Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/randomairborne/robopow

A test of a proof-of-work anti-DDOS system
https://github.com/randomairborne/robopow

Last synced: 20 days ago
JSON representation

A test of a proof-of-work anti-DDOS system

Host: GitHub
URL: https://github.com/randomairborne/robopow
Owner: randomairborne
Created: 2023-11-25T01:05:34.000Z (12 months ago)
Default Branch: main
Last Pushed: 2024-10-07T14:13:17.000Z (about 1 month ago)
Last Synced: 2024-10-13T11:49:17.260Z (about 1 month ago)
Language: Rust
Homepage:
Size: 55.7 KB
Stars: 3
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Robopow

For shooting robots- pew pew!!

Robopow is a CAPTCHA-like service that is designed to stop

DDOS and large-scale automated attacks. It does **not** offer any

protection against malicious users operating at a small scale, or

who have very large budgets. User beware.

It uses a large number of sha512sum nonce calculations. It's kinda cool I guess.

Import the script:

```html

```

Client JS:

```js

// All optional

const settings = {

    zeros: 12, // Number of zero-bits at the start of sums

    challenges: 8, // Number of nonces that must be computed

    timeout: 15, // timeout in seconds. Tune this to your target devices.

};

const {token, nonces} = await Robopow.verifyCaptcha(

    "https://robopow.valk.sh/api",

);

const request = await fetch(`http://yourapi.example.com/captcha/${token}`, {

    method: "POST",

    body: JSON.stringify(nonces),

    headers: {

        "content-type": "application/json",

    },

});

```

On your server:

```js

const nonces = getRequestJson(); // As long as the order is preserved, you can transmit the nonce list to your server however you want

const token = getPathFragment(); // Ditto the above

// asking the server if the request is valid

const request = await fetch(`https://robopow.valk.sh/api/v0/verify/${token}`, {

    method: "POST",

    body: JSON.stringify(nonces), // Remember to preserve the order!!

    headers: {

        "content-type": "application/json",

    },

});

const response = await request.json(); // Returns json object, documented below

```

Validate that this response object is equal to the

configuration set in your client JS on your server.

If valid is false, then the client did not properly

solve the challenge, and you should deny the request.

```json

{

  "params": {

    "zeros": 12,

    "challenges": 8,

    "timeout": 15

  },

  "valid": true

}

```