Feature/add puzzle challenge

.gitignore

@@ -15,3 +15,18 @@ logs
 
 keys
 .env
+
+#ignore node_modules and build artifacts
+internal/puzzle_ui/node_modules/
+internal/puzzle_ui/dist/client
+internal/puzzle_ui/.cache/
+
+#ignore dependency lock files if not needed
+internal/puzzle_ui/package-lock.json
+internal/puzzle_ui/yarn.lock
+
+.DS_Store
+.vscode/
+internal/puzzle_ui/src/client/.DS_Store
+internal/puzzle_ui/src/.DS_Store
+internal/puzzle_ui/.DS_Store

Dockerfile

@@ -35,4 +35,4 @@ EXPOSE 8081
 
 WORKDIR /opt/banjax
 
-CMD ["./entrypoint.sh"]
+CMD ["./entrypoint.sh"]

banjax-config.yaml

@@ -8,6 +8,8 @@ global_decision_lists:
     - 70.80.90.100
   challenge:
     - 8.8.8.8
+  puzzle_challenge:
+    - 192.168.65.1
 # These two should be the same,
 # if not, it will still work but API to query banned IP will be inconsistent
 expiring_decision_ttl_seconds: 300
@@ -135,3 +137,67 @@ sha_inv_path_exceptions:
     - /no_challenge
 # enable pprof for debugging
 profile: false
+#puzzle captcha configs:
+puzzle_error_log_file_path: "/var/log/banjax/puzzle_error.log"
+puzzle_thumbnail_entropy_secret: "9a96ba30c1190b12360e1c59b0247e534145484bc5ebc635330677c76dc0212a"
+puzzle_entropy_secret: "24c470da7acba2ad36bb6b98713148b6e8d0bbdac05d561d25fb1ae88cc8f2d6"
+puzzle_click_chain_entropy_secret: "8a5ea4dd46011b8ab22f5fa3fee875bc6a2ad7f15593ab7a952090ea4a1db450"
+puzzle_enable_gameplay_data_collection: false
+puzzle_rate_limit_brute_force_solution_ttl_seconds: 60
+puzzle_difficulty_target_profile: medium_hard
+puzzle_difficulty_profiles:
+  easy:
+    nPartitions: 9 #3x3
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 1_200_000 #20 mins
+    showCountdownTimer: false
+
+  medium:
+    nPartitions: 16 #4x4
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false
+
+  medium_hard:
+    nPartitions: 25 #5x5
+    nShuffles: [3, 6]
+    maxNumberOfMovesAllowed: 60
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false
+
+  hard:
+    nPartitions: 16 #4x4
+    nShuffles: [12, 22]
+    maxNumberOfMovesAllowed: 60
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 600_000
+    showCountdownTimer: false
+
+  very_hard:
+    nPartitions: 25 #5x5
+    nShuffles: [20, 40]
+    maxNumberOfMovesAllowed: 80
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 420_000
+    showCountdownTimer: false
+
+  painful:
+    nPartitions: 49 #7x7
+    nShuffles: [30, 60]
+    maxNumberOfMovesAllowed: 80
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 420_000
+    showCountdownTimer: false
+
+  nightmare_fuel:
+    nPartitions: 100 #10x10
+    nShuffles: [70, 80]
+    maxNumberOfMovesAllowed: 80
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 360_000
+    showCountdownTimer: false

banjax.go

@@ -90,6 +90,11 @@ func main() {
 		panic(err)
 	}
 
+	puzzleImageController, err := internal.NewPuzzleImageController(config)
+	if err != nil {
+		panic(err)
+	}
+
 	dynamicDecisionLists := internal.NewDynamicDecisionLists()
 
 	sighup_channel := make(chan os.Signal, 1)
@@ -110,6 +115,7 @@ func main() {
 
 			config := configHolder.Get()
 
+			puzzleImageController.UpdateFromConfig(config)
 			staticDecisionLists.UpdateFromConfig(config)
 			dynamicDecisionLists.Clear()
 			passwordProtectedPaths.UpdateFromConfig(config)
@@ -156,6 +162,7 @@ func main() {
 		regexStates,
 		failedChallengeStates,
 		banner,
+		puzzleImageController,
 	)
 
 	go internal.RunLogTailer(

banjax_base_test.go

@@ -34,7 +34,7 @@ func setUp() {
 	setCommandLineFlags()
 	log.SetFlags(log.LstdFlags | log.Lshortfile) // show line num in logs
 	go main()
-	time.Sleep(1 * time.Second)
+	time.Sleep(10 * time.Second) //we need MORE time because of the image controller, it needs the time to partition the image BEFORE starting up
 }
 
 func tearDown() {
@@ -225,6 +225,6 @@ func reloadConfig(path string, randomReqCount int, t *testing.T) {
 
 	copyConfigFile(path)
 	syscall.Kill(syscall.Getpid(), syscall.SIGHUP)
-	time.Sleep(1 * time.Second)
+	time.Sleep(10 * time.Second) //we need MORE time because of the image controller, it needs the time to partition the image BEFORE starting up
 	<-done
 }

docker-compose.prod.yml

@@ -30,4 +30,4 @@ services:
       context: ./supporting-containers/test-origin
       dockerfile: Dockerfile
     ports:
-      - "8080:8080"
+      - "8080:8080"

docker-compose.yml

@@ -33,4 +33,4 @@ services:
       context: ./supporting-containers/test-origin
       dockerfile: Dockerfile
     ports:
-      - "8080:8080"
+      - "8080:8080"

entrypoint.sh

@@ -4,4 +4,4 @@ if [ -n "$ENABLE_AIR" ]; then
     exec air -c .air.toml
 else
     exec ./banjax
-fi
+fi

fixtures/banjax-config-test-persite-fail.yaml

@@ -7,6 +7,8 @@ global_decision_lists:
     - 70.80.90.100
   challenge:
     - 20.20.20.20  # test value change
+  # puzzle_challenge:
+  #   - 21.21.21.21
 iptables_ban_seconds: 10
 iptables_unbanner_seconds: 5
 kafka_brokers:
@@ -63,3 +65,35 @@ sha_inv_cookie_ttl_seconds: 14400  # also modify internal/sha-inverse-challenge.
 hmac_secret: secret
 gin_log_file: /var/log/banjax/gin.log
 metrics_log_file: /var/log/banjax/metrics.log
+#puzzle captcha configs:
+puzzle_error_log_file_path: "/var/log/banjax/puzzle_error.log"
+puzzle_thumbnail_entropy_secret: "thumbnailSecret"
+puzzle_entropy_secret: "puzzleSecret"
+puzzle_click_chain_entropy_secret: "clickChainSecret"
+puzzle_enable_gameplay_data_collection: false
+puzzle_rate_limit_brute_force_solution_ttl_seconds: 60
+puzzle_difficulty_target_profile: medium_hard
+puzzle_difficulty_profiles:
+  easy:
+    nPartitions: 9 #3x3
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 1_200_000 #20 mins
+    showCountdownTimer: false
+
+  medium:
+    nPartitions: 16 #4x4
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false
+
+  medium_hard:
+    nPartitions: 25 #5x5
+    nShuffles: [3, 6]
+    maxNumberOfMovesAllowed: 60
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false

fixtures/banjax-config-test-puzzle-captcha.yaml

@@ -0,0 +1,107 @@
+config_version: 2022-02-03_00:00:00
+global_decision_lists:
+  allow: []  # test remove
+  iptables_block:
+    - 30.40.50.60
+  nginx_block:
+    - 70.80.90.100
+  challenge:
+    - 20.20.20.20  # test value change
+  # puzzle_challenge:
+  #   - 21.21.21.21
+iptables_ban_seconds: 10
+iptables_unbanner_seconds: 5
+kafka_brokers:
+  - "localhost:9092"
+kafka_security_protocol: 'ssl'
+kafka_ssl_ca: "/etc/banjax/caroot.pem"
+#kafka_ssl_cert: "/etc/banjax/certificate.pem"
+kafka_ssl_key: "/etc/banjax/key.pem"
+kafka_ssl_key_password: password
+kafka_report_topic: 'banjax_report_topic'
+kafka_command_topic: 'banjax_command_topic'
+password_protected_paths:
+  "localhost:8081":
+    - wp-admin
+    - wp-admin2
+    - app/admin
+  "localhost":
+    - wp-admin
+password_protected_path_exceptions:
+  "localhost:8081":
+    - wp-admin/admin-ajax.php
+    - app/admin/no-ban.php
+# python3 -c "import hashlib; print(hashlib.sha256('password'.encode()).hexdigest())"
+password_hashes:
+  "localhost:8081": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
+  "localhost": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
+per_site_decision_lists:
+  example.com:
+    allow:
+      - 90.90.90.90
+    challenge:
+      - 91.91.91.91
+  "localhost:8081":
+    allow:
+      - 91.91.91.91  # test change
+    challenge: []  # test remove
+    nginx_block:
+      - 92.92.92.92
+per_site_regexes_with_rates: {}
+regexes_with_rates:
+  - decision: allow
+    hits_per_interval: 0
+    interval: 1
+    regex: .*allowme.*
+    rule: "unblock backdoor"
+  - decision: nginx_block
+    hits_per_interval: 0
+    interval: 1
+    regex: .*blockme.*
+    rule: "instant block"
+sitewide_sha_inv_list:
+  example.com: block
+  foobar.com: no_block
+  "localhost:8081": block
+server_log_file: /var/log/banjax/banjax-format.log
+banning_log_file: /etc/banjax/ban_ip_list.log
+expiring_decision_ttl_seconds: 10
+too_many_failed_challenges_interval_seconds: 10
+too_many_failed_challenges_threshold: 10000  # we don't want to test this here so set it very big
+password_cookie_ttl_seconds: 14400  # also modify internal/password-protected-path.html:168
+sha_inv_cookie_ttl_seconds: 14400  # also modify internal/sha-inverse-challenge.html:94
+hmac_secret: secret
+gin_log_file: /var/log/banjax/gin.log
+metrics_log_file: /var/log/banjax/metrics.log
+#puzzle captcha configs:
+puzzle_error_log_file_path: "/var/log/banjax/puzzle_error.log"
+puzzle_thumbnail_entropy_secret: "thumbnailSecret"
+puzzle_entropy_secret: "puzzleSecret"
+puzzle_click_chain_entropy_secret: "clickChainSecret"
+puzzle_enable_gameplay_data_collection: false
+puzzle_rate_limit_brute_force_solution_ttl_seconds: 60
+puzzle_difficulty_target_profile: medium_hard
+puzzle_difficulty_profiles:
+  easy:
+    nPartitions: 9 #3x3
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 1_200_000 #20 mins
+    showCountdownTimer: false
+
+  medium:
+    nPartitions: 16 #4x4
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false
+
+  medium_hard:
+    nPartitions: 25 #5x5
+    nShuffles: [3, 6]
+    maxNumberOfMovesAllowed: 60
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false

fixtures/banjax-config-test-regex-banner.yaml

@@ -9,6 +9,8 @@ global_decision_lists:
     - 70.80.90.100
   challenge:
     - 8.8.8.8
+  # puzzle_challenge:
+  #   - 9.9.9.9
 iptables_ban_seconds: 10
 iptables_unbanner_seconds: 5
 kafka_brokers:
@@ -103,3 +105,35 @@ sha_inv_cookie_ttl_seconds: 14400  # also modify internal/sha-inverse-challenge.
 hmac_secret: secret
 gin_log_file: /var/log/banjax/gin.log
 metrics_log_file: /var/log/banjax/metrics.log
+#puzzle captcha configs:
+puzzle_error_log_file_path: "/var/log/banjax/puzzle_error.log"
+puzzle_thumbnail_entropy_secret: "thumbnailSecret"
+puzzle_entropy_secret: "puzzleSecret"
+puzzle_click_chain_entropy_secret: "clickChainSecret"
+puzzle_enable_gameplay_data_collection: false
+puzzle_rate_limit_brute_force_solution_ttl_seconds: 60
+puzzle_difficulty_target_profile: medium_hard
+puzzle_difficulty_profiles:
+  easy:
+    nPartitions: 9 #3x3
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 1_200_000 #20 mins
+    showCountdownTimer: false
+
+  medium:
+    nPartitions: 16 #4x4
+    nShuffles: [5, 8]
+    maxNumberOfMovesAllowed: 40
+    removeTileIndex: 0
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false
+
+  medium_hard:
+    nPartitions: 25 #5x5
+    nShuffles: [3, 6]
+    maxNumberOfMovesAllowed: 60
+    removeTileIndex: -1 #choose randomly from the board
+    timeToSolve_ms: 900_000 #15 mins
+    showCountdownTimer: false