PoWConfig includes local salt config

This commit is contained in:
Aravinth Manivannan 2021-04-10 19:42:00 +05:30
parent 2d120d6791
commit 29cd8f4fd8
Signed by: realaravinth
GPG key ID: AD9F0F08E855ED88
5 changed files with 27 additions and 6 deletions

View file

@ -1,6 +1,17 @@
## 0.1.4
## Changed:
- `PoWConfig` has an extra field to send internal `PoW` salt to clients.
Salt is used to prevent dictionary attacks using rainbow tables. This
salt shouldn't be used elsewhere in the program as it's exposed to the
internet. Ideally `mCaptcha` should automatically generate random
salt and rotate periodically, maybe in the next version.
## 0.1.3 ## 0.1.3
## Added ## Added
- `HashCache` was extended to store captcha responses - `HashCache` was extended to store captcha responses
- `HashCache` was extended to cache site keys when caching `PoW` configurations - `HashCache` was extended to cache site keys when caching `PoW` configurations
as a result: as a result:
@ -9,29 +20,37 @@
- token validation - token validation
## Changed ## Changed
- `Cache` became `CachePoW` (`HashCache` extension) - `Cache` became `CachePoW` (`HashCache` extension)
- `Retrieve` became `RetrievePoW`(`HashCache` extension) - `Retrieve` became `RetrievePoW`(`HashCache` extension)
- `DeleteString` became `DeletePoW` (`HashCache` extension) - `DeleteString` became `DeletePoW` (`HashCache` extension)
- `Save` trait now requires three new message impls (`HashCache` extension_ - `Save` trait now requires three new message impls (`HashCache` extension\_
- `System.verify_pow` now returns a `String` instead of `bool` - `System.verify_pow` now returns a `String` instead of `bool`
## Removed ## Removed
- `CachePoW` constructor was removed in favour of `CachwPoWBuilder` - `CachePoW` constructor was removed in favour of `CachwPoWBuilder`
## Fixed ## Fixed
- a bug in `mCaptcha/pow_sha256` was causing errors in PoW computation - a bug in `mCaptcha/pow_sha256` was causing errors in PoW computation
## 0.1.2 ## 0.1.2
## Changed ## Changed
- actix upgraded to `0.11` - actix upgraded to `0.11`
## 0.1.1 ## 0.1.1
### Added ### Added
- `Master` packs a garbage collector to stop and get rid of inactive - `Master` packs a garbage collector to stop and get rid of inactive
`MCaptcha` actors `MCaptcha` actors
- `serde::{Serialize, Deserialize}` impls (shouldn't break anything) - `serde::{Serialize, Deserialize}` impls (shouldn't break anything)
### Changed ### Changed
- typo fix: `MCaptcha::decrement_visiotr()` became `MCaptcha::decrement_visitor()` - typo fix: `MCaptcha::decrement_visiotr()` became `MCaptcha::decrement_visitor()`
- `MCaptcha` throws error when duration is 0 - `MCaptcha` throws error when duration is 0
- `Visitor` is changed to `AddVisitor` - `Visitor` is changed to `AddVisitor`

View file

@ -5,7 +5,7 @@
</p> </p>
[![Documentation](https://img.shields.io/badge/docs-master-yellow)](https://mcaptcha.github.io/mCaptcha/m_captcha/index.html) [![Documentation](https://img.shields.io/badge/docs-master-yellow)](https://mcaptcha.github.io/mCaptcha/m_captcha/index.html)
[![Documentation](https://img.shields.io/badge/docs-0.1.2-blue)](https://mcaptcha.org/docs/api/mcaptcha-system) [![Documentation](https://img.shields.io/badge/docs-0.1.3-blue)](https://mcaptcha.org/docs/api/mcaptcha-system)
[![dependency status](https://deps.rs/repo/github/mCaptcha/mCaptcha/status.svg)](https://deps.rs/repo/github/mCaptcha/mCaptcha) [![dependency status](https://deps.rs/repo/github/mCaptcha/mCaptcha/status.svg)](https://deps.rs/repo/github/mCaptcha/mCaptcha)
[![AGPL License](https://img.shields.io/badge/license-AGPL-blue.svg)](http://www.gnu.org/licenses/agpl-3.0) [![AGPL License](https://img.shields.io/badge/license-AGPL-blue.svg)](http://www.gnu.org/licenses/agpl-3.0)
![CI (Linux)](<https://github.com/mCaptcha/mCaptcha/workflows/CI%20(Linux)/badge.svg>) ![CI (Linux)](<https://github.com/mCaptcha/mCaptcha/workflows/CI%20(Linux)/badge.svg>)

View file

@ -200,7 +200,7 @@ mod tests {
const DURATION: u64 = 5; const DURATION: u64 = 5;
const KEY: &str = "mcaptchakey"; const KEY: &str = "mcaptchakey";
let addr = HashCache::default().start(); let addr = HashCache::default().start();
let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR); let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR, KEY.into()); //salt is dummy here
let visitor_result = AddVisitorResult { let visitor_result = AddVisitorResult {
difficulty_factor: DIFFICULTY_FACTOR, difficulty_factor: DIFFICULTY_FACTOR,
duration: DURATION, duration: DURATION,

View file

@ -27,15 +27,17 @@ pub use pow_sha256::ConfigBuilder;
pub struct PoWConfig { pub struct PoWConfig {
pub string: String, pub string: String,
pub difficulty_factor: u32, pub difficulty_factor: u32,
pub salt: String,
} }
impl PoWConfig { impl PoWConfig {
/// create new instance of [PoWConfig] /// create new instance of [PoWConfig]
pub fn new(m: u32) -> Self { pub fn new(difficulty_factor: u32, salt: String) -> Self {
use crate::utils::get_random; use crate::utils::get_random;
PoWConfig { PoWConfig {
string: get_random(32), string: get_random(32),
difficulty_factor: m, difficulty_factor,
salt,
} }
} }
} }

View file

@ -52,7 +52,7 @@ where
return None; return None;
} }
let mcaptcha = site_addr.unwrap().send(AddVisitor).await.unwrap(); let mcaptcha = site_addr.unwrap().send(AddVisitor).await.unwrap();
let pow_config = PoWConfig::new(mcaptcha.difficulty_factor); let pow_config = PoWConfig::new(mcaptcha.difficulty_factor, self.pow.salt.clone());
let cache_msg = CachePoWBuilder::default() let cache_msg = CachePoWBuilder::default()
.string(pow_config.string.clone()) .string(pow_config.string.clone())