/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024-2025 Rainbownapkin and the TTN Community
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Config
const config = require('../../config.json');
//NPM imports
const { createChallenge, verifySolution } = require('altcha-lib');
/**
* Create empty array to hold cache of spent payloads to protect against replay attacks
*/
const spent = [];
/**
* Captcha lifetime in minutes
*/
const lifetime = 2;
/**
* Generates captcha challenges to send down to the browser
* @param {Number} difficulty - Challange Difficulty (x100K internally)
* @param {String} uniqueSecret - Secret to salt the challange hash with
* @returns {String} Altcha Challenge hash
*/
module.exports.genCaptcha = async function(difficulty = 2, uniqueSecret = ''){
//Set altcha expiration date
const expiration = new Date();
//Add four minutes
expiration.setMinutes(expiration.getMinutes() + lifetime);
//Generate Altcha Challenge
return await createChallenge({
hmacKey: [config.altchaSecret, uniqueSecret].join(''),
maxNumber: 100000 * difficulty,
expires: expiration
});
}
/**
* Verifies completed altcha challenges handed over from the user
* @param {String} payload - Completed Altcha Payload
* @param {String} uniqueSecret - Server-side Unique Secret to verify payload came from server-generated challenge
* @returns {boolean} True if payload is a valid and unique altcha challenge which originated from this server
*/
module.exports.verify = async function(payload, uniqueSecret = ''){
//If this payload is already spent
if(spent.indexOf(payload) != -1){
//Fuck off and die
return false;
}
//Get length before pushing payload to get index of next item
const payloadIndex = spent.length;
//Add payload to cache of spent payloades
spent.push(payload);
//Set timeout to splice out the used payload after its expired so we're not filling RAM with expired payloads that aren't going to resolve true anyways
setTimeout(() => {spent.splice(payloadIndex,1);}, lifetime * 60 * 1000);
//Return verification results
return await verifySolution(payload, [config.altchaSecret, uniqueSecret].join(''));
}