2022-05-21 20:02:35 +08:00
|
|
|
|
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
|
|
|
|
|
|
|
|
|
|
|
|
package waf
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
2022-09-05 10:59:02 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
2023-10-05 09:45:46 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
|
2022-05-21 20:02:35 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
|
|
|
|
|
"github.com/iwind/TeaGo/types"
|
|
|
|
|
|
"time"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type CaptchaPageCode = string
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
CaptchaPageCodeInit CaptchaPageCode = "init"
|
|
|
|
|
|
CaptchaPageCodeShow CaptchaPageCode = "show"
|
|
|
|
|
|
CaptchaPageCodeSubmit CaptchaPageCode = "submit"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// CaptchaIncreaseFails 增加Captcha失败次数,以便后续操作
|
|
|
|
|
|
func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, policyId int64, groupId int64, setId int64, pageCode CaptchaPageCode) (goNext bool) {
|
|
|
|
|
|
var maxFails = actionConfig.MaxFails
|
|
|
|
|
|
var failBlockTimeout = actionConfig.FailBlockTimeout
|
|
|
|
|
|
if maxFails > 0 && failBlockTimeout > 0 {
|
|
|
|
|
|
if maxFails <= 3 {
|
|
|
|
|
|
maxFails = 3 // 不能小于3,防止意外刷新出现
|
|
|
|
|
|
}
|
2023-10-05 09:45:46 +08:00
|
|
|
|
var countFails = counters.SharedCounter.IncreaseKey(CaptchaCacheKey(req, pageCode), 300)
|
2022-05-21 20:02:35 +08:00
|
|
|
|
if int(countFails) >= maxFails {
|
2023-03-31 21:37:15 +08:00
|
|
|
|
SharedIPBlackList.RecordIP(IPTypeAll, firewallconfigs.FirewallScopeService, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(failBlockTimeout), policyId, true, groupId, setId, "CAPTCHA验证连续失败超过"+types.String(maxFails)+"次")
|
2022-05-21 20:02:35 +08:00
|
|
|
|
return false
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// CaptchaDeleteCacheKey 清除计数
|
|
|
|
|
|
func CaptchaDeleteCacheKey(req requests.Request) {
|
2023-10-05 09:45:46 +08:00
|
|
|
|
counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeInit))
|
|
|
|
|
|
counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeShow))
|
|
|
|
|
|
counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeSubmit))
|
2022-05-21 20:02:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// CaptchaCacheKey 获取Captcha缓存Key
|
|
|
|
|
|
func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string {
|
2022-09-05 10:59:02 +08:00
|
|
|
|
var requestPath = req.WAFRaw().URL.Path
|
|
|
|
|
|
|
|
|
|
|
|
if req.WAFRaw().URL.Path == CaptchaPath {
|
|
|
|
|
|
m, err := utils.SimpleDecryptMap(req.WAFRaw().URL.Query().Get("info"))
|
|
|
|
|
|
if err == nil && m != nil {
|
|
|
|
|
|
requestPath = m.GetString("url")
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-10-05 09:45:46 +08:00
|
|
|
|
return "WAF:CAPTCHA:FAILS:" + pageCode + ":" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + ":" + requestPath
|
2022-05-21 20:02:35 +08:00
|
|
|
|
}
|
