class="mod" href="master/index.html" title="m_captcha::master mod">master</a></td><td class="docblock-short"><p><a href="../m_captcha/master/struct.Master.html" title="Master">Master</a> actor module that manages <a href="../m_captcha/mcaptcha/struct.MCaptcha.html" title="MCaptcha">MCaptcha</a> actors</p>
</td></tr><tr class="module-item"><td><a class="mod" href="mcaptcha/index.html" title="m_captcha::mcaptcha mod">mcaptcha</a></td><td class="docblock-short"><p>MCaptcha actor module that manages defense levels</p>
</td></tr><tr class="module-item"><td><a class="mod" href="pow/index.html" title="m_captcha::pow mod">pow</a></td><td class="docblock-short"><p>PoW datatypes used in client-server interaction</p>
</td></tr><tr class="module-item"><td><a class="mod" href="system/index.html" title="m_captcha::system mod">system</a></td><td class="docblock-short"><p>module describing mCaptcha system</p>
</td></tr></table></section><section id="search" class="content hidden"></section><section class="footer"></section><div id="rustdoc-vars" data-root-path="../" data-current-crate="m_captcha"></div>
    <script src="../main.js"></script><script defer src="../search-index.js"></script></body></html>