diff --git a/examples/forgejo.yml b/examples/forgejo.yml index 80bbd9c..528fecc 100644 --- a/examples/forgejo.yml +++ b/examples/forgejo.yml @@ -147,7 +147,7 @@ rules: - name: 0 action: check settings: - challenges: [js-pow-sha256, http-cookie-check] + challenges: [js-refresh, http-cookie-check] - name: 1 action: check settings: @@ -173,7 +173,7 @@ rules: - 'path.matches("^/[^/]+/[^/]+/archive/.*\\.(bundle|zip|tar\\.gz)") && ($is-generic-browser)' action: challenge settings: - challenges: [ js-pow-sha256 ] + challenges: [ js-refresh ] - name: allow-git-operations conditions: @@ -242,11 +242,11 @@ rules: - name: 0 action: check settings: - challenges: [preload-link, header-refresh, js-pow-sha256, http-cookie-check] + challenges: [preload-link, header-refresh, js-refresh, http-cookie-check] - name: 1 action: check settings: - challenges: [ resource-load, js-pow-sha256, http-cookie-check ] + challenges: [ resource-load, js-refresh, http-cookie-check ] - name: standard-bots action: check @@ -274,7 +274,7 @@ rules: # if DNSBL fails, check additional challenges fail: check fail-settings: - challenges: [js-pow-sha256, http-cookie-check] + challenges: [js-refresh, http-cookie-check] # Allow PUT/DELETE/PATCH/POST requests in general - name: non-get-request @@ -321,7 +321,7 @@ rules: - name: standard-browser action: challenge settings: - challenges: [http-cookie-check, preload-link, meta-refresh, resource-load, js-pow-sha256] + challenges: [http-cookie-check, preload-link, meta-refresh, resource-load, js-refresh, js-pow-sha256] conditions: - '($is-generic-browser)' diff --git a/examples/generic.yml b/examples/generic.yml index de84b6d..5c894ac 100644 --- a/examples/generic.yml +++ b/examples/generic.yml @@ -98,7 +98,7 @@ rules: - name: 0 action: check settings: - challenges: [js-pow-sha256] + challenges: [js-refresh] - name: 1 action: check settings: @@ -122,12 +122,12 @@ rules: # if DNSBL fails, check additional challenges fail: check fail-settings: - challenges: [js-pow-sha256] + challenges: [js-refresh] - name: suspicious-fetchers action: check settings: - challenges: [js-pow-sha256] + challenges: [js-refresh] conditions: - 'userAgent.contains("facebookexternalhit/") || userAgent.contains("facebookcatalog/")' @@ -170,7 +170,7 @@ rules: - name: standard-browser action: challenge settings: - challenges: [preload-link, meta-refresh, resource-load, js-pow-sha256] + challenges: [preload-link, meta-refresh, resource-load, js-refresh] conditions: - '($is-generic-browser)' diff --git a/examples/snippets/challenge-js-refresh.yml b/examples/snippets/challenge-js-refresh.yml new file mode 100644 index 0000000..73ba729 --- /dev/null +++ b/examples/snippets/challenge-js-refresh.yml @@ -0,0 +1,6 @@ +challenges: + js-refresh: + # Challenges with a redirect via window.location (requires HTML parsing and JavaScript logic) + runtime: "refresh" + parameters: + refresh-via: "javascript" \ No newline at end of file diff --git a/lib/challenge/refresh/refresh.go b/lib/challenge/refresh/refresh.go index dfb1426..b5d2a5f 100644 --- a/lib/challenge/refresh/refresh.go +++ b/lib/challenge/refresh/refresh.go @@ -1,9 +1,12 @@ package refresh import ( + "encoding/json" + "fmt" "git.gammaspectra.live/git/go-away/lib/challenge" "github.com/goccy/go-yaml" "github.com/goccy/go-yaml/ast" + "html/template" "net/http" "time" ) @@ -45,7 +48,17 @@ func FillRegistration(state challenge.StateInterface, reg *challenge.Registratio return challenge.VerifyResultFail } - if params.Mode == "meta" { + if params.Mode == "javascript" { + data, err := json.Marshal(uri.String()) + if err != nil { + return challenge.VerifyResultFail + } + state.ChallengePage(w, r, state.Settings().ChallengeResponseCode, reg, map[string]any{ + "EndTags": []template.HTML{ + template.HTML(fmt.Sprintf("", string(data))), + }, + }) + } else if params.Mode == "meta" { state.ChallengePage(w, r, state.Settings().ChallengeResponseCode, reg, map[string]any{ "MetaTags": []map[string]string{ {