challenge/resource-load: use proper redirect URL to current issued challenge, add static/dynamic cache bust

2025-05-13 23:43:31 +02:00
parent 3abdc2ee5b
commit 163fce6cfc
6 changed files with 25 additions and 15 deletions
--- a/lib/challenge/helper.go
+++ b/lib/challenge/helper.go
@@ -8,7 +8,9 @@ import (
 	"git.gammaspectra.live/git/go-away/utils"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
+	"time"
 )

 var ErrInvalidToken = errors.New("invalid token")
@@ -47,6 +49,7 @@ const (
 	QueryArgRequestId = QueryArgPrefix + "_id"
 	QueryArgChallenge = QueryArgPrefix + "_challenge"
 	QueryArgToken     = QueryArgPrefix + "_token"
+	QueryArgBust      = QueryArgPrefix + "_bust"
 )

 const MakeChallengeUrlSuffix = "/make-challenge"
@@ -96,6 +99,7 @@ func VerifyUrl(r *http.Request, reg *Registration, token string) (*url.URL, erro
 	values.Set(QueryArgRedirect, redirectUrl.String())
 	values.Set(QueryArgToken, token)
 	values.Set(QueryArgChallenge, reg.Name)
+	values.Set(QueryArgBust, strconv.FormatInt(time.Now().UTC().UnixMilli(), 10))
 	uri.RawQuery = values.Encode()

 	return uri, nil
--- a/lib/challenge/resource-load/resource-load.go
+++ b/lib/challenge/resource-load/resource-load.go
@@ -23,9 +23,13 @@ func FillRegistrationHeader(state challenge.StateInterface, reg *challenge.Regis
 			return challenge.VerifyResultFail
 		}

+		redirectUri, err := challenge.RedirectUrl(r, reg)
+		if err != nil {
+			return challenge.VerifyResultFail
+		}
 		// self redirect!
 		//TODO: adjust deadline
-		w.Header().Set("Refresh", "2; url="+r.URL.String())
+		w.Header().Set("Refresh", "2; url="+redirectUri.String())

 		state.ChallengePage(w, r, state.Settings().ChallengeResponseCode, reg, map[string]any{
 			"LinkTags": []map[string]string{
--- a/lib/challenge/script.go
+++ b/lib/challenge/script.go
@@ -23,6 +23,7 @@ func ServeChallengeScript(w http.ResponseWriter, r *http.Request, reg *Registrat
 		//TODO: log
 		panic(err)
 	}
+
 	data.ResponseHeaders(w)
 	w.WriteHeader(http.StatusOK)

@@ -30,7 +31,7 @@ func ServeChallengeScript(w http.ResponseWriter, r *http.Request, reg *Registrat
 		"Id":              data.Id.String(),
 		"Path":            reg.Path,
 		"Parameters":      paramData,
-		"Random":          utils.CacheBust(),
+		"Random":          utils.StaticCacheBust(),
 		"Challenge":       reg.Name,
 		"ChallengeScript": script,
 		"Strings":         data.State.Strings(),
--- a/lib/challenge/wasm/registration.go
+++ b/lib/challenge/wasm/registration.go
@@ -97,7 +97,7 @@ func FillJavaScriptRegistration(state challenge.StateInterface, reg *challenge.R
 	reg.IssueChallenge = func(w http.ResponseWriter, r *http.Request, key challenge.Key, expiry time.Time) challenge.VerifyResult {
 		state.ChallengePage(w, r, state.Settings().ChallengeResponseCode, reg, map[string]any{
 			"EndTags": []template.HTML{
-				template.HTML(fmt.Sprintf("<script async type=\"module\" src=\"%s?cacheBust=%s\"></script>", reg.Path+"/script.mjs", utils.CacheBust())),
+				template.HTML(fmt.Sprintf("<script async type=\"module\" src=\"%s?cacheBust=%s\"></script>", reg.Path+"/script.mjs", utils.StaticCacheBust())),
 			},
 		})
 		return challenge.VerifyResultNone
@@ -164,6 +164,8 @@ func FillJavaScriptRegistration(state challenge.StateInterface, reg *challenge.R
 				w.Header()[k] = v
 			}
 			w.Header().Set("Content-Length", fmt.Sprintf("%d", len(out.Data)))
+
+			data.ResponseHeaders(w)
 			w.WriteHeader(out.Code)
 			_, _ = w.Write(out.Data)
 			return nil