Code Index:

package OpenResty::Handler::Captcha
__END__
EOF

NAME

OpenResty::Handler::Captcha - The captcha handler for OpenResty

SYNOPSIS

DESCRIPTION

This OpenResty handler class implements the Captcha API, i.e., the /=/captcha/* stuff.

METHODS

AUTHORS

chaoslawful (王晓哲) <chaoslawful at gmail dot com>, Agent Zhang (agentzh) <agentzh@yahoo.cn>

package OpenResty::Handler::Captcha; use strict; use warnings; use utf8; use File::ShareDir qw(dist_dir); use File::Spec; use Crypt::CBC; use MIME::Base64; use Digest::MD5 qw/md5/; use Encode qw( encode decode is_utf8 ); use base 'OpenResty::Handler::Base'; __PACKAGE__->register('captcha'); sub requires_acl { undef } sub level2name { qw< captcha_list captcha_column captcha_value >[$_[-1]] } my $FontPath = "$FindBin::Bin/../share/font/wqy-zenhei.ttf"; eval { if ( !-f $FontPath ) { $FontPath = File::Spec->catfile( dist_dir('OpenResty'), 'font/wqy-zenhei.ttf' ); if ( ! -f $FontPath || !-r $FontPath ) { warn "WARNING: Chinese font file $FontPath not found or not readable.\n"; } else { #warn "Found chinese font file $FontPath.\n"; } } }; if ($@) { warn $@; } my $PLAINTEXT_SEP = ":"; # separator character in plaintext str my $MIN_TIMESPAN = 1; # minimum timespan(sec) for a valid Captcha, # verification will fail before this timespan. # default to 3s. my $MAX_TIMESPAN = 3600; # maximum timespan(sec) for a valid Captcha, # Captcha will be invalid after this timespan. # default to 15m. my $Error; eval "use GD::SecurityImage;"; $Error = $@; # XXX TODO: We should put the dictionary to elsewhere... my @CnWordList = qw( ä¸€æœ¬æ£ç» ä¸Šå‡ ä¸‹é™ ä¸å‡æ€ç´¢ ä¸“é—¨ ä¸¥ä¸¥å®žå®ž ä¸¥å¯’ ä¸°æ”¶ ä¹Œé¾Ÿ ä¹±æˆä¸€å›¢ äº‰å¥‡æ–—è‰³ äº”å…‰åè‰² äº¤é”™ äººè¡Œé“ ä»çˆ± ä»ç„¶ ä»™å ä»£è¡¨ ä»°æœ› ä»°èµ· ä»·å€¼ ä¼ æŽˆ ä¼ æ’ ä¼¼ä¹Ž ä½Žå¤´ ä½“è´´ ä½¿åŠ² ä¾ç„¶ ä¿ç•™ ä¿®å»º ä¿®ç† å‡è£… å‚²æ…¢ å…‰æ´ å…å¾— å…¨éƒ¨ å…³ç³» å…´å¥‹ å…´è¶£ å…´é«˜é‡‡çƒˆ å†°éž‹ å†²å‡»åŠ› å†³å¿ƒ å‡†å¤‡ å‡†ç¡®æ— è¯¯ å‡‰çˆ½ å‡å°‘ å‡è½» å‡ ä¹Ž å‡¤å°¾ç«¹ åˆ›ä¸¾ åˆ›é€ å‰å¤• å‰çˆª åŠ›é‡ åŠ ç´§ åŠ¨å¬ å‹‡æ•¢ å‹‡æ°” åŒ…æ‹¬ åƒå‘¼ä¸‡å”¤ åƒå¥‡ç™¾æ€ª å¡ç‰‡ å±é™© åŽ†å² å‚åŠ åˆæ¾åˆè½¯ åŒé¾™æˆç å¤è€ å¯å£ å¯æƒœ å°é˜¶ å„ç§å„æ · åˆäºŒä¸ºä¸€ åˆæ‹¢ åŒæƒ… åå ‚ åè´µ å’±ä»¬ å“è¡Œ å››è‚¢ å››è„šæœå¤© å›žé¦– å›ºç„¶ å›¾æ¡ˆ åœ°è´¨å¦å®¶ åšå›º å¦å…‹ åªå åž‚å¤´ä¸§æ°” å¤§æƒŠå¤±è‰² å¤§æ˜¾ç¥žå¨ å¤§æ¦‚ å¤§è…¿ å¤§è‡´ å¥‡æ€ª å¥‹åŠ› å¥”æµä¸æ¯ å¥”è·‘ å¥½å¥‡ å¦‚å®ž å§¿åŠ¿ å¨æ¦ å¨‡å«© å«©ç»¿ å”é›€èˆž å¦é—® å®‡å®™ å®šæ—¶ å®è´µ å®žéªŒ å®½è£• å¯†åˆ‡ å¯†å¯†å±‚å±‚ å¯»æ‰¾ å±…ç„¶ å±•ç¤º å¸Œæœ› å¹³æ¯ å¹³æ•´ å¼•äººæ³¨ç›® å½“åˆ å½¢çŠ¶ å¾®ç”Ÿç‰© å¿ƒæ„ å¿½ç„¶ æ¼æ€’ æ‚„æ‚„ æƒ…å†µ æƒ…ç»ª æƒŠè®¶ æ„¿æ„ æ…¢åžåž æ‡‚å¾— æ‡’æ´‹æ´‹ æˆåŠŸ æˆæžœ æˆç¾¤ç»“é˜Ÿ æˆ–è€… æˆ˜åœº æ‰€ä»¥ æ‰‡å æ‰‹æŽŒ æ‰‹é”¯ æ‰å¹² æ‰“æ‰® æ‰“é‡ æŠ–åŠ¨ æŠ¢èµ° æŠ«ç”² æŠ½å‡º æ‹…å¿ƒ æ‹›å‘¼ æ‹›å¼• æ‹›æž¶ æ‹œè®¿ æ‹¥æŠ± æ‹¼å‘½ æŒä¹… æŒ‰ç…§ æŒ¡ä½ æŒ¤æ¥æŒ¤åŽ» æ‰è¿·è— æŽŒå£° æŽ¨åŠ¨ æŽ¨æµ‹ æé†’ æ‘†å¼„ æ‘‡æ™ƒ æ”¶è— æ”¾å¤§é•œ æ•Œäºº æ•™è‚²å®¶ æ•£æ¥ æ•¬ç¤¼ æ•¬é‡ æ–‡é™ æ–§å¤´ æ—…è¡Œ æ— è®º æ˜†è™« æ˜¾å¾®é•œ æ˜¾ç„¶ æ™®é€šè¯ æš—ç¤º æœ‰è¶£ æœ¬èƒ½ æœ´ç´ æ‚å¿—ç¤¾ æé»„ æ‘å æ¨æ ‘ æžœç„¶ æŸ¿å æ æ¿ æ£€æŸ¥ æ¤ç‰©å¦å®¶ æ¨ªè·¨ æ¬¢å”± æ¬¢å¿« æ¬¢è¹¦ä¹±è·³ æ¬£èµ æ¢å¢ƒ æ°”å‘³ æ°”æ¯ æ±‡æˆ æ²¹äº®äº® æ²¿é€” æ³¨è§† æ´ç™½ æµªè´¹ æ·±è“ æ¸…å‡‰ æ¸…é—² æ¸”ä¸šå·¥äºº æ¸¸æˆ æ¹¿åº¦ æ»‹æ¶¦ æ¿€åŠ¨ ç‚Žçƒ ç‚®å£ çƒçƒˆ çƒé—¹ ç…§ç›¸æœº çˆ¬å±± ç‰©äº§ä¸°å¯Œ çŒœæµ‹ çŒ®å‡º çŽ©å…· çŽ©æ„ çŽ©è€ ç†ä¼š ç“¶å ç”œèœœ ç•™å¿ƒ ç•™æ„ ç™½å‘è‹è‹ ç››å¼€ ç›¸æå¹¶è®º ç›¸è· ç›¼æœ› çœ‹å®ˆ çœ¼é•œ çŸ³æ ç ”ç©¶ ç¡®ç¡®å®žå®ž ç£¨åŠ ç¥–ç¥–è¾ˆè¾ˆ ç¥ç¦ ç¥žæ°” ç§˜ä¹¦ ç§¦å² ç©¿æˆ´ çªç„¶ ç«‹åˆ» ç«‹å³ ç¬¬ä¸ƒè¯¾ ç‰å€™ ç®€å• ç®—æœ¯ ç²—å£® ç²®é£Ÿ ç²¾å¿ƒ ç²¾ç¾Ž ç´§å¼ çºªå¿µ çº³é—· çº¸è¢‹ ç»†å¾® ç»ˆäºŽ ç»’æ¯› ç»™äºˆ ç»§ç» ç»³å ç¾Žè§‚ è€ƒå¯Ÿ è‚Œè‚¤ è‚¥æ–™ è‚¯å®š èƒœåˆ©è€… èƒ¶å· èƒ¸è„¯ è‡ªå« è‡ªè¨€è‡ªè¯ èˆŒå¤´ è‰³ä¸½ èŠ‚çœ èŠ¬èŠ³è¿·äºº èŠ±ç“£ è‹é†’ èŒ‚å¯† èŒ‚ç›› èŒ¶æ¯ è’å‡‰ è¯æ èŽ·å¾— è è è‘—å è´è¶ è¡€æ¶² è§‚å¯Ÿ è§†çº¿ è®°å¿†åŠ› è®°è€… è®²è¿° è®¾è®¡ è¯æ˜Ž è¯•æŽ¢ è¯šå®ž è¯·æ•™ è°ƒèŠ‚ è°¦è™š è¶…å¸¸ è·¯é€” èº²é—ª è½¬å‘Š è½¬æ¥è½¬åŽ» è½®æµ è¾«å è¾½é˜” è¿Žå€™ è¿™äº› è¿›æ”» è¿œè¿‘é—»å è¿·å¤± é€‚å®œ é€‚åº” é—äº§ é—è¿¹ é¥æœ› é¥è¿œ é‚®ç¥¨ éƒŠå¤– é‡é‡ é’“é±¼ é“œé’Ÿ é•œç‰‡ é•¿å¤„ é•¿è¿› é˜…è¯» é˜»åŠ› é™†ç» é™Œç”Ÿ éšä¾¿ éšæ„ éš¾è¿‡ é›„ä¼Ÿ é›†åˆ éœ€è¦ éœ‡æƒŠ é¢åŒ…æ¸£ é¡¶å³° é¡ºåˆ© é¢œè‰² é£Žå°˜ä»†ä»† é£Žæ™¯ä¼˜ç¾Ž é£˜æ‰¬ é£˜é£˜æ‘‡æ‘‡ é£žæ•£ é£žèˆž é¦–æ¬¡ é¦™ç”œ éª„å‚² é«˜ä½Žä¸å¹³ é²œå«© é»‘æš— é¼“åŠ± ); my @WordList = qw( about afraid after again against agree almost along angry another answers arms around away back ball basket become begin better boat boating books booth born both boxes boys bread brush burn buses busy cake call camping capital care careful carry cars catch centre cheaper chess china cinema city class clean clever coat cold college comb come country course cups dark days decide declare deed deliver develop dinner dirty doctor doing door down dress drive each early east eight eleven enjoy evening every exam excited excuse fall family famous fast faster father feel fever fifty film fine finish first fish fishing five floor food foot forty four friend friends from front full funny future games give glad goal good goodbye grade ground grow hair half hand hands happen hard have head healthy hear heavily help here high hill history hold hole home hour hours house hundred hungry hurry hurt idea instead into invite jump just keep kind kinds knock know ladder lake largest last late learn leave left lesson lessons letter letters life lights like listen little live long longer look lunch machine make many market match matter meals medical meeting message middle million minute model modern moment money month more morning most move much music name near nearly need news next nice night nine north number office once oneself only open other over pair papers parents parking party pass past people piano pick piece place plane plant play player plenty points post prepare primary promise pulling quarter quick quietly race rain read ready rest result return right road room roses round rules rush school scoot send seven several ship shirt shoes shoot short show shower side sides signs singing sixty skate skating slim slow slowly smile snowman some soon sorry south spare speak sports square squares stamps stand start station stay stop store story street student studies study such summer supper table take talk tall teach teacher team teeth tell test thank that them then there these thin thing things think thirty this three through ticket time times today traffic train tree trees trip trouble turn twenty twice under until very view visit voice wait wake walk wall want wash washing watch ways wear week weeks welcome well west what when window winter wish with word work world worried write wrong year your hello moon ); # Create a normal Captcha ID sub GET_captcha_column { my ( $self, $openresty, $bits ) = @_; my $col = $bits->[1]; if ( $col eq 'id' ) { # Get captcha language param my $lang = lc( $openresty->builtin_param('_lang') ) || 'en'; # Generate captcha solution in the language my $solution; if ( $lang eq 'cn' ) { $solution = $self->gen_cn_solution($openresty); } elsif ( $lang eq 'en' ) { $solution = $self->gen_en_solution($openresty); } else { die "Unsupported lang (only cn and en allowed): $lang\n"; } my $user = $openresty->{_user}; if ( $OpenResty::Config{"frontend.test_mode"} && $user && $user eq 'tester' ) { # We are in the testing mode $MIN_TIMESPAN = 1; # change min valid timespan to 1s $MAX_TIMESPAN = 3; # change max valid timespan to 3s } # Generate min and max valid timestamp my $min_valid = time() + $MIN_TIMESPAN; my $max_valid = time() + $MAX_TIMESPAN; my $id = encrypt_captcha_id( $openresty, $lang, $solution, $min_valid, $max_valid ); return $id; } else { die "Unknown captcha column: $col\n"; } } sub GET_captcha_value { my ( $self, $openresty, $bits ) = @_; my $col = $bits->[1]; my $value = $bits->[2]; if ($Error) { die "Captchas support not available on this server.\n"; } my $ext = 'gif'; if ( $value =~ s/\.(gif|jpg|png|jpeg)$//g ) { $ext = $1; if ( $ext eq 'jpg' ) { $ext = 'jpeg' } } if ( $col eq 'id' ) { my $id = $value; # Decrypt captcha id to get info about the captcha my ( $rand1, $lang, $solution, $min_valid, $max_valid, $rand2 ) = decrypt_captcha_id( $openresty, $id ); # Exit if the captcha id is in wrong format die "Invalid captcha ID: $id\n" unless defined($solution); # Exit if the max valid time of the captcha has expired die "Captcha ID has expired: $id\n" if $max_valid < time(); # Generate image according to captcha info if ( $lang eq 'cn' ) { $self->gen_cn_image( $openresty, $solution ); } elsif ( $lang eq 'en' ) { $self->gen_en_image( $openresty, $solution ); } else { die "Unsupported lang (only cn and en allowed): $lang\n"; } } else { die "Unknown captcha column: $col\n"; } } sub gen_en_solution { my ( $self, $openresty ) = @_; my $str = ''; my $list = \@WordList; my ( $i, $j ) = ( 0, 0 ); while ( $i < 2 ) { last if $j > 100; my $rand = int rand scalar(@$list); my $saved_str = $str; $str .= $list->[$rand] . " "; my $len = length($str); if ( $len >= 15 ) { $str = $saved_str; $j++; next; } $i++; } $str; # XXX debug only } sub gen_cn_solution { my ( $self, $openresty ) = @_; my $str = ''; my $list = \@CnWordList; my ( $i, $j ) = ( 0, 0 ); while ( $i < 2 ) { last if $j > 100; my $rand = int rand scalar(@$list); my $saved_str = $str; $str .= $list->[$rand]; my $len = length($str); last if $len == 3; if ( $len >= 5 ) { $str = $saved_str; $j++; next; } $i++; } $str; # XXX debug only } sub gen_cn_image { my ( $self, $openresty, $str ) = @_; my $angle = int rand 4; my $captcha = GD::SecurityImage->new( width => 100, height => 37, lines => 2 + int rand 2, font => $FontPath, #thickness => 0.5, rndmax => 3, angle => $angle, ptsize => 15, #send_ctobg => 1, #scramble => 1, ); #warn $str; $captcha->random($str); $captcha->create( ttf => 'default' ); die "Failed to load ttf font for GD: $@\n" if $captcha->gdbox_empty; $captcha->particle(300); # : 1732); my ( $image_data, $mime_type ) = $captcha->out( compress => 1 ); $openresty->{_bin_data} = $image_data; $openresty->{_type} = "image/$mime_type"; ### $mime_type } sub gen_en_image { my ( $self, $openresty, $str ) = @_; my $angle = 2 + int rand 4; my $captcha = GD::SecurityImage->new( width => 130, height => 30, lines => 1, gd_font => 'giant', #thickness => 0.5, rndmax => 3, angle => $angle, #ptsize => 80, #send_ctobg => 1, #scramble => 1, ); #warn $str; $captcha->random($str); $captcha->create( normal => 'rect' ); $captcha->particle(100); # : 1732); my ( $image_data, $mime_type ) = $captcha->out( compress => 1 ); $openresty->{_bin_data} = $image_data; $openresty->{_type} = "image/$mime_type"; ### $mime_type } sub trim_sol { my $s = $_[0]; unless ( is_utf8($s) ) { $s = decode( 'UTF-8', $s ); } $s =~ s/\W+//g; $s; } sub validate_captcha { my ( $openresty, $id, $word ) = @_; my ( $rand1, $lang, $solution, $min_valid, $max_valid, $rand2 ) = decrypt_captcha_id( $openresty, $id ); # validate failed if the captcha id is in wrong format return ( 0, "Captcha ID format is incorrect." ) unless defined($solution); # wrong format # change true solution for testing purpose if ( $OpenResty::Config{"frontend.test_mode"} && $openresty->{_user} eq 'tester' ) { if ( $lang eq 'en' ) { $solution = 'hello world '; } else { $solution = 'ä½ å¥½ä¸–ç•Œ'; } } # validate failed if the captcha id has expired or not allowed to validate yet my $now = time(); return ( 0, "Answered too quickly." ) if $min_valid > $now; # ans too early return ( 0, "Captcha ID has expired." ) if $max_valid < $now; # ans too late # Construct cache key for captcha id. We cannot use captcha id directly, for the id itself # could be appending any characters without affecting its decryption. # Prepending "captcha" to prevent cache key confliction... # NOTE: the solution used here should not contains whitespaces, because it will be used as # part of the cache key! my $cache_key = join( $PLAINTEXT_SEP, "captcha", $rand1, $lang, trim_sol($solution), $min_valid, $max_valid, $rand2 ); utf8::encode($cache_key); # validate failed if the captcha id has been used my $used = $OpenResty::Cache->get($cache_key); return ( 0, "The captcha has been used." ) if $used; # ans used # validate failed if user input doesn't match the solution in captcha id #warn "Expected solution: $word\n"; #warn "Real solution: $solution\n"; return ( 0, "Solution to the captcha is incorrect." ) if trim_sol($word) ne trim_sol($solution); # wrong ans # validate succeed, remember which captcha id has been used #warn $cache_key, "\n"; $OpenResty::Cache->set( $cache_key => 1, $MAX_TIMESPAN ); return ( 1, "Verification succeeded." ); } sub decrypt_captcha_id { my ( $openresty, $id ) = @_; return () if !defined($id); $id = decode_base64_urlsafe($id); my ( $digest, $cipher ) = unpack( "a16a*", $id ); my $secret = get_captcha_secretkey($openresty); my $algo = Crypt::CBC->new( -key => $secret, -header => 'none', -iv => $secret, -cipher => 'Rijndael', ); my $plain = $algo->decrypt($cipher); return () unless $digest eq md5($plain); my ( $rand1, $lang, $solution, $min_valid, $max_valid, $rand2 ) = split( $PLAINTEXT_SEP, $plain ); return () unless defined($lang) && defined($solution) && defined($min_valid) && defined($max_valid); return () unless $min_valid > 0 && $max_valid > 0; return () unless defined($rand1) && $rand1 >= 0 && $rand1 < 10000; return () unless $rand1 == $rand2; return ( $rand1, $lang, $solution, $min_valid, $max_valid, $rand2 ); } sub encrypt_captcha_id { my ( $openresty, $lang, $solution, $min_valid, $max_valid ) = @_; my $rand = int( rand(10000) ); # Add random number before and after captcha parameters # in order to maximum obfuscate the cipher my $plain = join( $PLAINTEXT_SEP, $rand, $lang, $solution, $min_valid, $max_valid, $rand ); my $secret = get_captcha_secretkey($openresty); my $algo = Crypt::CBC->new( -key => $secret, -header => 'none', -iv => $secret, -cipher => 'Rijndael', ); my $cipher = $algo->encrypt($plain); # Generate a 16-byte MD5 signature for plaintext, to further protect cipher utf8::encode($plain); # XXX: eliminating md5() i/o error my $digest = md5($plain); return encode_base64_urlsafe( $digest . $cipher ); } sub get_captcha_secretkey { my $openresty = shift; # 128 bits secret key for encryption/decryption # Prepending "captcha:" to prevent cache key conflication... my $key = $OpenResty::Cache->get("captcha:key"); return $key if defined($key) && length($key) == 16; # Protect current user for restoring later, we don't want to break the outter context... my $cur_user = $openresty->current_user; $openresty->set_user("_global"); my $res = $openresty->select( "select captcha_key from _global._general", { use_hash => 1 } ); die "Unable to retrieve captcha secret key" unless defined($res) && @$res > 0 && exists $res->[0]{captcha_key}; $openresty->set_user($cur_user) if defined($cur_user); $key = $res->[0]{captcha_key}; die "Captcha secret key length invalid, should be exactly 16 bytes" unless length($key) == 16; # Cache the captcha secret key for 1 day # Prepending "captcha:" to prevent cache key conflication... $OpenResty::Cache->set( "captcha:key" => $key, 3600 * 24, 'trivial' ); return $key; } sub encode_base64_urlsafe { # base64 encode the given value and substitute URL-unsafe characters to URL-safe ones ( my $base64 = encode_base64( shift, "" ) ) =~ y!+/!._!; # remove the extra newline appended by encode_base64() chomp($base64); $base64 =~ s/=//g; return $base64; } sub decode_base64_urlsafe { # substitute URL-safe characters to original ones ( my $base64 = shift ) =~ y!._!+/!; my $result; { # suppress decode_base64() warnings (premature end of data, etc.) local $^W = 0; $result = decode_base64($base64); } return $result; } 1; __END__