active_hashcash 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dbc710b7b2cc6fef0667915ac1a95ccfdd6d1cb3eaa1fa9b97d29ef81e79985d
-  data.tar.gz: 323c22e60aa27d2d87e39ee8f5c356d2fc6e8190426e49831a29d762d2e74f28
+  metadata.gz: a8e7f600a4c42efa28175ebb98d4ba2206295bb316b450f79167fae543a52f71
+  data.tar.gz: a62096662ee76b1b31529c71660cae12d8c0c7b01033d2440490aef839d6ed3f
 SHA512:
-  metadata.gz: ed74328b7b1f91eb2dece7a29efb5b9d68079872694e589caca3e79de1a06e6d0bd5d2556dcab12f92fcede4c08b075a4dc4b9077e79c8511cb4045ce509c82c
-  data.tar.gz: e8f580f0668529b3bd7e220f2bdbd4b2eae6bc63272228b9cb4d1fe75ef0e30202983e3e06d91664558d36239137b69d7ba96996c80b370f4b1638300f77781a
+  metadata.gz: 4fa81355c730a651547d30e0e115bbfc3bcc35623482efb85d324e6ecf826acec46dc7f3b47a8dce48264f8da227b487465d98ba964571b3670f244188653590
+  data.tar.gz: 9aeb5f2fa5c053795402d30c286491f43034a173a26913e3ec81210bb6da95dbc11a547cba98fab1bff81fc22eb832e2984744df1bdc580482c8d882ba213926

data/CHANGELOG.md

@@ -1,6 +1,18 @@
 # Changelog of ActiveHashcash
 
-## Unrelease
+## 0.4.0 (2025-05-15)
+
+- Prevent from password managers to submit the form before the stamp has been computed
+- Added support for the "button" submit form tag
+- Added Catalan language
+- Added `base_controller_class` configuration option to allow specifying a custom base controller for the ActiveHashcash dashboard, enhancing flexibility in diverse application architectures.
+
+## 0.3.2 (2024-08-29)
+
+- Fix methods conflict by not including ActionView::Helpers::FormTagHelper
+- Sanitize params by forcing as a String
+
+## 0.3.1 - 2024-04-04
 
 - Fix gem spec list files
 

data/README.md

@@ -1,14 +1,14 @@
 # ActiveHashcash
 
-<img align="right" width="200px" src="logo.png" alt="Active Hashcash logo"/>
+Protect Rails applications against bots and brute force attacks without annoying humans.
 
-ActiveHashcash protects Rails applications against bots and brute force attacks without annoying humans.
+<div><img align="right" width="200px" src="logo.png" alt="Active Hashcash logo"/></div>
 
 Hashcash is proof-of-work algorithm, invented by Adam Back in 1997, to protect systems against denial of service attacks.
 ActiveHashcash is an easy way to protect any Rails application against brute force attacks and bots.
 
 The idea is to force clients to spend some time to solve a hard problem that is very easy to verify for the server.
-We have developped ActiveHashcash after seeing brute force attacks against our Rails application monitoring service [RorVsWild](https://rorvswild.com).
+We have developed ActiveHashcash after seeing brute force attacks against our Rails application monitoring service [RorVsWild](https://rorvswild.com).
 
 ActiveHashcash is ideal to set up on sensitive forms such as login and registration.
 While the user is filling the form, the problem is solved in JavaScript and set the result into a hidden input text.
@@ -27,33 +27,27 @@ Here is a [demo on a registration form](https://www.rorvswild.com/session) :
 
 ---
 
-<img align="left" height="24px" src="rorvswild_logo.jpg" alt="RorVsWild logo"/>Made by <a href="https://www.rorvswild.com">RorVsWild</a>, performances & exceptions monitoring for Ruby on Rails applications.
+<div><img align="left" height="24px" src="rorvswild_logo.jpg" alt="RorVsWild logo"/>Made by <a href="https://www.rorvswild.com">RorVsWild</a>, performances & exceptions monitoring for Ruby on Rails applications.</div>
 
 ---
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add this line to your application's Gemfile and run `bundle install`:
 
 ```ruby
 gem "active_hashcash"
 ```
 
-Require hashcash from your JavaScript manifest.
+Stamps are stored into the database to prevents from spending them more than once.
+You must install and run a migration:
 
-```js
-//= require hashcash
 ```
-
-Add a Hashcash hidden field into the form you want to protect.
-
-```erb
-<form>
-  <%= hashcash_hidden_field_tag %>
-</form>
+rails active_hashcash:install:migrations
+rails db:migrate
 ```
 
-Then you have to define a `before_action :check_hashcash` in you controller.
+Then you have to include ActiveHashcash and add a `before_action :check_hashcash` in you controller:
 
 ```ruby
 class SessionController < ApplicationController
@@ -64,20 +58,41 @@ class SessionController < ApplicationController
 end
 ```
 
-To customize some behaviour, you can override most of the methods which begins with `hashcash_`.
-Simply have a look to `active_hashcash.rb`.
+The action `SessionController#create` is now protected.
+The final step is compute the hashcash from the client side.
+Start by adding a Hashcash hidden field into the form you want to protect.
+
+```erb
+<form>
+  <%= hashcash_hidden_field_tag %>
+</form>
+```
+
+Require hashcash from your JavaScript manifest.
+
+```js
+//= require hashcash
+```
 
-Stamps are stored into into the database to prevents from spending them more than once.
-You must run a migration:
+Or, link hashcash to your JavaScript manifest and load it to your head.
 
+```js
+//= link hashcash.js
 ```
-rails active_hashcash:install:migrations
-rails db:migrate
+
+```erb
+<%= javascript_include_tag "hashcash", "data-turbo-track": "reload", defer: true %>
 ```
 
+The hashcash stamp will be set in the hidden input once computed and the submit button enabled.
+
+To customize behaviours, you can override methods of ActiveHashcash module.
+
+
+
 ### Dashboard
 
-There is a mountable dahsboard which allows to see all spent stamps.
+There is a mountable dashboard which allows to see all spent stamps.
 It's not mandatory, but useful for monitoring purpose.
 
 ![ActiveHashcash dashboard](active_hashcash_dashboard.png "ActiveHashcash dashboard")
@@ -87,10 +102,22 @@ It's not mandatory, but useful for monitoring purpose.
 mount ActiveHashcash::Engine, at: "hashcash"
 ```
 
-ActiveHashcash cannot guess how you handle user authentication, because it is different for all Rails applications.
-So you have to monkey patch `ActiveHashcash::ApplicationController` in order to inject your own mechanism.
-The patch can be saved wherever you want.
-For example, I like to have all the patches in one place, so I put them in `lib/patches`.
+ActiveHashcash cannot guess how user authentication is handled, because it is different for all Rails applications.
+So here is 3 options.
+
+#### Inheritance
+
+By default ActiveHashcash extends `ActionController::Base`, but you can change it to any controller, such as `AdminController`.
+
+```ruby
+# config/initializers/active_hashcash.rb
+Rails.application.configure do
+  ActiveHashcash.base_controller_class = "AdminController"
+end
+```
+#### Monkey patching
+
+Monkey patching `ActiveHashcash::ApplicationController` let you inject your own mechanism.
 
 ```ruby
 # lib/patches/active_hashcash.rb
@@ -106,9 +133,7 @@ ActiveHashcash::ApplicationController.class_eval do
 end
 ```
 
-Then you have to require the monkey patch.
-Because it's loaded via require, it won't be reloaded in development.
-Since you are not supposed to change this file often, it should not be an issue.
+Then the patch has to be loaded from after initialization:
 
 ```ruby
 # config/application.rb
@@ -117,7 +142,9 @@ config.after_initialize do
 end
 ```
 
-If you use Devise, you can check the permission directly from routes.rb:
+#### With Devise
+
+Permission check can be achieved directly from routes.rb:
 
 ```ruby
 # config/routes.rb
@@ -129,7 +156,7 @@ end
 ### Before version 0.3.0
 
 You must have Redis in order to prevent double spent stamps. Otherwise it will be useless.
-It automatically tries to connect with the environement variables `ACTIVE_HASHCASH_REDIS_URL` or `REDIS_URL`.
+It automatically tries to connect with the environment variables `ACTIVE_HASHCASH_REDIS_URL` or `REDIS_URL`.
 You can also manually set the URL with `ActiveHashcash.redis_url = redis://user:password@localhost:6379`.
 
 You should call `ActiveHashcash::Store#clean` once a day, to remove expired stamps.
@@ -145,7 +172,7 @@ rails db:migrate
 
 Complexity is the most important parameter. By default its value is 20 and requires most of the time 5 to 20 seconds to be solved on a decent laptop.
 The user won't wait that long, since he needs to fill the form while the problem is solving.
-Howevever, if your application includes people with slow and old devices, then consider lowering this value, to 16 or 18.
+However, if your application includes people with slow and old devices, then consider lowering this value, to 16 or 18.
 
 You can change the minimum complexity with `ActiveHashcash.bits = 20`.
 
@@ -156,7 +183,7 @@ Thus it becomes very efficient to slow down brute force attacks.
 
 The JavaScript implementation is 10 to 20 times slower than the official C version.
 I first used the SubtleCrypto API but it is surprisingly slower than a custom SHA1 implementation.
-Maybe I did in an unefficient way 2df3ba5?
+Maybe I did in an inefficient way 2df3ba5?
 Another idea would be to compile the work algorithm in wasm.
 
 Unfortunately, I'm not a JavaScript expert.
@@ -171,4 +198,4 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/BaseSe
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
 
-Made by Alexis Bernard at [RorVsWild](https://www.rorvswild.com).
+Made by [Alexis Bernard](https://alexis.bernard.io/).

data/app/assets/javascripts/hashcash.js

@@ -10,6 +10,9 @@ Hashcash = function(input) {
     Hashcash.enableParentForm(input, options)
     input.dispatchEvent(new CustomEvent("hashcash:minted", {bubbles: true, detail: {stamp: stamp}}))
   })
+
+  this.input = input
+  input.form.addEventListener("submit", this.preventFromAutoSubmitFromPasswordManagers.bind(this))
 }
 
 Hashcash.setup = function() {
@@ -20,21 +23,37 @@ Hashcash.setup = function() {
     document.addEventListener("DOMContentLoaded", Hashcash.setup )
 }
 
+Hashcash.setSubmitText = function(submit, text) {
+  if (!text) {
+    return
+  }
+  if (submit.tagName == "BUTTON") {
+    !submit.originalValue && (submit.originalValue = submit.innerHTML)
+    submit.innerHTML = text
+  } else {
+    !submit.originalValue && (submit.originalValue = submit.value)
+    submit.value = text
+  }
+}
+
 Hashcash.disableParentForm = function(input, options) {
   input.form.querySelectorAll("[type=submit]").forEach(function(submit) {
-    submit.originalValue = submit.value
-    options["waiting_message"] && (submit.value = options["waiting_message"])
+    Hashcash.setSubmitText(submit, options["waiting_message"])
     submit.disabled = true
   })
 }
 
 Hashcash.enableParentForm = function(input, options) {
   input.form.querySelectorAll("[type=submit]").forEach(function(submit) {
-    submit.originalValue && (submit.value = submit.originalValue)
+    Hashcash.setSubmitText(submit, submit.originalValue)
     submit.disabled = null
   })
 }
 
+Hashcash.prototype.preventFromAutoSubmitFromPasswordManagers = function(event) {
+  this.input.value == "" && event.preventDefault()
+}
+
 Hashcash.default = {
   version: 1,
   bits: 20,

data/app/controllers/active_hashcash/addresses_controller.rb

@@ -1,5 +1,5 @@
 module ActiveHashcash
-  class AddressesController < ApplicationController
+  class AddressesController < ApplicationController # :nodoc:
     def index
       @addresses = Stamp.filter_by(params).group(:ip_address).order(count_all: :desc).limit(1000).count
     end

data/app/controllers/active_hashcash/application_controller.rb

@@ -1,4 +1,5 @@
 module ActiveHashcash
-  class ApplicationController < ActionController::Base
+  class ApplicationController < ActiveHashcash.base_controller_class.constantize # :nodoc:
+    layout "active_hashcash/application"
   end
 end

data/app/controllers/active_hashcash/assets_controller.rb

@@ -1,5 +1,5 @@
 module ActiveHashcash
-  class AssetsController < ApplicationController
+  class AssetsController < ApplicationController # :nodoc:
     protect_from_forgery except: :show
 
     Mime::Type.register "image/x-icon", :ico
@@ -7,7 +7,7 @@ module ActiveHashcash
     def show
       if endpoints.include?(file_name = File.basename(request.path))
         file_path = ActiveHashcash::Engine.root.join / "app/views/active_hashcash/assets" / file_name
-        if File.exists?("#{file_path}.erb")
+        if File.exist?("#{file_path}.erb")
           render(params[:id], mime_type: mime_type)
         else
           render(file: file_path)

data/app/controllers/active_hashcash/stamps_controller.rb

@@ -1,5 +1,5 @@
 module ActiveHashcash
-  class StampsController < ApplicationController
+  class StampsController < ApplicationController # :nodoc:
     def index
       @stamps = Stamp.filter_by(params).order(created_at: :desc).limit(1000)
     end

data/app/helpers/active_hashcash/addresses_helper.rb

@@ -1,4 +1,4 @@
 module ActiveHashcash
-  module AddressesHelper
+  module AddressesHelper # :nodoc:
   end
 end

data/app/helpers/active_hashcash/application_helper.rb

@@ -1,4 +1,4 @@
 module ActiveHashcash
-  module ApplicationHelper
+  module ApplicationHelper # :nodoc:
   end
 end

data/app/helpers/active_hashcash/stamps_helper.rb

@@ -1,4 +1,4 @@
 module ActiveHashcash
-  module StampsHelper
+  module StampsHelper # :nodoc:
   end
 end

data/app/jobs/active_hashcash/application_job.rb

@@ -1,4 +1,4 @@
 module ActiveHashcash
-  class ApplicationJob < ActiveJob::Base
+  class ApplicationJob < ActiveJob::Base # :nodoc:
   end
 end

data/app/mailers/active_hashcash/application_mailer.rb

@@ -1,5 +1,5 @@
 module ActiveHashcash
-  class ApplicationMailer < ActionMailer::Base
+  class ApplicationMailer < ActionMailer::Base # :nodoc:
     default from: "from@example.com"
     layout "mailer"
   end

data/app/models/active_hashcash/application_record.rb

@@ -1,5 +1,5 @@
 module ActiveHashcash
-  class ApplicationRecord < ActiveRecord::Base
+  class ApplicationRecord < ActiveRecord::Base # :nodoc:
     self.abstract_class = true
   end
 end

data/app/models/active_hashcash/stamp.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module ActiveHashcash
+  # This is the model to store hashcash stamps.
+  # Unless you need something really specific, you should not need interact directly with that class.
   class Stamp < ApplicationRecord
     validates_presence_of :version, :bits, :date, :resource, :rand, :counter
 
@@ -24,6 +26,8 @@ module ActiveHashcash
       scope
     end
 
+    # Verify and save the hashcash stamp.
+    # Saving in the database prevent from double spending the same stamp.
     def self.spend(string, resource, bits, date, options = {})
       return false unless stamp = parse(string)
       stamp.attributes = options
@@ -32,9 +36,11 @@ module ActiveHashcash
       false
     end
 
+    # Pare and instanciate a stamp from a sting which respects the hashcash format:
+    #
+    #   ver:bits:date:resource:[ext]:rand:counter
     def self.parse(string)
-      return unless string
-      args = string.split(":")
+      args = string.to_s.split(":")
       return if args.size != 7
       new(version: args[0], bits: args[1], date: Date.strptime(args[2], ActiveHashcash.date_format), resource: args[3], ext: args[4], rand: args[5], counter: args[6])
     end

data/config/locales/ca.yml

@@ -0,0 +1,4 @@
+ca:
+  active_hashcash:
+    waiting_label: "Esperant a validar el formulari..."
+    submit_filter: Filtra

data/db/migrate/20240215143453_create_active_hashcash_stamps.rb

@@ -1,3 +1,10 @@
+# Successful hashcash stamp are stored in the database.
+# This migration creates the table for the model ActiveHashcash::Stamp.
+# Run the following commands to add it to your Rails application:
+#
+#   rails active_hashcash:install:migrations
+#   rails db:migrate
+#
 class CreateActiveHashcashStamps < ActiveRecord::Migration[5.2]
   def change
     create_table :active_hashcash_stamps do |t|

data/lib/active_hashcash/engine.rb

@@ -1,5 +1,5 @@
 module ActiveHashcash
-  class Engine < ::Rails::Engine
+  class Engine < ::Rails::Engine # :nodoc:
     config.assets.paths << File.expand_path("../..", __FILE__) if config.respond_to?(:assets)
 
     isolate_namespace ActiveHashcash

data/lib/active_hashcash/version.rb

@@ -1,3 +1,3 @@
 module ActiveHashcash
-  VERSION = "0.3.1"
+  VERSION = "0.4.0"
 end

data/lib/active_hashcash.rb

@@ -1,11 +1,23 @@
 require "active_hashcash/version"
 require "active_hashcash/engine"
 
+# ActiveHashcash protects Rails applications against bots and brute force attacks without annoying humans.
+# See the rdoc-ref:README.md for more explanations about Hashcash.
+#
+# Include this module into your Rails controller.
+#
+#   class SessionController < ApplicationController
+#     include ActiveHashcash
+#
+#     before_action :check_hashcash, only: :create
+#   end
+#
+# Your are welcome to override most of the methods to customize to your needs.
+# For example, if your app runs behind a loab balancer you should probably override #hashcash_ip_address.
+#
 module ActiveHashcash
   extend ActiveSupport::Concern
 
-  include ActionView::Helpers::FormTagHelper
-
   included do
     helper_method :hashcash_hidden_field_tag
   end
@@ -18,7 +30,14 @@ module ActiveHashcash
 
   mattr_accessor :date_format, instance_accessor: false, default: "%y%m%d"
 
-  # Call me via a before_action when the form is submitted : `before_action :check_hashcash, only: :create`
+  mattr_accessor :base_controller_class, default: "ActionController::Base"
+
+  # Call that method via a before_action when the form is submitted:
+  #
+  #   before_action :check_hashcash, only: :create
+  #
+  # In case of invalid hashcash it calls hashcash_after_failure that you can override.
+  # Otherwise, hashcash stamp is stored in database to prevent from double spending.
   def check_hashcash
     attrs = {
       ip_address: hashcash_ip_address,
@@ -32,21 +51,26 @@ module ActiveHashcash
     end
   end
 
-  # Override the methods below in your controller, to change any parameter or behaviour.
-
+  # Returns remote IP address.
+  # They are used to automatically increase complexity when the same IP sends many valid hashcash.
+  # If you're app is behind a load balancer, you should probably override it to read the right HTTP header.
   def hashcash_ip_address
     request.remote_ip
   end
 
+  # Return current request path to be saved to the sucessful ActiveHash::Stamp.
+  # If multiple forms are protected via hashcash this is an interesting info.
   def hashcash_request_path
     request.path
   end
 
+  # Override this method to store custom data for each stamp.
+  # It must returns a hash or nil.
   def hashcash_stamp_context
-    # Override this method to store custom data for each stamp
   end
 
-  # By default the host name is used as the resource.
+  # This is the resource used to build the hashcash stamp.
+  # By default the host name is returned.
   # It' should be good for most cases and prevent from reusing the same stamp between sites.
   def hashcash_resource
     ActiveHashcash.resource || request.host
@@ -54,7 +78,7 @@ module ActiveHashcash
 
   # Returns the complexity, the higher the slower it is.
   # Complexity is increased logarithmicly for each IP during the last 24H to slowdown brute force attacks.
-  # The minimun value returned is `ActiveHashcash.bits`.
+  # The minimun value returned is ActiveHashcash.bits.
   def hashcash_bits
     if (previous_stamp_count = ActiveHashcash::Stamp.where(ip_address: hashcash_ip_address).where(created_at: 1.day.ago..).count) > 0
       (ActiveHashcash.bits + Math.log2(previous_stamp_count)).floor
@@ -73,7 +97,9 @@ module ActiveHashcash
     t("active_hashcash.waiting_label")
   end
 
-  # Override to provide a different behaviour when hashcash failed
+  # That method is called when #check_hashcash fails.
+  # It raises ActionController::InvalidAuthenticityToken so HTTP response will be 422 by default.
+  # Override this method to provide a different behaviour.
   def hashcash_after_failure
     raise ActionController::InvalidAuthenticityToken.new("Invalid hashcash #{hashcash_param}")
   end
@@ -85,8 +111,14 @@ module ActiveHashcash
 
   # Call it inside the form that have to be protected and don't forget to initialize the JavaScript Hascash.setup().
   # Unless you need something really special, you should not need to override this method.
+  #
+  #   <% form_for model do |form| %>
+  #     <%= hashcash_hidden_field_tag %>
+  #
+  #   <% end %>
+  #
   def hashcash_hidden_field_tag(name = :hashcash)
     options = {resource: hashcash_resource, bits: hashcash_bits, waiting_message: hashcash_waiting_message}
-    hidden_field_tag(name, "", "data-hashcash" => options.to_json)
+    view_context.hidden_field_tag(name, "", "data-hashcash" => options.to_json)
   end
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: active_hashcash
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Alexis Bernard
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-04 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -62,6 +61,7 @@ files:
 - app/views/active_hashcash/stamps/index.html.erb
 - app/views/active_hashcash/stamps/show.html.erb
 - app/views/layouts/active_hashcash/application.html.erb
+- config/locales/ca.yml
 - config/locales/de.yml
 - config/locales/en.yml
 - config/locales/es.yml
@@ -74,7 +74,6 @@ files:
 - lib/active_hashcash.rb
 - lib/active_hashcash/engine.rb
 - lib/active_hashcash/version.rb
-- lib/hashcash.js
 - lib/tasks/active_hashcash_tasks.rake
 homepage: https://github.com/BaseSecrete/active_hashcash
 licenses:
@@ -83,7 +82,6 @@ metadata:
   homepage_uri: https://github.com/BaseSecrete/active_hashcash
   source_code_uri: https://github.com/BaseSecrete/active_hashcash
   changelog_uri: https://github.com/BaseSecrete/active_hashcash/CHANGELOG.md
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -98,8 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
-signing_key: 
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Protect Rails applications against bots and brute force attacks without annoying
   humans.

data/lib/hashcash.js

@@ -1,257 +0,0 @@
-// http://www.hashcash.org/docs/hashcash.html
-// <input type="hiden" name="hashcash" data-hashcash="{resource: 'site.example', bits: 16}"/>
-Hashcash = function(input) {
-  options = JSON.parse(input.getAttribute("data-hashcash"))
-  Hashcash.disableParentForm(input, options)
-  input.dispatchEvent(new CustomEvent("hashcash:mint", {bubbles: true}))
-
-  Hashcash.mint(options.resource, options, function(stamp) {
-    input.value = stamp.toString()
-    Hashcash.enableParentForm(input, options)
-    input.dispatchEvent(new CustomEvent("hashcash:minted", {bubbles: true, detail: {stamp: stamp}}))
-  })
-}
-
-Hashcash.setup = function() {
-  if (document.readyState != "loading") {
-    var input = document.querySelector("input#hashcash")
-    input && new Hashcash(input)
-  } else
-    document.addEventListener("DOMContentLoaded", Hashcash.setup )
-}
-
-Hashcash.disableParentForm = function(input, options) {
-  input.form.querySelectorAll("[type=submit]").forEach(function(submit) {
-    submit.originalValue = submit.value
-    options["waiting_message"] && (submit.value = options["waiting_message"])
-    submit.disabled = true
-  })
-}
-
-Hashcash.enableParentForm = function(input, options) {
-  input.form.querySelectorAll("[type=submit]").forEach(function(submit) {
-    submit.originalValue && (submit.value = submit.originalValue)
-    submit.disabled = null
-  })
-}
-
-Hashcash.default = {
-  version: 1,
-  bits: 20,
-  extension: null,
-}
-
-Hashcash.mint = function(resource, options, callback) {
-  // Format date to YYMMDD
-  var date = new Date
-  var year = date.getFullYear().toString()
-  year = year.slice(year.length - 2, year.length)
-  var month = (date.getMonth() + 1).toString().padStart(2, "0")
-  var day = date.getDate().toString().padStart(2, "0")
-
-  var stamp = new Hashcash.Stamp(
-    options.version || Hashcash.default.version,
-    options.bits || Hashcash.default.bits,
-    options.date || year + month + day,
-    resource,
-    options.extension || Hashcash.default.extension,
-    options.rand || Math.random().toString(36).substr(2, 10),
-  )
-  return stamp.work(callback)
-}
-
-Hashcash.Stamp = function(version, bits, date, resource, extension, rand, counter = 0) {
-  this.version = version
-  this.bits = bits
-  this.date = date
-  this.resource = resource
-  this.extension = extension
-  this.rand = rand
-  this.counter = counter
-}
-
-Hashcash.Stamp.parse = function(string) {
-  var args = string.split(":")
-  return new Hashcash.Stamp(args[0], args[1], args[2], args[3], args[4], args[5], args[6])
-}
-
-Hashcash.Stamp.prototype.toString = function() {
-  return [this.version, this.bits, this.date, this.resource, this.extension, this.rand, this.counter].join(":")
-}
-
-// Trigger the given callback when the problem is solved.
-// In order to not freeze the page, setTimeout is called every 100ms to let some CPU to other tasks.
-Hashcash.Stamp.prototype.work = function(callback) {
-  this.startClock()
-  var timer = performance.now()
-  while (!this.check())
-    if (this.counter++ && performance.now() - timer > 100)
-      return setTimeout(this.work.bind(this), 0, callback)
-  this.stopClock()
-  callback(this)
-}
-
-Hashcash.Stamp.prototype.check = function() {
-  var array = Hashcash.sha1(this.toString())
-  return array[0] >> (160-this.bits) == 0
-}
-
-Hashcash.Stamp.prototype.startClock = function() {
-  this.startedAt || (this.startedAt = performance.now())
-}
-
-Hashcash.Stamp.prototype.stopClock = function() {
-  this.endedAt || (this.endedAt = performance.now())
-  var duration = this.endedAt - this.startedAt
-  var speed = Math.round(this.counter * 1000 / duration)
-  console.debug("Hashcash " + this.toString() + " minted in " + duration + "ms (" + speed + " per seconds)")
-}
-
-/**
- * Secure Hash Algorithm (SHA1)
- * http://www.webtoolkit.info/
- **/
-Hashcash.sha1 = function(msg) {
-  var rotate_left = Hashcash.sha1.rotate_left
-  var Utf8Encode = Hashcash.sha1.Utf8Encode
-
-  var blockstart;
-  var i, j;
-  var W = new Array(80);
-  var H0 = 0x67452301;
-  var H1 = 0xEFCDAB89;
-  var H2 = 0x98BADCFE;
-  var H3 = 0x10325476;
-  var H4 = 0xC3D2E1F0;
-  var A, B, C, D, E;
-  var temp;
-  msg = Utf8Encode(msg);
-  var msg_len = msg.length;
-  var word_array = new Array();
-  for (i = 0; i < msg_len - 3; i += 4) {
-    j = msg.charCodeAt(i) << 24 | msg.charCodeAt(i + 1) << 16 |
-      msg.charCodeAt(i + 2) << 8 | msg.charCodeAt(i + 3);
-    word_array.push(j);
-  }
-  switch (msg_len % 4) {
-    case 0:
-      i = 0x080000000;
-      break;
-    case 1:
-      i = msg.charCodeAt(msg_len - 1) << 24 | 0x0800000;
-      break;
-    case 2:
-      i = msg.charCodeAt(msg_len - 2) << 24 | msg.charCodeAt(msg_len - 1) << 16 | 0x08000;
-      break;
-    case 3:
-      i = msg.charCodeAt(msg_len - 3) << 24 | msg.charCodeAt(msg_len - 2) << 16 | msg.charCodeAt(msg_len - 1) << 8 | 0x80;
-      break;
-  }
-  word_array.push(i);
-  while ((word_array.length % 16) != 14) word_array.push(0);
-  word_array.push(msg_len >>> 29);
-  word_array.push((msg_len << 3) & 0x0ffffffff);
-  for (blockstart = 0; blockstart < word_array.length; blockstart += 16) {
-    for (i = 0; i < 16; i++) W[i] = word_array[blockstart + i];
-    for (i = 16; i <= 79; i++) W[i] = rotate_left(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);
-    A = H0;
-    B = H1;
-    C = H2;
-    D = H3;
-    E = H4;
-    for (i = 0; i <= 19; i++) {
-      temp = (rotate_left(A, 5) + ((B & C) | (~B & D)) + E + W[i] + 0x5A827999) & 0x0ffffffff;
-      E = D;
-      D = C;
-      C = rotate_left(B, 30);
-      B = A;
-      A = temp;
-    }
-    for (i = 20; i <= 39; i++) {
-      temp = (rotate_left(A, 5) + (B ^ C ^ D) + E + W[i] + 0x6ED9EBA1) & 0x0ffffffff;
-      E = D;
-      D = C;
-      C = rotate_left(B, 30);
-      B = A;
-      A = temp;
-    }
-    for (i = 40; i <= 59; i++) {
-      temp = (rotate_left(A, 5) + ((B & C) | (B & D) | (C & D)) + E + W[i] + 0x8F1BBCDC) & 0x0ffffffff;
-      E = D;
-      D = C;
-      C = rotate_left(B, 30);
-      B = A;
-      A = temp;
-    }
-    for (i = 60; i <= 79; i++) {
-      temp = (rotate_left(A, 5) + (B ^ C ^ D) + E + W[i] + 0xCA62C1D6) & 0x0ffffffff;
-      E = D;
-      D = C;
-      C = rotate_left(B, 30);
-      B = A;
-      A = temp;
-    }
-    H0 = (H0 + A) & 0x0ffffffff;
-    H1 = (H1 + B) & 0x0ffffffff;
-    H2 = (H2 + C) & 0x0ffffffff;
-    H3 = (H3 + D) & 0x0ffffffff;
-    H4 = (H4 + E) & 0x0ffffffff;
-  }
-  return [H0, H1, H2, H3, H4]
-}
-
-Hashcash.hexSha1 = function(msg) {
-  var array = Hashcash.sha1(msg)
-  var cvt_hex = Hashcash.sha1.cvt_hex
-  return cvt_hex(array[0]) + cvt_hex(array[1]) + cvt_hex(array[2]) + cvt_hex(array3) + cvt_hex(array[4])
-}
-
-Hashcash.sha1.rotate_left = function(n, s) {
-  var t4 = (n << s) | (n >>> (32 - s));
-  return t4;
-};
-
-Hashcash.sha1.lsb_hex = function(val) {
-  var str = '';
-  var i;
-  var vh;
-  var vl;
-  for (i = 0; i <= 6; i += 2) {
-    vh = (val >>> (i * 4 + 4)) & 0x0f;
-    vl = (val >>> (i * 4)) & 0x0f;
-    str += vh.toString(16) + vl.toString(16);
-  }
-  return str;
-};
-
-Hashcash.sha1.cvt_hex = function(val) {
-  var str = '';
-  var i;
-  var v;
-  for (i = 7; i >= 0; i--) {
-    v = (val >>> (i * 4)) & 0x0f;
-    str += v.toString(16);
-  }
-  return str;
-};
-
-Hashcash.sha1.Utf8Encode = function(string) {
-  string = string.replace(/\r\n/g, '\n');
-  var utftext = '';
-  for (var n = 0; n < string.length; n++) {
-    var c = string.charCodeAt(n);
-    if (c < 128) {
-      utftext += String.fromCharCode(c);
-    } else if ((c > 127) && (c < 2048)) {
-      utftext += String.fromCharCode((c >> 6) | 192);
-      utftext += String.fromCharCode((c & 63) | 128);
-    } else {
-      utftext += String.fromCharCode((c >> 12) | 224);
-      utftext += String.fromCharCode(((c >> 6) & 63) | 128);
-      utftext += String.fromCharCode((c & 63) | 128);
-    }
-  }
-  return utftext;
-};
-
-Hashcash.setup()