fix: difficulty factor for "broke my site" should be greater than "peak sustainable traffic"

fixes: #151

.env.docker-compose

@@ -13,7 +13,7 @@ MCAPTCHA_redis_URL=redis://mcaptcha_redis
 MCAPTCHA_redis_POOL=4
 
 # server
-PORT=7001
+PORT=7000
 MCAPTCHA_server_DOMAIN=localhost
 MCAPTCHA__server_COOKIE_SECRET=pleasereplacethiswithrandomstring # PLEASE SET RANDOM STRING. MIN LENGTH=32
 MCAPTCHA__server_IP= 0.0.0.0
@@ -26,8 +26,8 @@ MCAPTCHA_captcha_RUNNERS=4
 MCAPTCHA_captcha_QUEUE_LENGTH=2000
 MCAPTCHA_captcha_ENABLE_STATS=true
 MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_avg_traffic_difficulty=50000 # almost instant solution
-MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_broke_my_site_traffic_difficulty=3000000 # roughly 1.5s
+MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_peak_sustainable_traffic_difficulty=3000000  # greater than 3.5s
-MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_peak_sustainable_traffic_difficulty=5000000  # greater than 3.5s
+MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_broke_my_site_traffic_difficulty=5000000 # roughly 1.5s
 MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_duration=30 # cooldown period in seconds
 MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_avg_traffic_time=1 # almost instant solution
 MCAPTCHA_captcha_DEFAULT_DIFFICULTY_STRATEGY_peak_sustainable_traffic_time=3

.github/workflows/release.yml

@@ -0,0 +1,125 @@
+name: Publish release
+
+on:
+  release:
+    type: [published]
+
+jobs:
+  build_and_test:
+    strategy:
+      fail-fast: false
+
+    name: x86_64-unknown-linux-gnu
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_PASSWORD: password
+          POSTGRES_USER: postgres
+          POSTGRES_DB: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+      mcaptcha-redis:
+        image: mcaptcha/cache
+        ports:
+          - 6379:6379
+      mcaptcha-smtp:
+        image: maildev/maildev
+        env:
+          MAILDEV_WEB_PORT: "1080"
+          MAILDEV_INCOMING_USER: "admin"
+          MAILDEV_INCOMING_PASS: "password"
+        ports:
+          - 1080:1080
+          - 10025:1025
+
+      maria:
+        image: mariadb:10
+        env:
+          MARIADB_USER: "maria"
+          MARIADB_PASSWORD: "password"
+          MARIADB_ROOT_PASSWORD: "password"
+          MARIADB_DATABASE: "maria"
+        options: >-
+          --health-cmd="mysqladmin ping"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=10
+        ports:
+          - 3306:3306
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: configure GPG key
+        run: echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback
+        env:
+          RELEASE_BOT_GPG_SIGNING_KEY: ${{ secrets.RELEASE_BOT_GPG_SIGNING_KEY }}
+
+      - name: Set release version
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: load env
+        run: |
+          source .env_sample \
+            && echo "POSTGRES_DATABASE_URL=$POSTGRES_DATABASE_URL" >> $GITHUB_ENV \
+            && echo "MARIA_DATABASE_URL=$MARIA_DATABASE_URL" >> $GITHUB_ENV
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: "20.0.0"
+
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: install nightwatch dep
+        run: sudo apt-get install xvfb
+
+      - name: Run migrations
+        run: make migrate
+        env:
+          POSTGRES_DATABASE_URL: "${{ env.POSTGRES_DATABASE_URL }}"
+          MARIA_DATABASE_URL: "${{ env.MARIA_DATABASE_URL }}"
+
+      - name: build
+        run: make
+        env:
+          POSTGRES_DATABASE_URL: "${{ env.POSTGRES_DATABASE_URL }}"
+          MARIA_DATABASE_URL: "${{ env.MARIA_DATABASE_URL }}"
+
+      - name: lint frontend
+        run: yarn lint
+
+      - name: run tests
+        run: make test
+        env:
+          POSTGRES_DATABASE_URL: "${{ env.POSTGRES_DATABASE_URL }}"
+          MARIA_DATABASE_URL: "${{ env.MARIA_DATABASE_URL }}"
+
+      - name: run integration tests
+        run: make test.integration
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: mcaptcha
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: build docker images
+        run: docker build -t mcaptcha/mcaptcha:${RELEASE_VERSION} .
+
+      - name: publish docker images
+        run: docker push mcaptcha/mcaptcha:${RELEASE_VERSION}
+
+      - name: publish bins
+        run: ./scripts/publish.sh publish $RELEASE_VERSION latest $DUMBSERVE_PASSWORD
+        env:
+          DUMBSERVE_PASSWORD: ${{ secrets.DUMBSERVE_PASSWORD }}
+          GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}

.github/workflows/tagged-release.yml

@@ -1,32 +1,32 @@
-name: Create binary for release
+#name: Create binary for release
-
+#
-# Only on tags that start with a "v"
+## Only on tags that start with a "v"
-on:
+#on:
-  push:
+#  push:
-    tags:
+#    tags:
-      - "v*"
+#      - "v*"
-
+#
-jobs:
+#jobs:
-  build:
+#  build:
-    runs-on: ubuntu-latest
+#    runs-on: ubuntu-latest
-    strategy:
+#    strategy:
-      fail-fast: false
+#      fail-fast: false
-      matrix:
+#      matrix:
-        include:
+#        include:
-          - target: x86_64-pc-windows-gnu
+#          - target: x86_64-pc-windows-gnu
-            archive: zip
+#            archive: zip
-          - target: x86_64-unknown-linux-musl
+#          - target: x86_64-unknown-linux-musl
-            archive: tar.gz tar.xz
+#            archive: tar.gz tar.xz
-          - target: x86_64-apple-darwin
+#          - target: x86_64-apple-darwin
-            archive: zip
+#            archive: zip
-    steps:
+#    steps:
-      - name: Checkout
+#      - name: Checkout
-        uses: actions/checkout@v3
+#        uses: actions/checkout@v3
-
+#
-      - name: Compile and release
+#      - name: Compile and release
-        uses: rust-build/rust-build.action@v1.3.2
+#        uses: rust-build/rust-build.action@v1.3.2
-        env:
+#        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
+#        with:
-          RUSTTARGET: ${{ matrix.target }}
+#          RUSTTARGET: ${{ matrix.target }}
-          ARCHIVE_TYPES: ${{ matrix.archive }}
+#          ARCHIVE_TYPES: ${{ matrix.archive }}

Dockerfile

@@ -31,6 +31,10 @@ RUN cargo build --release
 
 FROM debian:bookworm as mCaptcha
 LABEL org.opencontainers.image.source https://github.com/mCaptcha/mCaptcha
+RUN set -ex; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive \
+    apt-get install -y --no-install-recommends curl
 RUN useradd -ms /bin/bash -u 1001 mcaptcha
 WORKDIR /home/mcaptcha
 COPY --from=rust /src/target/release/mcaptcha /usr/local/bin/

templates/widget/index.html

@@ -21,7 +21,7 @@ SPDX-License-Identifier: MIT OR Apache-2.0
         <label class="widget__verification-container" for="widget__verification-checkbox">
           <span id="widget__verification-text"
             >I'm not a robot</span>
-          <input 
+          <input disabled
               id="widget__verification-checkbox"
               aria-valuenow="I'm not a robot"
                 aria-checked="false"

templates/widget/index.ts

@@ -3,7 +3,7 @@
 //
 // SPDX-License-Identifier: MIT OR Apache-2.0
 
-import { Work, ServiceWorkerMessage } from "./types";
+import {Work, ServiceWorkerMessage} from "./types";
 import fetchPoWConfig from "./fetchPoWConfig";
 import sendWork from "./sendWork";
 import sendToParent from "./sendToParent";
@@ -12,7 +12,17 @@ import * as CONST from "./const";
 import "./main.scss";
 
 let LOCK = false;
-const worker = new Worker("/bench.js");
+
+const workerPromise = new Promise<Worker>((res) => {
+  const worker = new Worker("/bench.js");
+  worker.onmessage = (event: MessageEvent) => {
+    const message: ServiceWorkerMessage = event.data;
+    if(message.type === "ready") {
+      console.log("worker ready");
+      res(worker);
+    }
+  };
+});
 
 /** add  mcaptcha widget element to DOM */
 export const registerVerificationEventHandler = (): void => {
@@ -20,10 +30,14 @@ export const registerVerificationEventHandler = (): void => {
     document.querySelector(".widget__verification-container")
   );
   verificationContainer.style.display = "flex";
-  CONST.btn().addEventListener("click", (e) => solveCaptchaRunner(e));
+  workerPromise.then((worker: Worker) => {
+    const btn = CONST.btn();
+    btn.disabled = false;
+    btn.addEventListener("click", (e) => solveCaptchaRunner(worker, e));
+  });
 };
 
-export const solveCaptchaRunner = async (e: Event): Promise<void> => {
+export const solveCaptchaRunner = async (worker: Worker, e: Event): Promise<void> => {
   const PROGRESS_FILL = <HTMLElement>document.querySelector(".progress__fill");
 
   const setWidth = (width: number) => {
@@ -94,7 +108,7 @@ export const solveCaptchaRunner = async (e: Event): Promise<void> => {
       }
       if (resp.type === "progress") {
         if (width < 80) {
-          width = Number(resp.nonce / max_recorded_nonce) * 100;
+          width = resp.nonce / max_recorded_nonce * 100;
           setWidth(width);
         }
         console.log(`received nonce ${resp.nonce}`);

templates/widget/prove.ts

@@ -30,7 +30,7 @@ const prove = async (
       config.string,
       config.difficulty_factor,
       STEPS,
-      progress
+      (nonce: BigInt | number) => progress(Number(nonce))
     );
     const t1 = performance.now();
     time = t1 - t0;

templates/widget/service-worker.ts

@@ -9,6 +9,12 @@ import prove from "./prove";
 import { PoWConfig, ServiceWorkerMessage, ServiceWorkerWork } from "./types";
 
 log.log("worker registered");
+
+const ready: ServiceWorkerMessage = {
+  type: "ready",
+};
+postMessage(ready);
+
 onmessage = async (e) => {
   console.debug("message received at worker");
   const config: PoWConfig = e.data;

templates/widget/types.ts

@@ -40,5 +40,6 @@ export type Token = {
 };
 
 export type ServiceWorkerMessage =
+  | { type: "ready" }
   | { type: "work"; value: ServiceWorkerWork }
   | { type: "progress"; nonce: number };