From d2b874794abc2768d3531fd40f22cf28173bcbde Mon Sep 17 00:00:00 2001 From: arnaucode Date: Wed, 9 Aug 2017 13:05:29 +0200 Subject: [PATCH] implemented captcha time validation on backend, added reload captcha option in javascript library --- README.md | 42 ++++++++++++++++++++++++++++-------------- captcha.go | 30 ++++++++++++++++++++++-------- web/goCaptcha.css | 4 ++++ web/goCaptcha.js | 10 ++++++---- 4 files changed, 60 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 969c36c..97ac23f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # goCaptcha captcha server, with own datasets, to train own machine learning AI -### How to use? -#### Frontend +## 1 - How to use? +### 1.1 - Frontend Insert this lines in the html file: ```html @@ -19,7 +19,7 @@ It will place the goCaptcha box in the div: ![goCaptcha](https://raw.githubusercontent.com/arnaucode/goCaptcha/master/demo01.png "goCaptcha") -#### Backend +### 1.2 - Backend - Put dataset images in the folder 'imgs'. - Run MongoDB. - Go to the folder /goCaptcha, and run: @@ -37,9 +37,9 @@ user@laptop:~/goCaptcha$ ./goCaptcha ``` -### How to make the petitions? +## 2 - How to make the petitions? -1. Get the captcha: +### 2.1 - Get the captcha: ``` GET/ 127.0.0.1:3025/captcha ``` @@ -56,14 +56,20 @@ Server response: "1b838c46-b784-471e-b143-48be058c39a7.png" ], "question": "leopard", - "date": "" + "date": "1502274893" } ``` -2. User selects the images that fit in the 'question' parameter +### 2.2 - User selects the images that fit in the 'question' parameter (in this case, 'leopard') -3. Post the answer. The answer contains the CaptchaId, and an array with the selected images +The selection is stored in an array: +```js + selection=[0,0,1,0,1,0]; +``` +Where the '1' are the images selected, in the images array order. + +### 2.3 - Post the answer. The answer contains the CaptchaId, and an array with the selected images ``` POST/ 127.0.0.1:3025/answer ``` @@ -71,7 +77,7 @@ Post example: ```json { "captchaid": "881c6083-0643-4d1c-9987-f8cc5bb9d5b1", - "selection": [0,0,0,0,1,1] + "selection": [0,0,1,0,1,0] } ``` Server response: @@ -79,9 +85,9 @@ Server response: true ``` -### How this works? +## 3 - How this works? -###### Server reads dataset +### 3.1 - Server reads dataset First, server reads all dataset. Dataset is a directory with subdirectories, where each subdirectory contains images of one element. For example: @@ -104,7 +110,7 @@ imgs/ Then, stores all the filenames corresponding to each subdirectory. So, we have each image and to which element category is (the name of subdirectory). -###### Server generates captcha +### 3.2 - Server generates captcha When server recieves a GET /captcha, generates a captcha, getting random images from the dataset. For each captcha generated, generates two mongodb models: @@ -144,7 +150,8 @@ CaptchaSolution Model "leopard", "leopard" ], - "question" : "leopard" + "question" : "leopard", + "date": "1502274893" } ``` Both models are stored in the MongoDB. @@ -165,7 +172,14 @@ When the server recieves a petition to get an image, recieves the petition with Captcha Model contains the captcha that server returns to the petition. And CaptchaSolution contains the solution of the captcha. Both have the same Id. -###### Server validates captcha +### 3.3 - Server validates captcha When server recieves POST /answer, gets the answer, search for the CaptchaSolution based on the CaptchaId in the MongoDB, and then compares the answer 'selection' parameter with the CaptchaSolution. If the selection is correct, returns 'true', if the selection is not correct, returns 'false'. + + +## 4 - Security + +- If the captcha is resolved in less than 1 second, it's not valid. +- If the captcha is resolved in more than 1 minute, it's not valid. +- The images url, are UUIDs generated each time, in order to give different names for the images each time. diff --git a/captcha.go b/captcha.go index f63e970..bdbf31b 100644 --- a/captcha.go +++ b/captcha.go @@ -1,9 +1,11 @@ package main import ( + "fmt" "math/rand" "os/exec" "strings" + "time" "gopkg.in/mgo.v2/bson" ) @@ -16,10 +18,9 @@ type Captcha struct { } type CaptchaSol struct { Id string `json:"id"` - Imgs []string `json:"imgs"` ImgsSolution []string `json:"imgssolution"` Question string `json:"question"` //select all X - Date string `json:"date"` + Date int64 `json:"date"` } type CaptchaAnswer struct { CaptchaId string `json:"captchaid"` @@ -42,6 +43,10 @@ func generateRandInt(min int, max int) int { //rand.Seed(time.Now().UTC().UnixNano()) return rand.Intn(max-min) + min } +func generateQuestionFromCategoriesArray(imgs []string) string { + n := generateRandInt(0, len(imgs)) + return imgs[n] +} func generateCaptcha(count int) Captcha { var captcha Captcha var captchaSol CaptchaSol @@ -60,14 +65,13 @@ func generateCaptcha(count int) Captcha { err := imgFakePathCollection.Insert(imgFakePath) check(err) captcha.Imgs = append(captcha.Imgs, imgFakePath.Fake) - captchaSol.Imgs = append(captchaSol.Imgs, dataset[categDataset[nCateg]][nImg]) captchaSol.ImgsSolution = append(captchaSol.ImgsSolution, categDataset[nCateg]) } - captcha.Question = "leopard" - captchaSol.Question = "leopard" - err := captchaCollection.Insert(captcha) - check(err) - err = captchaSolCollection.Insert(captchaSol) + question := generateQuestionFromCategoriesArray(captchaSol.ImgsSolution) + captcha.Question = question + captchaSol.Question = question + captchaSol.Date = time.Now().Unix() + err := captchaSolCollection.Insert(captchaSol) check(err) return captcha } @@ -94,5 +98,15 @@ func validateCaptcha(captchaAnswer CaptchaAnswer) bool { } } + //time elapsed from captcha generation comprovation + date := time.Unix(captchaSol.Date, 0) + elapsed := time.Since(date) + fmt.Println(elapsed.Seconds()) + if elapsed.Seconds() < 1 { + solved = false + } + if elapsed.Seconds() > 60 { + solved = false + } return solved } diff --git a/web/goCaptcha.css b/web/goCaptcha.css index 067bdcc..6b73b3d 100644 --- a/web/goCaptcha.css +++ b/web/goCaptcha.css @@ -3,6 +3,10 @@ background: #64B5F6!important; color: #ffffff!important; } +.c_red300{ + background: #E57373!important; + color: #ffffff!important; +} .g_button{ border: none; border-radius: 2px; diff --git a/web/goCaptcha.js b/web/goCaptcha.js index 77d75ba..cfd389c 100644 --- a/web/goCaptcha.js +++ b/web/goCaptcha.js @@ -29,13 +29,13 @@ function showCaptcha(captcha) { html = ""; html += "

Select all " + captcha.question + "s

"; for (k in captcha.imgs) { - html += ""; + html += ""; } - html += "
Validate
"; + html += "
Validate
"; document.getElementById("goCaptcha").innerHTML = html; } -function select(elem) { +function selectCaptchaImg(elem) { if (selection[elem.id] == 0) { selection[elem.id] = 1; document.getElementById(elem.id).className = "g_selected"; @@ -45,7 +45,7 @@ function select(elem) { } } -function validate() { +function validateCaptcha() { var answer = { selection: selection, captchaid: captcha.id @@ -56,7 +56,9 @@ function validate() { if (resp) { html += "

goCaptcha validated

"; } else { + selection = [0, 0, 0, 0, 0, 0]; html += "

goCaptcha failed

"; + html += "
Reload Captcha
"; } document.getElementById("goCaptcha").innerHTML = html; }