(actionConfig *CaptchaAction, policyId int64, groupId int64, setId int64, originURL string, req requests.Request, writer http.ResponseWriter, useLocalFirewall bool)
| 757 | } |
| 758 | |
| 759 | func (this *CaptchaValidator) validateGeeTestForm(actionConfig *CaptchaAction, policyId int64, groupId int64, setId int64, originURL string, req requests.Request, writer http.ResponseWriter, useLocalFirewall bool) (allow bool) { |
| 760 | var geeTestConfig = actionConfig.GeeTestConfig |
| 761 | if geeTestConfig == nil || !geeTestConfig.IsOn { |
| 762 | return |
| 763 | } |
| 764 | |
| 765 | defer func() { |
| 766 | if allow { |
| 767 | // 清除计数 |
| 768 | CaptchaDeleteCacheKey(req) |
| 769 | |
| 770 | var life = CaptchaSeconds |
| 771 | if actionConfig.Life > 0 { |
| 772 | life = types.Int(actionConfig.Life) |
| 773 | } |
| 774 | |
| 775 | // 加入到白名单 |
| 776 | SharedIPWhiteList.RecordIP(wafutils.ComposeIPType(setId, req), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") |
| 777 | |
| 778 | // 记录到Cookie |
| 779 | this.setCookie(writer, setId, life) |
| 780 | |
| 781 | writer.WriteHeader(http.StatusOK) |
| 782 | } else { |
| 783 | // 增加计数 |
| 784 | CaptchaIncreaseFails(req, actionConfig, policyId, groupId, setId, CaptchaPageCodeSubmit, useLocalFirewall) |
| 785 | |
| 786 | writer.WriteHeader(http.StatusBadRequest) |
| 787 | } |
| 788 | }() |
| 789 | |
| 790 | if req.WAFRaw().Body == nil || req.WAFRaw().ContentLength <= 0 || req.WAFRaw().ContentLength > 2048 { |
| 791 | return false |
| 792 | } |
| 793 | |
| 794 | data, err := io.ReadAll(req.WAFRaw().Body) |
| 795 | if err != nil { |
| 796 | return false |
| 797 | } |
| 798 | |
| 799 | var m = maps.Map{} |
| 800 | err = json.Unmarshal(data, &m) |
| 801 | if err != nil { |
| 802 | return false |
| 803 | } |
| 804 | |
| 805 | const GeeTestAPIServer = "https://gcaptcha4.geetest.com" |
| 806 | var GeeTestAPIURL = GeeTestAPIServer + "/validate" + "?captcha_id=" + geeTestConfig.CaptchaId |
| 807 | |
| 808 | var lotNumber = m.GetString("lot_number") |
| 809 | |
| 810 | var hash = hmac.New(sha256.New, []byte(geeTestConfig.CaptchaKey)) |
| 811 | hash.Write([]byte(lotNumber)) |
| 812 | var signToken = hex.EncodeToString(hash.Sum(nil)) |
| 813 | |
| 814 | var query = url.Values{ |
| 815 | "lot_number": []string{lotNumber}, |
| 816 | "captcha_output": []string{m.GetString("captcha_output")}, |
no test coverage detected