2020-10-08 15:06:42 +08:00
|
|
|
|
package waf
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
2021-07-18 15:51:49 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
|
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
2020-10-08 15:06:42 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
2021-07-18 15:51:49 +08:00
|
|
|
|
"github.com/iwind/TeaGo/maps"
|
2020-10-08 15:06:42 +08:00
|
|
|
|
stringutil "github.com/iwind/TeaGo/utils/string"
|
|
|
|
|
|
"net/http"
|
|
|
|
|
|
"net/url"
|
2021-07-18 15:51:49 +08:00
|
|
|
|
"strings"
|
2020-10-08 15:06:42 +08:00
|
|
|
|
"time"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
var captchaSalt = stringutil.Rand(32)
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
CaptchaSeconds = 600 // 10 minutes
|
2021-07-18 15:51:49 +08:00
|
|
|
|
CaptchaPath = "/WAF/VERIFY/CAPTCHA"
|
2020-10-08 15:06:42 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type CaptchaAction struct {
|
2021-07-18 15:51:49 +08:00
|
|
|
|
Life int32 `yaml:"life" json:"life"`
|
|
|
|
|
|
Language string `yaml:"language" json:"language"` // 语言,zh-CN, en-US ...
|
|
|
|
|
|
AddToWhiteList bool `yaml:"addToWhiteList" json:"addToWhiteList"` // 是否加入到白名单
|
2021-10-18 20:08:43 +08:00
|
|
|
|
Scope string `yaml:"scope" json:"scope"`
|
2020-10-08 15:06:42 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-18 15:51:49 +08:00
|
|
|
|
func (this *CaptchaAction) Init(waf *WAF) error {
|
|
|
|
|
|
return nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (this *CaptchaAction) Code() string {
|
|
|
|
|
|
return ActionCaptcha
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (this *CaptchaAction) IsAttack() bool {
|
|
|
|
|
|
return false
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (this *CaptchaAction) WillChange() bool {
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
|
|
|
|
|
// 是否在白名单中
|
2021-10-18 20:08:43 +08:00
|
|
|
|
if SharedIPWhiteList.Contains("set:"+set.Id, this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
2021-07-18 15:51:49 +08:00
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
refURL := request.WAFRaw().URL.String()
|
|
|
|
|
|
|
|
|
|
|
|
// 覆盖配置
|
|
|
|
|
|
if strings.HasPrefix(refURL, CaptchaPath) {
|
|
|
|
|
|
info := request.WAFRaw().URL.Query().Get("info")
|
|
|
|
|
|
if len(info) > 0 {
|
|
|
|
|
|
m, err := utils.SimpleDecryptMap(info)
|
|
|
|
|
|
if err == nil && m != nil {
|
|
|
|
|
|
refURL = m.GetString("url")
|
|
|
|
|
|
}
|
2020-10-08 15:06:42 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-18 15:51:49 +08:00
|
|
|
|
var captchaConfig = maps.Map{
|
|
|
|
|
|
"action": this,
|
|
|
|
|
|
"timestamp": time.Now().Unix(),
|
|
|
|
|
|
"url": refURL,
|
|
|
|
|
|
"setId": set.Id,
|
|
|
|
|
|
}
|
|
|
|
|
|
info, err := utils.SimpleEncryptMap(captchaConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
remotelogs.Error("WAF_CAPTCHA_ACTION", "encode captcha config failed: "+err.Error())
|
|
|
|
|
|
return true
|
2020-10-08 15:06:42 +08:00
|
|
|
|
}
|
2021-07-18 15:51:49 +08:00
|
|
|
|
|
|
|
|
|
|
http.Redirect(writer, request.WAFRaw(), CaptchaPath+"?info="+url.QueryEscape(info), http.StatusTemporaryRedirect)
|
2020-10-08 15:06:42 +08:00
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
|
}
|
