人机识别验证成功后记录到Cookie，以便于在重启、切换节点时仍能恢复验证状态

internal/waf/action_captcha.go

@@ -4,8 +4,10 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeNode/internal/utils"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/fasttime"
 	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
 	wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils"
+	"github.com/iwind/TeaGo/types"
 	"net/http"
 	"net/url"
 	"strings"
@@ -130,6 +132,22 @@ func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req
 		}
 	}
 
+	// 检查Cookie值
+	var fullCookieName = captchaCookiePrefix + "_" + types.String(set.Id)
+	cookie, err := req.WAFRaw().Cookie(fullCookieName)
+	if err == nil && cookie != nil && len(cookie.Value) > 0 {
+		var info = &AllowCookieInfo{}
+		err = info.Decode(cookie.Value)
+		if err == nil && set.Id == info.SetId && info.ExpiresAt > fasttime.Now().Unix() {
+			// 重新记录到白名单
+			SharedIPWhiteList.RecordIP(wafutils.ComposeIPType(set.Id, req), this.Scope, req.WAFServerId(), req.WAFRemoteIP(), info.ExpiresAt, waf.Id, false, group.Id, set.Id, "")
+
+			return PerformResult{
+				ContinueRequest: true,
+			}
+		}
+	}
+
 	var refURL = req.WAFRaw().URL.String()
 
 	// 覆盖配置

internal/waf/allow_cookie_info.go

@@ -0,0 +1,46 @@
+// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package waf
+
+import (
+	"encoding/base64"
+	"encoding/binary"
+	"errors"
+	"github.com/TeaOSLab/EdgeNode/internal/utils"
+)
+
+type AllowCookieInfo struct {
+	SetId     int64
+	ExpiresAt int64
+}
+
+func (this *AllowCookieInfo) Encode() (string, error) {
+	if this.SetId < 0 {
+		this.SetId = 0
+	}
+	if this.ExpiresAt < 0 {
+		this.ExpiresAt = 0
+	}
+
+	var result = make([]byte, 16)
+	binary.BigEndian.PutUint64(result, uint64(this.SetId))
+	binary.BigEndian.PutUint64(result[8:], uint64(this.ExpiresAt))
+	return base64.StdEncoding.EncodeToString(utils.SimpleEncrypt(result)), nil
+}
+
+func (this *AllowCookieInfo) Decode(encodedString string) error {
+	data, err := base64.StdEncoding.DecodeString(encodedString)
+	if err != nil {
+		return err
+	}
+
+	var result = utils.SimpleDecrypt(data)
+	if len(result) != 16 {
+		return errors.New("unexpected data length")
+	}
+
+	this.SetId = int64(binary.BigEndian.Uint64(result[:8]))
+	this.ExpiresAt = int64(binary.BigEndian.Uint64(result[8:16]))
+
+	return nil
+}

internal/waf/allow_cookie_info_test.go

@@ -0,0 +1,35 @@
+// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package waf_test
+
+import (
+	"github.com/TeaOSLab/EdgeNode/internal/utils/fasttime"
+	"github.com/TeaOSLab/EdgeNode/internal/waf"
+	"github.com/iwind/TeaGo/assert"
+	"github.com/iwind/TeaGo/types"
+	"testing"
+)
+
+func TestAllowCookieInfo_Encode(t *testing.T) {
+	var a = assert.NewAssertion(t)
+
+	var info = &waf.AllowCookieInfo{
+		SetId:     123,
+		ExpiresAt: fasttime.Now().Unix(),
+	}
+	data, err := info.Encode()
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("encrypted: ["+types.String(len(data))+"]", data)
+
+	var info2 = &waf.AllowCookieInfo{}
+	err = info2.Decode(data)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Logf("%+v", info2)
+	a.IsTrue(info.SetId == info2.SetId)
+	a.IsTrue(info.ExpiresAt == info2.ExpiresAt)
+}