xref: /plugin/botmon/captcha.js (revision ad279a215c0c174eeb976c8d0e216df09c40c48a) ! 
1"use strict";
2/* DokuWiki BotMon Captcha JavaScript */
3/* 23.10.2025 - 0.1.2 - pre-release */
4/* Author: Sascha Leib <ad@hominem.info> */
5
6const $BMCaptcha = {
7
8	init: function() {
9		document.getElementsByTagName('body')[0].classList.add('botmon_captcha');
10		$BMCaptcha._cbDly = 1.5;
11		$BMCaptcha.install()
12	},
13
14	install: function() {
15
16		// localisation helper function:
17		let _loc = function(id, alt) {
18			if ($BMLocales && $BMLocales[id]) return $BMLocales[id];
19			return alt;
20		}
21
22		// find the parent element:
23		let bm_parent = document.getElementsByTagName('body')[0];
24
25		// create the dialog:
26		const dlg = document.createElement('dialog');
27		dlg.setAttribute('closedby', 'none');
28		dlg.setAttribute('open', 'open');
29		dlg.setAttribute('role', 'alertdialog');
30		dlg.setAttribute('aria-labelledby', 'botmon_captcha_title');
31		dlg.classList.add('checking');
32		dlg.id = 'botmon_captcha_box';
33		dlg.innerHTML = '<h2 id="botmon_captcha_title">' + _loc('dlgTitle', 'Title') + '</h2><p>' + _loc('dlgSubtitle', 'Subtitle') + '</p>';
34
35		// Checkbox:
36		const lbl = document.createElement('label');
37		lbl.setAttribute('aria-live', 'assertive');
38		lbl.innerHTML = '<span class="confirm">' + _loc('dlgConfirm', "Confirm.") + '</span>' +
39			'<span class="busy"></span><span class="checking">' + _loc('dlgChecking', "Checking") + '</span>' +
40			'<span class="loading">' + _loc('dlgLoading', "Loading") + '</span>' +
41			'<span class="erricon">&#65533;</span><span class="error">' + _loc('dlgError', "Error") + '</span>';
42		const cb = document.createElement('input');
43		cb.setAttribute('type', 'checkbox');
44		cb.setAttribute('disabled', 'disabled');
45		cb.addEventListener('click', $BMCaptcha._cbCallback);
46		lbl.prepend(cb);
47
48		dlg.appendChild(lbl);
49
50		bm_parent.appendChild(dlg);
51
52		// call the delayed callback in a couple of seconds:
53		$BMCaptcha._st = performance.now();
54		setTimeout($BMCaptcha._delayedCallback, $BMCaptcha._cbDly * 1000);
55	},
56
57	/* creates a digest hash for the cookie function */
58	digest: {
59
60		/* simple SHA hash function - adapted from https://geraintluff.github.io/sha256/ */
61		hash: function(ascii) {
62
63			// shortcut:
64			const sha256 = $BMCaptcha.digest.hash;
65
66			// helper function
67			const rightRotate = function(v, a) {
68				return (v>>>a) | (v<<(32 - a));
69			};
70
71			var mathPow = Math.pow;
72			var maxWord = mathPow(2, 32);
73			var lengthProperty = 'length'
74			var i, j;
75			var result = ''
76
77			var words = [];
78			var asciiBitLength = ascii[lengthProperty]*8;
79
80			//* caching results is optional - remove/add slash from front of this line to toggle
81			// Initial hash value: first 32 bits of the fractional parts of the square roots of the first 8 primes
82			// (we actually calculate the first 64, but extra values are just ignored)
83			var hash = sha256.h = sha256.h || [];
84			// Round constants: first 32 bits of the fractional parts of the cube roots of the first 64 primes
85			var k = sha256.k = sha256.k || [];
86			var primeCounter = k[lengthProperty];
87			/*/
88			var hash = [], k = [];
89			var primeCounter = 0;
90			//*/
91
92			var isComposite = {};
93			for (var candidate = 2; primeCounter < 64; candidate++) {
94				if (!isComposite[candidate]) {
95					for (i = 0; i < 313; i += candidate) {
96						isComposite[i] = candidate;
97					}
98					hash[primeCounter] = (mathPow(candidate, .5)*maxWord)|0;
99					k[primeCounter++] = (mathPow(candidate, 1/3)*maxWord)|0;
100				}
101			}
102
103			ascii += '\x80' // Append Ƈ' bit (plus zero padding)
104			while (ascii[lengthProperty]%64 - 56) ascii += '\x00' // More zero padding
105			for (i = 0; i < ascii[lengthProperty]; i++) {
106				j = ascii.charCodeAt(i);
107				if (j>>8) return; // ASCII check: only accept characters in range 0-255
108				words[i>>2] |= j << ((3 - i)%4)*8;
109			}
110			words[words[lengthProperty]] = ((asciiBitLength/maxWord)|0);
111			words[words[lengthProperty]] = (asciiBitLength)
112
113			// process each chunk
114			for (j = 0; j < words[lengthProperty];) {
115				var w = words.slice(j, j += 16); // The message is expanded into 64 words as part of the iteration
116				var oldHash = hash;
117				// This is now the undefinedworking hash", often labelled as variables a...g
118				// (we have to truncate as well, otherwise extra entries at the end accumulate
119				hash = hash.slice(0, 8);
120
121				for (i = 0; i < 64; i++) {
122					var i2 = i + j;
123					// Expand the message into 64 words
124					// Used below if
125					var w15 = w[i - 15], w2 = w[i - 2];
126
127					// Iterate
128					var a = hash[0], e = hash[4];
129					var temp1 = hash[7]
130						+ (rightRotate(e, 6) ^ rightRotate(e, 11) ^ rightRotate(e, 25)) // S1
131						+ ((e&hash[5])^((~e)&hash[6])) // ch
132						+ k[i]
133						// Expand the message schedule if needed
134						+ (w[i] = (i < 16) ? w[i] : (
135								w[i - 16]
136								+ (rightRotate(w15, 7) ^ rightRotate(w15, 18) ^ (w15>>>3)) // s0
137								+ w[i - 7]
138								+ (rightRotate(w2, 17) ^ rightRotate(w2, 19) ^ (w2>>>10)) // s1
139							)|0
140						);
141					// This is only used once, so *could* be moved below, but it only saves 4 bytes and makes things unreadble
142					var temp2 = (rightRotate(a, 2) ^ rightRotate(a, 13) ^ rightRotate(a, 22)) // S0
143						+ ((a&hash[1])^(a&hash[2])^(hash[1]&hash[2])); // maj
144
145					hash = [(temp1 + temp2)|0].concat(hash); // We don't bother trimming off the extra ones, they're harmless as long as we're truncating when we do the slice()
146					hash[4] = (hash[4] + temp1)|0;
147				}
148
149				for (i = 0; i < 8; i++) {
150					hash[i] = (hash[i] + oldHash[i])|0;
151				}
152			}
153
154			for (i = 0; i < 8; i++) {
155				for (j = 3; j + 1; j--) {
156					var b = (hash[i]>>(j*8))&255;
157					result += ((b < 16) ? 0 : '') + b.toString(16);
158				}
159			}
160			return result;
161		}
162	},
163
164	_cbCallback: function(e) {
165		if (e.target.checked) {
166			//document.getElementById('botmon_captcha_box').close();
167
168			try {
169				var $status = 'loading';
170
171				// generate the hash:
172				const dat = [ // the data to encode
173					document._botmon.seed || '',
174					location.hostname,
175					document._botmon.ip || '0.0.0.0',
176					(new Date()).toISOString().substring(0, 10)
177				];
178				if ($BMCaptcha._st - performance.now() >= 0) dat.push($BMCaptcha._st - performance.now());
179				const hash = $BMCaptcha.digest.hash(dat.join('|'));
180
181				// set the cookie:
182				document.cookie = "DWConfirm=" + encodeURIComponent(hash) + ';path=/;hostOnly;session;sameSite=strict;'
183					+ (document.location.protocol === 'https:' ? 'secure;' : '');
184
185			} catch (err) {
186				console.error(err);
187				$status = 'error';
188			}
189
190			// change the interface:
191			const dlg = document.getElementById('botmon_captcha_box');
192			if (dlg) {
193				dlg.classList.remove('ready');
194				dlg.classList.add( $status );
195			}
196
197			// reload the page:
198			if ($status !== 'error')window.location.reload(true);
199		}
200	},
201
202	_delayedCallback: function() {
203		const dlg = document.getElementById('botmon_captcha_box');
204		if (dlg) {
205			dlg.classList.remove('checking');
206			dlg.classList.add('ready');
207
208			const input = dlg.getElementsByTagName('input')[0];
209			if (input) {
210				input.removeAttribute('disabled');
211				input.focus();
212				setTimeout($BMCaptcha._autoCheck, 200, input);
213			}
214		}
215	},
216	_cbDly: null,
217	_st: null,
218
219	_autoCheck: function(e) {
220
221		let bPass = 0;
222		const threshold = 1;
223
224		const pLang = document.documentElement.lang || 'en';
225		if (pLang !== 'en') {
226			const cntLangs = navigator.languages.map(lang => lang.split('-')[0]);
227			if (cntLangs.indexOf(pLang) >= 0) bPass += 1;
228		}
229
230		if (bPass >= threshold) e.click();
231	}
232}
233// initialise the captcha module:
234$BMCaptcha.init();