From 29cd8f4fd83a3646a48ca2c9f5563d8d5360d2c3 Mon Sep 17 00:00:00 2001
From: realaravinth <realaravinth@batsense.net>
Date: Sat, 10 Apr 2021 19:42:00 +0530
Subject: [PATCH] PoWConfig includes local salt config

---
 CHANGELOG.md           | 21 ++++++++++++++++++++-
 README.md              |  2 +-
 src/cache/hashcache.rs |  2 +-
 src/pow.rs             |  6 ++++--
 src/system.rs          |  2 +-
 5 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 74ddbb6..9855755 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,17 @@
+## 0.1.4
+
+## Changed:
+
+- `PoWConfig` has an extra field to send internal `PoW` salt to clients.
+  Salt is used to prevent dictionary attacks using rainbow tables. This
+  salt shouldn't be used elsewhere in the program as it's exposed to the
+  internet. Ideally `mCaptcha` should automatically generate random
+  salt and rotate periodically, maybe in the next version.
+
 ## 0.1.3
 
 ## Added
+
 - `HashCache` was extended to store captcha responses
 - `HashCache` was extended to cache site keys when caching `PoW` configurations
   as a result:
@@ -9,29 +20,37 @@
 - token validation
 
 ## Changed
+
 - `Cache` became `CachePoW` (`HashCache` extension)
 - `Retrieve` became `RetrievePoW`(`HashCache` extension)
 - `DeleteString` became `DeletePoW` (`HashCache` extension)
-- `Save` trait now requires three new message impls (`HashCache` extension_
+- `Save` trait now requires three new message impls (`HashCache` extension\_
 - `System.verify_pow` now returns a `String` instead of `bool`
 
 ## Removed
+
 - `CachePoW` constructor was removed in favour of `CachwPoWBuilder`
 
 ## Fixed
+
 - a bug in `mCaptcha/pow_sha256` was causing errors in PoW computation
 
 ## 0.1.2
+
 ## Changed
+
 - actix upgraded to `0.11`
 
 ## 0.1.1
+
 ### Added
+
 - `Master` packs a garbage collector to stop and get rid of inactive
   `MCaptcha` actors
 - `serde::{Serialize, Deserialize}` impls (shouldn't break anything)
 
 ### Changed
+
 - typo fix: `MCaptcha::decrement_visiotr()` became `MCaptcha::decrement_visitor()`
 - `MCaptcha` throws error when duration is 0
 - `Visitor` is changed to `AddVisitor`
diff --git a/README.md b/README.md
index d640b9f..abe2710 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
   </p>
 
 [![Documentation](https://img.shields.io/badge/docs-master-yellow)](https://mcaptcha.github.io/mCaptcha/m_captcha/index.html)
-[![Documentation](https://img.shields.io/badge/docs-0.1.2-blue)](https://mcaptcha.org/docs/api/mcaptcha-system)
+[![Documentation](https://img.shields.io/badge/docs-0.1.3-blue)](https://mcaptcha.org/docs/api/mcaptcha-system)
 [![dependency status](https://deps.rs/repo/github/mCaptcha/mCaptcha/status.svg)](https://deps.rs/repo/github/mCaptcha/mCaptcha)
 [![AGPL License](https://img.shields.io/badge/license-AGPL-blue.svg)](http://www.gnu.org/licenses/agpl-3.0)
 ![CI (Linux)](<https://github.com/mCaptcha/mCaptcha/workflows/CI%20(Linux)/badge.svg>)
diff --git a/src/cache/hashcache.rs b/src/cache/hashcache.rs
index f13e257..3ed9916 100644
--- a/src/cache/hashcache.rs
+++ b/src/cache/hashcache.rs
@@ -200,7 +200,7 @@ mod tests {
         const DURATION: u64 = 5;
         const KEY: &str = "mcaptchakey";
         let addr = HashCache::default().start();
-        let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR);
+        let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR, KEY.into()); //salt is dummy here
         let visitor_result = AddVisitorResult {
             difficulty_factor: DIFFICULTY_FACTOR,
             duration: DURATION,
diff --git a/src/pow.rs b/src/pow.rs
index 6acb002..b16bc80 100644
--- a/src/pow.rs
+++ b/src/pow.rs
@@ -27,15 +27,17 @@ pub use pow_sha256::ConfigBuilder;
 pub struct PoWConfig {
     pub string: String,
     pub difficulty_factor: u32,
+    pub salt: String,
 }
 impl PoWConfig {
     /// create new instance of [PoWConfig]
-    pub fn new(m: u32) -> Self {
+    pub fn new(difficulty_factor: u32, salt: String) -> Self {
         use crate::utils::get_random;
 
         PoWConfig {
             string: get_random(32),
-            difficulty_factor: m,
+            difficulty_factor,
+            salt,
         }
     }
 }
diff --git a/src/system.rs b/src/system.rs
index 71fce90..5774fb6 100644
--- a/src/system.rs
+++ b/src/system.rs
@@ -52,7 +52,7 @@ where
             return None;
         }
         let mcaptcha = site_addr.unwrap().send(AddVisitor).await.unwrap();
-        let pow_config = PoWConfig::new(mcaptcha.difficulty_factor);
+        let pow_config = PoWConfig::new(mcaptcha.difficulty_factor, self.pow.salt.clone());
 
         let cache_msg = CachePoWBuilder::default()
             .string(pow_config.string.clone())