diff --git a/config/config.go b/config/config.go
index d4316b4..461baa1 100644
--- a/config/config.go
+++ b/config/config.go
@@ -2,7 +2,7 @@ package config
import "flag"
-var SSLPortNumber, PortNumber, Key, Cert, SessionsFile, PWDContainerName, PWDCName string
+var SSLPortNumber, PortNumber, Key, Cert, SessionsFile, PWDContainerName, PWDCName, HashKey string
var MaxLoadAvg float64
func ParseFlags() {
@@ -13,6 +13,7 @@ func ParseFlags() {
flag.StringVar(&SessionsFile, "save", "./pwd/sessions", "Tell where to store sessions file")
flag.StringVar(&PWDContainerName, "name", "pwd", "Container name used to run PWD (used to be able to connect it to the networks it creates)")
flag.StringVar(&PWDCName, "cname", "host1", "CNAME given to this host")
+ flag.StringVar(&HashKey, "hash_key", "salmonrosado", "Hash key to use for cookies")
flag.Float64Var(&MaxLoadAvg, "maxload", 100, "Maximum allowed load average before failing ping requests")
flag.Parse()
}
diff --git a/handlers/new_session.go b/handlers/new_session.go
index fc39deb..f6926cc 100644
--- a/handlers/new_session.go
+++ b/handlers/new_session.go
@@ -17,10 +17,9 @@ type NewSessionResponse struct {
func NewSession(rw http.ResponseWriter, req *http.Request) {
req.ParseForm()
- if !services.IsHuman(req) {
+ if !services.IsHuman(req, rw) {
// User it not a human
- rw.WriteHeader(http.StatusConflict)
- rw.Write([]byte("Only humans are allowed!"))
+ http.Redirect(rw, req, "/", http.StatusFound)
return
}
diff --git a/services/recaptcha.go b/services/recaptcha.go
index 500897d..53548de 100644
--- a/services/recaptcha.go
+++ b/services/recaptcha.go
@@ -2,11 +2,17 @@ package services
import (
"encoding/json"
+ "fmt"
"log"
"net/http"
"net/url"
"os"
"strings"
+ "time"
+
+ "github.com/franela/play-with-docker/config"
+ "github.com/gorilla/securecookie"
+ "github.com/twinj/uuid"
)
func GetGoogleRecaptchaSiteKey() string {
@@ -31,10 +37,22 @@ type recaptchaResponse struct {
Success bool `json:"success"`
}
-func IsHuman(req *http.Request) bool {
+var s = securecookie.New([]byte(config.HashKey), nil)
+
+func IsHuman(req *http.Request, rw http.ResponseWriter) bool {
if os.Getenv("GOOGLE_RECAPTCHA_DISABLED") != "" {
return true
}
+
+ if cookie, _ := req.Cookie("session_id"); cookie != nil {
+ fmt.Println(cookie)
+ var value string
+ if err := s.Decode("session_id", cookie.Value, &value); err != nil {
+ return false
+ }
+ return true
+ }
+
challenge := req.Form.Get("g-recaptcha-response")
// Of X-Forwarded-For exists, it means we are behind a loadbalancer and we should use the real IP address of the user
@@ -57,5 +75,16 @@ func IsHuman(req *http.Request) bool {
var r recaptchaResponse
json.NewDecoder(resp.Body).Decode(&r)
- return r.Success
+ if !r.Success {
+ return false
+ }
+
+ encoded, _ := s.Encode("session_id", uuid.NewV4().String())
+ http.SetCookie(rw, &http.Cookie{
+ Name: "session_id",
+ Value: encoded,
+ Expires: time.Now().Add(10 * time.Second),
+ })
+
+ return true
}
diff --git a/www/welcome.html b/www/welcome.html
index c28c65e..12117a5 100644
--- a/www/welcome.html
+++ b/www/welcome.html
@@ -12,8 +12,9 @@
Welcome!
Before starting we need to verify you are a human
@@ -22,6 +23,10 @@
function iAmHuman(resp) {
document.getElementById('welcomeForm').submit();
}
+ if (document.cookie.indexOf('session_id') > -1) {
+ document.getElementById('create').style = "";
+ document.getElementById('recaptcha').style = "display:none;";
+ }