diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-01-18 21:49:10 -0500 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2025-01-18 21:49:10 -0500 |
| commit | 84b152afc083ff5421c76e1eb0b7eac9e0f20569 (patch) | |
| tree | c63e2edd1633df66ac1bdd89921e24adb4d7a7e5 /cmd | |
| parent | 5c8b87224e53078bfb0737e93a4f02d857bb9be2 (diff) | |
| download | x-84b152afc083ff5421c76e1eb0b7eac9e0f20569.tar.xz x-84b152afc083ff5421c76e1eb0b7eac9e0f20569.zip | |
cmd/anubis: add time to the hash
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/anubis/README.md | 3 | ||||
| -rw-r--r-- | cmd/anubis/main.go | 3 | ||||
| -rw-r--r-- | cmd/anubis/static/js/proof-of-work.mjs | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/cmd/anubis/README.md b/cmd/anubis/README.md index 81cb615..2de4847 100644 --- a/cmd/anubis/README.md +++ b/cmd/anubis/README.md @@ -61,8 +61,9 @@ Challenges are formed by taking some user request metadata and using that to gen - `Accept-Language`: The language that the requestor would prefer the server respond in, such as English. - `X-Real-Ip`: The IP address of the requestor, as set by a reverse proxy server. - `User-Agent`: The user agent string of the requestor. +- The current time in UTC rounded to the nearest week. -This forms a fingerprint of the requestor using metadata that any requestor already is sending. Depending on facts and circumstances, you may wish to disclose this to your users. +This forms a fingerprint of the requestor using metadata that any requestor already is sending. It also uses time as an input, which is known to both the server and requestor due to the nature of linear timelines. Depending on facts and circumstances, you may wish to disclose this to your users. ### JWT signing diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go index b3cfdf7..2cef409 100644 --- a/cmd/anubis/main.go +++ b/cmd/anubis/main.go @@ -129,10 +129,11 @@ func sha256sum(text string) (string, error) { func challengeFor(r *http.Request) string { data := fmt.Sprintf( - "Accept-Encoding=%s,Accept-Language=%s,X-Real-IP=%s,User-Agent=%s", + "Accept-Encoding=%s,Accept-Language=%s,X-Real-IP=%s,User-Agent=%s,WeekTime=%s", r.Header.Get("Accept-Encoding"), r.Header.Get("Accept-Language"), r.Header.Get("X-Real-Ip"), + time.Now().UTC().Round(24*7*time.Hour).Format(time.RFC3339), r.UserAgent(), ) result, _ := sha256sum(data) diff --git a/cmd/anubis/static/js/proof-of-work.mjs b/cmd/anubis/static/js/proof-of-work.mjs index edaf865..d71d2db 100644 --- a/cmd/anubis/static/js/proof-of-work.mjs +++ b/cmd/anubis/static/js/proof-of-work.mjs @@ -46,7 +46,7 @@ function processTask() { let nonce = 0; do { hash = await sha256(data + nonce++); - } while (hash.substr(0, difficulty) !== Array(difficulty + 1).join('0')); + } while (hash.substring(0, difficulty) !== Array(difficulty + 1).join('0')); nonce -= 1; // last nonce was post-incremented |