PoWConfig includes local salt config

This commit is contained in:
Aravinth Manivannan 2021-04-10 19:42:00 +05:30
parent 2d120d6791
commit 29cd8f4fd8
Signed by: realaravinth
GPG key ID: AD9F0F08E855ED88
5 changed files with 27 additions and 6 deletions

View file

@ -1,6 +1,17 @@
## 0.1.4
## Changed:
- `PoWConfig` has an extra field to send internal `PoW` salt to clients.
Salt is used to prevent dictionary attacks using rainbow tables. This
salt shouldn't be used elsewhere in the program as it's exposed to the
internet. Ideally `mCaptcha` should automatically generate random
salt and rotate periodically, maybe in the next version.
## 0.1.3
## Added
- `HashCache` was extended to store captcha responses
- `HashCache` was extended to cache site keys when caching `PoW` configurations
as a result:
@ -9,29 +20,37 @@
- token validation
## Changed
- `Cache` became `CachePoW` (`HashCache` extension)
- `Retrieve` became `RetrievePoW`(`HashCache` extension)
- `DeleteString` became `DeletePoW` (`HashCache` extension)
- `Save` trait now requires three new message impls (`HashCache` extension_
- `Save` trait now requires three new message impls (`HashCache` extension\_
- `System.verify_pow` now returns a `String` instead of `bool`
## Removed
- `CachePoW` constructor was removed in favour of `CachwPoWBuilder`
## Fixed
- a bug in `mCaptcha/pow_sha256` was causing errors in PoW computation
## 0.1.2
## Changed
- actix upgraded to `0.11`
## 0.1.1
### Added
- `Master` packs a garbage collector to stop and get rid of inactive
`MCaptcha` actors
- `serde::{Serialize, Deserialize}` impls (shouldn't break anything)
### Changed
- typo fix: `MCaptcha::decrement_visiotr()` became `MCaptcha::decrement_visitor()`
- `MCaptcha` throws error when duration is 0
- `Visitor` is changed to `AddVisitor`

View file

@ -5,7 +5,7 @@
</p>
[![Documentation](https://img.shields.io/badge/docs-master-yellow)](https://mcaptcha.github.io/mCaptcha/m_captcha/index.html)
[![Documentation](https://img.shields.io/badge/docs-0.1.2-blue)](https://mcaptcha.org/docs/api/mcaptcha-system)
[![Documentation](https://img.shields.io/badge/docs-0.1.3-blue)](https://mcaptcha.org/docs/api/mcaptcha-system)
[![dependency status](https://deps.rs/repo/github/mCaptcha/mCaptcha/status.svg)](https://deps.rs/repo/github/mCaptcha/mCaptcha)
[![AGPL License](https://img.shields.io/badge/license-AGPL-blue.svg)](http://www.gnu.org/licenses/agpl-3.0)
![CI (Linux)](<https://github.com/mCaptcha/mCaptcha/workflows/CI%20(Linux)/badge.svg>)

View file

@ -200,7 +200,7 @@ mod tests {
const DURATION: u64 = 5;
const KEY: &str = "mcaptchakey";
let addr = HashCache::default().start();
let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR);
let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR, KEY.into()); //salt is dummy here
let visitor_result = AddVisitorResult {
difficulty_factor: DIFFICULTY_FACTOR,
duration: DURATION,

View file

@ -27,15 +27,17 @@ pub use pow_sha256::ConfigBuilder;
pub struct PoWConfig {
pub string: String,
pub difficulty_factor: u32,
pub salt: String,
}
impl PoWConfig {
/// create new instance of [PoWConfig]
pub fn new(m: u32) -> Self {
pub fn new(difficulty_factor: u32, salt: String) -> Self {
use crate::utils::get_random;
PoWConfig {
string: get_random(32),
difficulty_factor: m,
difficulty_factor,
salt,
}
}
}

View file

@ -52,7 +52,7 @@ where
return None;
}
let mcaptcha = site_addr.unwrap().send(AddVisitor).await.unwrap();
let pow_config = PoWConfig::new(mcaptcha.difficulty_factor);
let pow_config = PoWConfig::new(mcaptcha.difficulty_factor, self.pow.salt.clone());
let cache_msg = CachePoWBuilder::default()
.string(pow_config.string.clone())