From 29cd8f4fd83a3646a48ca2c9f5563d8d5360d2c3 Mon Sep 17 00:00:00 2001
From: realaravinth
Date: Sat, 10 Apr 2021 19:42:00 +0530
Subject: [PATCH] PoWConfig includes local salt config
---
CHANGELOG.md | 21 ++++++++++++++++++++-
README.md | 2 +-
src/cache/hashcache.rs | 2 +-
src/pow.rs | 6 ++++--
src/system.rs | 2 +-
5 files changed, 27 insertions(+), 6 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 74ddbb6..9855755 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,17 @@
+## 0.1.4
+
+## Changed:
+
+- `PoWConfig` has an extra field to send internal `PoW` salt to clients.
+ Salt is used to prevent dictionary attacks using rainbow tables. This
+ salt shouldn't be used elsewhere in the program as it's exposed to the
+ internet. Ideally `mCaptcha` should automatically generate random
+ salt and rotate periodically, maybe in the next version.
+
## 0.1.3
## Added
+
- `HashCache` was extended to store captcha responses
- `HashCache` was extended to cache site keys when caching `PoW` configurations
as a result:
@@ -9,29 +20,37 @@
- token validation
## Changed
+
- `Cache` became `CachePoW` (`HashCache` extension)
- `Retrieve` became `RetrievePoW`(`HashCache` extension)
- `DeleteString` became `DeletePoW` (`HashCache` extension)
-- `Save` trait now requires three new message impls (`HashCache` extension_
+- `Save` trait now requires three new message impls (`HashCache` extension\_
- `System.verify_pow` now returns a `String` instead of `bool`
## Removed
+
- `CachePoW` constructor was removed in favour of `CachwPoWBuilder`
## Fixed
+
- a bug in `mCaptcha/pow_sha256` was causing errors in PoW computation
## 0.1.2
+
## Changed
+
- actix upgraded to `0.11`
## 0.1.1
+
### Added
+
- `Master` packs a garbage collector to stop and get rid of inactive
`MCaptcha` actors
- `serde::{Serialize, Deserialize}` impls (shouldn't break anything)
### Changed
+
- typo fix: `MCaptcha::decrement_visiotr()` became `MCaptcha::decrement_visitor()`
- `MCaptcha` throws error when duration is 0
- `Visitor` is changed to `AddVisitor`
diff --git a/README.md b/README.md
index d640b9f..abe2710 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
[![Documentation](https://img.shields.io/badge/docs-master-yellow)](https://mcaptcha.github.io/mCaptcha/m_captcha/index.html)
-[![Documentation](https://img.shields.io/badge/docs-0.1.2-blue)](https://mcaptcha.org/docs/api/mcaptcha-system)
+[![Documentation](https://img.shields.io/badge/docs-0.1.3-blue)](https://mcaptcha.org/docs/api/mcaptcha-system)
[![dependency status](https://deps.rs/repo/github/mCaptcha/mCaptcha/status.svg)](https://deps.rs/repo/github/mCaptcha/mCaptcha)
[![AGPL License](https://img.shields.io/badge/license-AGPL-blue.svg)](http://www.gnu.org/licenses/agpl-3.0)
![CI (Linux)]()
diff --git a/src/cache/hashcache.rs b/src/cache/hashcache.rs
index f13e257..3ed9916 100644
--- a/src/cache/hashcache.rs
+++ b/src/cache/hashcache.rs
@@ -200,7 +200,7 @@ mod tests {
const DURATION: u64 = 5;
const KEY: &str = "mcaptchakey";
let addr = HashCache::default().start();
- let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR);
+ let pow: PoWConfig = PoWConfig::new(DIFFICULTY_FACTOR, KEY.into()); //salt is dummy here
let visitor_result = AddVisitorResult {
difficulty_factor: DIFFICULTY_FACTOR,
duration: DURATION,
diff --git a/src/pow.rs b/src/pow.rs
index 6acb002..b16bc80 100644
--- a/src/pow.rs
+++ b/src/pow.rs
@@ -27,15 +27,17 @@ pub use pow_sha256::ConfigBuilder;
pub struct PoWConfig {
pub string: String,
pub difficulty_factor: u32,
+ pub salt: String,
}
impl PoWConfig {
/// create new instance of [PoWConfig]
- pub fn new(m: u32) -> Self {
+ pub fn new(difficulty_factor: u32, salt: String) -> Self {
use crate::utils::get_random;
PoWConfig {
string: get_random(32),
- difficulty_factor: m,
+ difficulty_factor,
+ salt,
}
}
}
diff --git a/src/system.rs b/src/system.rs
index 71fce90..5774fb6 100644
--- a/src/system.rs
+++ b/src/system.rs
@@ -52,7 +52,7 @@ where
return None;
}
let mcaptcha = site_addr.unwrap().send(AddVisitor).await.unwrap();
- let pow_config = PoWConfig::new(mcaptcha.difficulty_factor);
+ let pow_config = PoWConfig::new(mcaptcha.difficulty_factor, self.pow.salt.clone());
let cache_msg = CachePoWBuilder::default()
.string(pow_config.string.clone())