active_hashcash 0.2.0 → 0.3.1

data/app/views/active_hashcash/stamps/_filters.html.erb

@@ -0,0 +1,39 @@
+<%= form_tag nil, method: :get do %>
+  <div class="grid-auto">
+    <div role="group">
+      <%= label_tag :created_from do %>
+        <%= ActiveHashcash::Stamp::human_attribute_name(:created_at) + " ≥" %>
+        <%= date_field_tag :created_from, params[:created_from] %>
+      <% end %>
+
+      <%= label_tag :created_from do %>
+        <%= ActiveHashcash::Stamp::human_attribute_name(:created_at) + " ≤" %>
+        <%= date_field_tag :created_to, params[:created_to] %>
+      <% end %>
+    </div>
+
+    <div role="group">
+      <%= label_tag :bits_from do %>
+        <%= ActiveHashcash::Stamp::human_attribute_name(:bits) + " ≥" %>
+        <%= number_field_tag :bits_from, params[:bits_from] %>
+      <% end %>
+
+      <%= label_tag :bits_to do %>
+        <%= ActiveHashcash::Stamp::human_attribute_name(:bits) + " ≤" %>
+        <%= number_field_tag :bits_to, params[:bits_to] %>
+      <% end %>
+    </div>
+
+    <div>
+      <%= label_tag :ip_address_starts_with, ActiveHashcash::Stamp::human_attribute_name(:ip_address) %>
+      <%= text_field_tag :ip_address_starts_with, params[:ip_address_starts_with] %>
+    </div>
+
+    <div>
+      <%= label_tag :request_path_starts_with, ActiveHashcash::Stamp::human_attribute_name(:request_path) %>
+      <%= text_field_tag :request_path_starts_with, params[:request_path_starts_with] %>
+    </div>
+
+    <%= submit_tag t("active_hashcash.submit_filter") %>
+  </div>
+<% end %>

data/app/views/active_hashcash/stamps/index.html.erb

@@ -0,0 +1,25 @@
+<details>
+  <summary>Filters</summary>
+  <%= render "filters" %>
+</details>
+
+<table>
+  <thead>
+    <tr>
+      <th><%= ActiveHashcash::Stamp.human_attribute_name(:created_at) %></th>
+      <th><%= ActiveHashcash::Stamp.human_attribute_name(:ip_address) %></th>
+      <th><%= ActiveHashcash::Stamp.human_attribute_name(:request_path) %></th>
+      <th><%= ActiveHashcash::Stamp.human_attribute_name(:bits) %></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% for stamp in @stamps %>
+      <tr>
+        <td><%= link_to stamp.created_at, stamp %></td>
+        <td><%= stamp.ip_address %></td>
+        <td><%= stamp.request_path %></td>
+        <td><%= stamp.bits %></td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>

data/app/views/active_hashcash/stamps/show.html.erb

@@ -0,0 +1,21 @@
+
+<h3><%= @stamp %></h3>
+<dl>
+  <dt><%= @stamp.class.human_attribute_name(:created_at) %></dt>
+  <dd><%= l @stamp.created_at %></dd>
+
+  <dt><%= @stamp.class.human_attribute_name(:resource) %></dt>
+  <dd><%= @stamp.resource %></dd>
+
+  <dt><%= @stamp.class.human_attribute_name(:bits) %></dt>
+  <dd><%= @stamp.bits %></dd>
+
+  <dt><%= @stamp.class.human_attribute_name(:ip_address) %></dt>
+  <dd><%= @stamp.ip_address %></dd>
+
+  <dt><%= @stamp.class.human_attribute_name(:request_path) %></dt>
+  <dd><%= @stamp.request_path %></dd>
+
+  <dt><%= @stamp.class.human_attribute_name(:context) %></dt>
+  <dd><%= @stamp.context %></dd>
+</dl>

data/app/views/layouts/active_hashcash/application.html.erb

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html class="active-analytics">
+<head>
+  <title>Active Hashcash</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= tag.link rel: "icon", href: asset_path(:favicon, format: :ico), sizes: "32x32" %>
+  <%= tag.link rel: "icon", href: asset_path(:favicon, format: :svg), type: "image/svg+xml" %>
+
+  <%= tag.link rel: "stylesheet", href: asset_path(:ariato, format: :css) %>
+  <%= tag.link rel: "stylesheet", href: asset_path(:application, format: :css) %>
+</head>
+<body>
+  <header>
+    <nav aria-label="site">
+      <ul role="menu" aria-label="Elements" class="is-horizontal">
+        <li role="none" class="logo"><%= link_to(root_path) { render partial: "/active_hashcash/assets/logo", formats: [:svg] } %></li>
+        <li role="none"><%= link_to_unless_current ActiveHashcash::Stamp.model_name.human.pluralize, stamps_path %></li>
+        <li role="none"><%= link_to_unless_current "Top IP addresses", addresses_path %></li>
+      </ul>
+    </nav>
+  </header>
+
+  <main class="card">
+    <%= yield %>
+  </main>
+
+  <footer>
+    Made by <a href="https://www.rorvswild.com">RorVsWild</a> |
+    <a href="https://github.com/BaseSecrete/active_hashcash">Source code</a> |
+    <a href="https://twitter.com/rorvswild">Twitter</a> |
+    <a href="https://ruby.social/@rorvswild">Mastodon</a> |
+  </footer>
+</body>
+</html>

data/config/locales/de.yml

@@ -0,0 +1,4 @@
+de:
+  active_hashcash:
+    waiting_label: "Warten auf die Überprüfung ..."
+    submit_filter: Filtern

data/config/locales/en.yml

@@ -0,0 +1,4 @@
+en:
+  active_hashcash:
+    waiting_label: "Waiting for verification ..."
+    submit_filter: Filter

data/config/locales/es.yml

@@ -0,0 +1,4 @@
+es:
+  active_hashcash:
+    waiting_label: "A la espera de la verificación ..."
+    submit_filter: Filtro

data/config/locales/fr.yml

@@ -0,0 +1,4 @@
+fr:
+  active_hashcash:
+    waiting_label: "En attente de vérification ..."
+    submit_filter: Filtrer

data/config/locales/it.yml

@@ -0,0 +1,4 @@
+it:
+  active_hashcash:
+    waiting_label: "In attesa di verifica ..."
+    submit_filter: Filtro

data/config/locales/jp.yml

@@ -0,0 +1,4 @@
+jp:
+  active_hashcash:
+    waiting_label: "検証待ち ..."
+    submit_filter: フィルター

data/config/locales/pt.yml

@@ -0,0 +1,4 @@
+pt:
+  active_hashcash:
+    waiting_label: "À espera de verificação ..."
+    submit_filter: Filtro

data/config/routes.rb

@@ -0,0 +1,6 @@
+ActiveHashcash::Engine.routes.draw do
+  resources :assets, only: [:show]
+  resources :stamps, only: [:index, :show]
+  resources :addresses, only: [:index, :show]
+  root "stamps#index"
+end

data/db/migrate/20240215143453_create_active_hashcash_stamps.rb

@@ -0,0 +1,25 @@
+class CreateActiveHashcashStamps < ActiveRecord::Migration[5.2]
+  def change
+    create_table :active_hashcash_stamps do |t|
+      t.string :version, null: false
+      t.integer :bits, null: false
+      t.date :date, null: false
+      t.string :resource, null: false
+      t.string :ext, null: false
+      t.string :rand, null: false
+      t.string :counter, null: false
+      t.string :request_path
+      t.string :ip_address
+
+      if t.respond_to?(:jsonb)
+        t.jsonb :context # SQLite JSONB support from version 3.45 (2024-01-15)
+      elsif t.respond_to?(:json)
+        t.json :context
+      end
+
+      t.timestamps
+    end
+    add_index :active_hashcash_stamps, [:ip_address, :created_at], where: "ip_address IS NOT NULL"
+    add_index :active_hashcash_stamps, [:counter, :rand, :date, :resource, :bits, :version, :ext], name: "index_active_hashcash_stamps_unique", unique: true
+  end
+end

data/lib/active_hashcash/engine.rb

@@ -1,19 +1,7 @@
 module ActiveHashcash
   class Engine < ::Rails::Engine
-    config.assets.paths << File.expand_path("../..", __FILE__)
+    config.assets.paths << File.expand_path("../..", __FILE__) if config.respond_to?(:assets)
 
-    config.after_initialize { load_translations }
-
-    def load_translations
-      if !I18n.backend.exists?(I18n.locale, "active_hashcash")
-        I18n.backend.store_translations(:de, {active_hashcash: {waiting_label: "Warten auf die Überprüfung ..."}})
-        I18n.backend.store_translations(:en, {active_hashcash: {waiting_label: "Waiting for verification ..."}})
-        I18n.backend.store_translations(:es, {active_hashcash: {waiting_label: "A la espera de la verificación ..."}})
-        I18n.backend.store_translations(:fr, {active_hashcash: {waiting_label: "En attente de vérification ..."}})
-        I18n.backend.store_translations(:it, {active_hashcash: {waiting_label: "In attesa di verifica ..."}})
-        I18n.backend.store_translations(:jp, {active_hashcash: {waiting_label: "検証待ち ..."}})
-        I18n.backend.store_translations(:pt, {active_hashcash: {waiting_label: "À espera de verificação ..."}})
-      end
-    end
+    isolate_namespace ActiveHashcash
   end
 end

data/lib/active_hashcash/version.rb

@@ -1,3 +1,3 @@
 module ActiveHashcash
-  VERSION = "0.2.0"
+  VERSION = "0.3.1"
 end

data/lib/active_hashcash.rb

@@ -1,3 +1,6 @@
+require "active_hashcash/version"
+require "active_hashcash/engine"
+
 module ActiveHashcash
   extend ActiveSupport::Concern
 
@@ -7,31 +10,41 @@ module ActiveHashcash
     helper_method :hashcash_hidden_field_tag
   end
 
-  mattr_accessor :bits, instance_accessor: false, default: 20
   mattr_accessor :resource, instance_accessor: false
-  mattr_accessor :redis_url, instance_accessor: false, default: ENV["ACTIVE_HASHCASH_REDIS_URL"] || ENV["REDIS_URL"]
-
-  def self.store
-    @store ||= Store.new(Redis.new(url: ActiveHashcash.redis_url))
-  end
 
-  def self.store=(store)
-    @store = store
-  end
+  # This is base complexity.
+  # Consider lowering it to not exclude people with old and slow devices.
+  mattr_accessor :bits, instance_accessor: false, default: 16
 
-  # TODO: protect_from_brute_force bits: 20, exception: ActionController::InvalidAuthenticityToken, with: :handle_failed_hashcash
+  mattr_accessor :date_format, instance_accessor: false, default: "%y%m%d"
 
-  # Call me via a before_action when the form is submitted : `before_action :chech_hashcash, only: :create`
+  # Call me via a before_action when the form is submitted : `before_action :check_hashcash, only: :create`
   def check_hashcash
-    stamp = hashcash_param && Stamp.parse(hashcash_param)
-    if stamp && stamp.verify(hashcash_resource, hashcash_bits, Date.yesterday) && ActiveHashcash.store.add?(stamp)
+    attrs = {
+      ip_address: hashcash_ip_address,
+      request_path: hashcash_request_path,
+      context: hashcash_stamp_context
+    }
+    if hashcash_param && Stamp.spend(hashcash_param, hashcash_resource, hashcash_bits, Date.yesterday, attrs)
       hashcash_after_success
     else
       hashcash_after_failure
     end
   end
 
-  # Override the methods below in your controller, to change any parameter of behaviour.
+  # Override the methods below in your controller, to change any parameter or behaviour.
+
+  def hashcash_ip_address
+    request.remote_ip
+  end
+
+  def hashcash_request_path
+    request.path
+  end
+
+  def hashcash_stamp_context
+    # Override this method to store custom data for each stamp
+  end
 
   # By default the host name is used as the resource.
   # It' should be good for most cases and prevent from reusing the same stamp between sites.
@@ -39,10 +52,15 @@ module ActiveHashcash
     ActiveHashcash.resource || request.host
   end
 
-  # Define the complexity, the higher the slower it is. Consider lowering this value to not exclude people with old and slow devices.
-  # On a decent laptop, it takes around 30 seconds for the JavaScript implementation to solve a 20 bits complexity and few seconds when it's 16.
+  # Returns the complexity, the higher the slower it is.
+  # Complexity is increased logarithmicly for each IP during the last 24H to slowdown brute force attacks.
+  # The minimun value returned is `ActiveHashcash.bits`.
   def hashcash_bits
-    ActiveHashcash.bits
+    if (previous_stamp_count = ActiveHashcash::Stamp.where(ip_address: hashcash_ip_address).where(created_at: 1.day.ago..).count) > 0
+      (ActiveHashcash.bits + Math.log2(previous_stamp_count)).floor
+    else
+      ActiveHashcash.bits
+    end
   end
 
   # Override if you want to rename the hashcash param.
@@ -72,7 +90,3 @@ module ActiveHashcash
     hidden_field_tag(name, "", "data-hashcash" => options.to_json)
   end
 end
-
-require "active_hashcash/stamp"
-require "active_hashcash/store"
-require "active_hashcash/engine"

data/lib/tasks/active_hashcash_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :active_hashcash do
+#   # Task goes here
+# end

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: active_hashcash
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Alexis Bernard
-autorequire:
-bindir: exe
+autorequire: 
+bindir: bin
 cert_chain: []
-date: 2022-08-02 00:00:00.000000000 Z
+date: 2024-04-04 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: redis
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -38,8 +24,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.2.0
-description: ActiveHashcash protects your Rails application against brute force attacks,
-  DoS and bots.
+description: Protect Rails applications against bots and brute force attacks without
+  annoying humans.
 email:
 - alexis@basesecrete.com
 executables: []
@@ -49,12 +35,47 @@ files:
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
+- app/assets/config/active_hashcash_manifest.js
+- app/assets/javascripts/hashcash.js
+- app/assets/stylesheets/active_hashcash/application.css
+- app/controllers/active_hashcash/addresses_controller.rb
+- app/controllers/active_hashcash/application_controller.rb
+- app/controllers/active_hashcash/assets_controller.rb
+- app/controllers/active_hashcash/stamps_controller.rb
+- app/helpers/active_hashcash/addresses_helper.rb
+- app/helpers/active_hashcash/application_helper.rb
+- app/helpers/active_hashcash/stamps_helper.rb
+- app/jobs/active_hashcash/application_job.rb
+- app/mailers/active_hashcash/application_mailer.rb
+- app/models/active_hashcash/application_record.rb
+- app/models/active_hashcash/stamp.rb
+- app/views/active_hashcash/addresses/index.html.erb
+- app/views/active_hashcash/assets/_logo.svg.erb
+- app/views/active_hashcash/assets/_style.css
+- app/views/active_hashcash/assets/application.css.erb
+- app/views/active_hashcash/assets/ariato.css.erb
+- app/views/active_hashcash/assets/favicon.ico
+- app/views/active_hashcash/assets/favicon.svg.erb
+- app/views/active_hashcash/assets/vendor/_ariato_base.css
+- app/views/active_hashcash/assets/vendor/_ariato_extra.css
+- app/views/active_hashcash/stamps/_filters.html.erb
+- app/views/active_hashcash/stamps/index.html.erb
+- app/views/active_hashcash/stamps/show.html.erb
+- app/views/layouts/active_hashcash/application.html.erb
+- config/locales/de.yml
+- config/locales/en.yml
+- config/locales/es.yml
+- config/locales/fr.yml
+- config/locales/it.yml
+- config/locales/jp.yml
+- config/locales/pt.yml
+- config/routes.rb
+- db/migrate/20240215143453_create_active_hashcash_stamps.rb
 - lib/active_hashcash.rb
 - lib/active_hashcash/engine.rb
-- lib/active_hashcash/stamp.rb
-- lib/active_hashcash/store.rb
 - lib/active_hashcash/version.rb
 - lib/hashcash.js
+- lib/tasks/active_hashcash_tasks.rake
 homepage: https://github.com/BaseSecrete/active_hashcash
 licenses:
 - MIT
@@ -62,7 +83,7 @@ metadata:
   homepage_uri: https://github.com/BaseSecrete/active_hashcash
   source_code_uri: https://github.com/BaseSecrete/active_hashcash
   changelog_uri: https://github.com/BaseSecrete/active_hashcash/CHANGELOG.md
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -78,8 +99,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.2.22
-signing_key:
+signing_key: 
 specification_version: 4
-summary: ActiveHashcash protects your Rails application against brute force attacks,
-  DoS and bots.
+summary: Protect Rails applications against bots and brute force attacks without annoying
+  humans.
 test_files: []

data/lib/active_hashcash/stamp.rb

@@ -1,52 +0,0 @@
-module ActiveHashcash
-  class Stamp
-    attr_reader :version, :bits, :date, :resource, :extension, :rand, :counter
-
-    def self.parse(string)
-      args = string.split(":")
-      new(args[0], args[1], args[2], args[3], args[4], args[5], args[6])
-    end
-
-    def self.mint(resource, options = {})
-      new(
-        options[:version] || 1,
-        options[:bits] || ActiveHashcash.bits,
-        options[:date] || Date.today.strftime("%y%m%d"),
-        resource,
-        options[:ext],
-        options[:rand] || SecureRandom.alphanumeric(16),
-        options[:counter] || 0).work
-    end
-
-    def initialize(version, bits, date, resource, extension, rand, counter)
-      @version = version
-      @bits = bits.to_i
-      @date = date.respond_to?(:strftime) ? date.strftime("%y%m%d") : date
-      @resource = resource
-      @extension = extension
-      @rand = rand
-      @counter = counter
-    end
-
-    def valid?
-      Digest::SHA1.hexdigest(to_s).hex >> (160-bits) == 0
-    end
-
-    def verify(resource, bits, date)
-      self.resource == resource && self.bits >= bits && parse_date >= date && valid?
-    end
-
-    def to_s
-      [version, bits, date, resource, extension, rand, counter].join(":")
-    end
-
-    def parse_date
-      Date.strptime(date, "%y%m%d")
-    end
-
-    def work
-      @counter += 1 until valid?
-      self
-    end
-  end
-end

data/lib/active_hashcash/store.rb

@@ -1,25 +0,0 @@
-module ActiveHashcash
-  class Store
-    attr_reader :redis
-
-    def initialize(redis = Redis.new(url: ActiveHashcash.redis_url || ENV["ACTIVE_HASHCASH_REDIS_URL"] || ENV["REDIS_URL"]))
-      @redis = redis
-    end
-
-    def add?(stamp)
-      redis.sadd("active_hashcash_stamps_#{stamp.date}", stamp) ? self : nil
-    end
-
-    def clear
-      redis.del(redis.keys("active_hashcash_stamps*"))
-    end
-
-    def clean
-      today = Date.today.strftime("%y%m%d")
-      yesterday = (Date.today - 1).strftime("%y%m%d")
-      keep = ["active_hashcash_stamps_#{today}", "active_hashcash_stamps_#{yesterday}"]
-      keys = redis.keys("active_hashcash_stamps*")
-      redis.del(keys - keep)
-    end
-  end
-end