Home Explore Help
Register Sign In
scw
/
apache-lua
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a6505d029f
Branches Tags
apache-lua
/
lua
/
scw.lua

scw.lua 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. require "apache2"
    2. 

  2. local redis = require "redis"
    3. 

  3. local regex = require "rex_pcre"
    4. 

  4. local mime = require "mime"
    5. 

  5. local cipher = require "openssl.cipher"
    6. 

  6. 

  7. 

  8. -- --------------------------------------------------------------------------
    9. 

  9. -- try to connect to redis
    10. 

  10. -- 
    11. 

  11. local redis_conn = nil
    12. 

  12. 

  13. 

  14. function _decrypt(message_and_iv, key)
    15. 

  15.   if message_and_iv:len() < 32 then
    16. 

  16.     -- io.stderr:write("message too short!\n")
    17. 

  17.     return ""
    18. 

  18.   end
    19. 

  19. 

  20.   iv, _ = message_and_iv:sub(1, 16)
    21. 

  21.   message, _ = message_and_iv:sub(17, -1)
    22. 

  22. 

  23.   local c = cipher.new("aes-256-cbc")
    24. 

  24. 

  25.   c:decrypt(key, iv)
    26. 

  26.   cleartext, err = c:final(message)
    27. 

  27.   if err ~= nil then
    28. 

  28.     -- io.stderr:write(err .. "\n")
    29. 

  29.     return ""
    30. 

  30.   end
    31. 

  31. 

  32.   -- io.stderr:write(cleartext .. "\n")
    33. 

  33.   return cleartext
    34. 

  34. end
    35. 

  35. 

  36. function scw(r)
    37. 

  37.   local start_time = r:clock()
    38. 

  38.   local has_redis = false
    39. 

  39.   local ignore = os.getenv("SCW_IGNORE")
    40. 

  40. 

  41.   -- io.stderr:write("url: " .. r.uri .. "\n")
    42. 

  42.   -- io.stderr:write(string.format("now: %d\n", r:clock()/1000/1000))
    43. 

  43. 

  44.   if ignore ~= nil and regex.match(r.uri, ignore) then
    45. 

  45.     -- io.stderr:write(string.format("ignoring %s\n", r.uri))
    46. 

  46.     return apache2.DECLINED
    47. 

  47.   end
    48. 

  48. 

  49.   -- --------------------------------------------------------------------------
    50. 

  50.   -- Does the user have an encrypted scw cookie that proves he is human?
    51. 

  51.   --
    52. 

  52.   local cookie_name = os.getenv("SCW_COOKIE")
    53. 

  53.   local cookie_key = r:base64_decode(os.getenv("SCW_KEY"))
    54. 

  54.   local human_cookie = r:getcookie(cookie_name)
    55. 

  55.   if human_cookie then
    56. 

  56.     human_cookie = r:base64_decode(r:unescape(human_cookie))
    57. 

  57.   end
    58. 

  58.   -- io.stderr:write("cookie: " .. r:base64_encode(human_cookie) .. "\n")
    59. 

  59.   local is_human = false
    60. 

  60. 

  61.   if human_cookie ~= nil and cookie_key:len() == 32 then
    62. 

  62.     local cookie_data = _decrypt(human_cookie, cookie_key)
    63. 

  63.     -- io.stderr:write("cookie: " .. cookie_data.."\n")
    64. 

  64. 

  65.     is_human = string.gsub(cookie_data, "scw|(.-)|(%d+)$", function (ip, exp)
    66. 

  66.       -- io.stderr:write(string.format("ip: %s, exp: %s\n", ip, exp))
    67. 

  67.       if ip == r.useragent_ip and r:clock() <= tonumber(exp) then
    68. 

  68.         return true
    69. 

  69.       end
    70. 

  70.       return false
    71. 

  71.     end)
    72. 

  72. 

  73.     if is_human then
    74. 

  74.       -- io.stderr:write(string.format("c: %.3f ms\n", (r:clock() - start_time) / 1000.0))
    75. 

  75.       -- io.stderr:write(string.format("found scw cookie for %s\n", r.useragent_ip))
    76. 

  76.       return apache2.DECLINED
    77. 

  77.     end
    78. 

  78.   end
    79. 

  79. 

  80.   -- --------------------------------------------------------------------------
    81. 

  81.   -- check for blacklist status
    82. 

  82.   --
    83. 

  83.   if pcall(function() redis_conn:ping() end) then
    84. 

  84.     has_redis = true
    85. 

  85.   else
    86. 

  86.     io.stderr:write("reconnecting to redis\n")
    87. 

  87.     local redis_host = os.getenv("SCW_REDIS_HOST")
    88. 

  88.     local redis_port = os.getenv("SCW_REDIS_PORT")
    89. 

  89.     io.stderr:write(string.format("redis host: %s\n", redis_host))
    90. 

  90.     if pcall(function() redis_conn = redis.connect(redis_host, 6379) end) then
    91. 

  91.       has_redis = true
    92. 

  92.     end
    93. 

  93.   end
    94. 

  94. 

  95.   if has_redis then
    96. 

  96.     -- io.stderr:write(string.format("ip: %s\n", r.useragent_ip))
    97. 

  97.     local v = redis_conn:get("bl:" .. r.useragent_ip)
    98. 

  98.     -- local h = redis_conn:get("h:" .. r.useragent_ip)
    99. 

  99.     -- io.stderr:write(string.format("bl: %s, h: %s\n", tostring(v), tostring(h)))
    100. 

  100.     if v ~= nil then -- and h == nil then
    101. 

  101.       local rprotocol = "http"
    102. 

  102.       if r.is_https then
    103. 

  103.         rprotocol = "https"
    104. 

  104.       end
    105. 

  105. 

  106.       local rport = ""
    107. 

  107.       if (r.is_https and r.port ~= 443) or (r.is_https ~= true and r.port ~= 80) then
    108. 

  108.         rport = string.format(":%d", r.port)
    109. 

  109.       end
    110. 

  110. 

  111.       local referer = string.format("%s://%s%s%s", rprotocol, r.hostname, rport, r.unparsed_uri)
    112. 

  112.       r.headers_out["location"] = string.format("http://docker.scw.systems:8003/?src=%s&r=%s", r.useragent_ip, r:escape(referer))
    113. 

  113. --[[
    114. 

  114.       r.headers_in["X-SCW-IP"] = v
    115. 

  115.       r.handler = "proxy-server"
    116. 

  116.       r.proxyreq = apache2.PROXYREQ_REVERSE
    117. 

  117.       r.filename = string.format("proxy:http://captcha:8080/?src=%s&r=%s", r.useragent_ip, r.unparsed_uri)
    118. 

  118. --]]
    119. 

  119.       -- io.stderr:write(string.format("+ %.3f ms\n", (r:clock() - start_time) / 1000.0))
    120. 

  120.       return apache2.HTTP_MOVED_TEMPORARILY
    121. 

  121.     end
    122. 

  122.   end
    123. 

  123. 

  124.   -- io.stderr:write(string.format("* %.3f ms\n", (r:clock() - start_time) / 1000.0))
    125. 

  125.   return apache2.DECLINED
    126. 

  126. end
    127.