2021-03-09 13:28:54 +03:00
|
|
|
<div align="center">
|
|
|
|
<h1>mCaptcha Guard</h1>
|
|
|
|
<p>
|
|
|
|
<strong>Back-end component of mCaptcha</strong>
|
|
|
|
</p>
|
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
[![Documentation](https://img.shields.io/badge/docs-master-blue?style=flat-square)](https://mcaptcha.github.io/guard/guard/)
|
2021-03-09 13:28:54 +03:00
|
|
|
![CI (Linux)](<https://github.com/mCaptcha/guard/workflows/CI%20(Linux)/badge.svg>)
|
2021-05-10 14:09:48 +03:00
|
|
|
[![dependency status](https://deps.rs/repo/github/mCaptcha/guard/status.svg?style=flat-square)](https://deps.rs/repo/github/mCaptcha/guard)
|
|
|
|
[![codecov](https://codecov.io/gh/mCaptcha/guard/branch/master/graph/badge.svg?style=flat-square)](https://codecov.io/gh/mCaptcha/guard)
|
2021-03-09 13:28:54 +03:00
|
|
|
<br />
|
2021-05-10 14:09:48 +03:00
|
|
|
[![AGPL License](https://img.shields.io/badge/license-AGPL-blue.svg?style=flat-square)](http://www.gnu.org/licenses/agpl-3.0)
|
|
|
|
[![Chat](https://img.shields.io/badge/matrix-+mcaptcha:matrix.batsense.net-purple?style=flat-square)](https://matrix.to/#/+mcaptcha:matrix.batsense.net)
|
|
|
|
|
|
|
|
**STATUS: ACTIVE DEVELOPMENT**
|
2021-03-10 19:25:39 +03:00
|
|
|
|
2021-03-09 13:28:54 +03:00
|
|
|
</div>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
Guard is the back-end component of the [mCaptcha](https://mcaptcha.org)
|
2021-03-10 19:25:39 +03:00
|
|
|
system.
|
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
---
|
|
|
|
|
|
|
|
mCaptcha uses SHA256 based proof-of-work(PoW) to rate limit users.
|
|
|
|
|
|
|
|
When a user wants to do something on an mCaptcha-protected website,
|
|
|
|
|
|
|
|
1. they will have to generate proof-of-work(a bunch of math that will takes
|
|
|
|
time to compute) and submit it to mCaptcha.
|
|
|
|
|
|
|
|
2. We'll validate the proof:
|
|
|
|
|
|
|
|
- **if validation is unsuccessful**, they will be prevented from
|
|
|
|
accessing their target website
|
|
|
|
- **if validation is successful**, read on,
|
|
|
|
|
|
|
|
3. They will be issued a token that they should submit along
|
|
|
|
with their request/form submission to the target website.
|
|
|
|
|
|
|
|
4. The target website should validate the user-submitted token with mCaptcha
|
|
|
|
before processing the user's request.
|
|
|
|
|
|
|
|
The whole process is automated from the user's POV. All they have to do
|
|
|
|
is click on a button to initiate the process.
|
|
|
|
|
|
|
|
mCaptcha makes interacting with websites (computationally)expensive for
|
|
|
|
the user. A well-behaving user will experience a slight delay(no delay
|
|
|
|
when under moderate load to 2s when under attack; PoW difficulty is
|
|
|
|
variable) but if someone wants to hammer your site, they will have to do
|
|
|
|
more work to send requests than your server will have to do to respond
|
|
|
|
to their request.
|
|
|
|
|
|
|
|
## Why use mCaptcha?
|
|
|
|
|
|
|
|
- **Free software, privacy focused**
|
|
|
|
- **Seamless UX** - No more annoying CAPTCHAs!
|
|
|
|
- **IP address independent:** your users are behind a NAT? We got you covered!
|
|
|
|
- **Automatic bot throttling:**
|
|
|
|
- **Resistant to replay attacks:** proof-of-work configurations have
|
|
|
|
short lifetimes(30s) and can be used only once. If a user submits a
|
|
|
|
PoW to an already used configuration or an expired one, their proof
|
|
|
|
will be rejected.
|
|
|
|
|
|
|
|
## Demo
|
|
|
|
|
2021-05-12 16:43:09 +03:00
|
|
|
Clone the repo and run the following from the root of the repo:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ docker-compose -d up
|
|
|
|
```
|
|
|
|
|
|
|
|
It takes a while to build the image so please be patient :)
|
|
|
|
|
|
|
|
A hosted demo server is in the works...
|
2021-04-11 11:38:14 +03:00
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
## Development:
|
2021-04-11 11:38:14 +03:00
|
|
|
|
|
|
|
See [DEVELOPMENT.md](./DEVELOPMENT.md)
|
2021-03-09 13:28:54 +03:00
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
## How to build
|
2021-03-09 13:28:54 +03:00
|
|
|
|
|
|
|
- Install Cargo using [rustup](https://rustup.rs/) with:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
|
|
|
```
|
|
|
|
|
|
|
|
- Clone the repository with:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ git clone https://github.com/mCaptcha/guard
|
|
|
|
```
|
|
|
|
|
|
|
|
- Build with Cargo:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ cd guard && cargo build
|
|
|
|
```
|
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
## Configuration:
|
2021-03-09 13:28:54 +03:00
|
|
|
|
2021-03-10 19:25:39 +03:00
|
|
|
Guard is highly configurable.
|
2021-03-09 13:28:54 +03:00
|
|
|
Configuration is applied/merged in the following order:
|
|
|
|
|
2021-05-12 15:32:16 +03:00
|
|
|
1. path to configuration file passed in via `GUARD_CONFIG`
|
|
|
|
2. `./config/default.toml`
|
|
|
|
3. `/etc/guard/config.toml`
|
|
|
|
4. environment variables.
|
2021-03-09 13:28:54 +03:00
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
### Setup
|
2021-03-09 13:28:54 +03:00
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
#### Environment variables:
|
2021-03-09 13:28:54 +03:00
|
|
|
|
|
|
|
Setting environment variables are optional. The configuration files have
|
|
|
|
all the necessary parameters listed. By setting environment variables,
|
|
|
|
you will be overriding the values set in the configuration files.
|
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
##### Database:
|
2021-03-09 13:28:54 +03:00
|
|
|
|
2021-03-10 19:25:39 +03:00
|
|
|
| Name | Value |
|
|
|
|
| ------------------------- | -------------------------------------- |
|
|
|
|
| `GUARD_DATEBASE_PASSWORD` | Postgres password |
|
|
|
|
| `GUARD_DATEBASE_NAME` | Postgres database name |
|
|
|
|
| `GUARD_DATEBASE_PORT` | Postgres port |
|
|
|
|
| `GUARD_DATEBASE_HOSTNAME` | Postgres hostmane |
|
|
|
|
| `GUARD_DATEBASE_USERNAME` | Postgres username |
|
|
|
|
| `GUARD_DATEBASE_POOL` | Postgres database connection pool size |
|
2021-03-09 13:28:54 +03:00
|
|
|
|
2021-05-10 14:09:48 +03:00
|
|
|
##### Server:
|
2021-03-09 13:28:54 +03:00
|
|
|
|
2021-03-10 19:25:39 +03:00
|
|
|
| Name | Value |
|
|
|
|
| ----------------------------------- | --------------------------------------------------- |
|
|
|
|
| `GUARD_SERVER_PORT` (or) `PORT`\*\* | The port on which you want wagon to listen to |
|
|
|
|
| `GUARD_SERVER_IP` | The IP address on which you want wagon to listen to |
|
|
|
|
| `GUARD_SERVER_STATIC_FILES_DIR` | Path to directory containing static files |
|
2021-05-12 15:32:16 +03:00
|
|
|
| `GUARD_CONFIG` | Path to config file |
|