Skip to content

Per n accesses challenge#2

Merged
PhotonQuantum merged 4 commits into
masterfrom
feat/stateful
Apr 26, 2025
Merged

Per n accesses challenge#2
PhotonQuantum merged 4 commits into
masterfrom
feat/stateful

Conversation

@PhotonQuantum

@PhotonQuantum PhotonQuantum commented Apr 26, 2025

Copy link
Copy Markdown
Member

This is the first divergence from Anubis. Now, we require a user to repeat the challenge every few accesses. This is to ensure that we waste an attacker's computational resources to the extent that it becomes non-sustainable for the attacker to perform the attack.

This will undoubtedly slow down legitimate users, but we believe it is a necessary evil to protect our infrastructure. After all, a slowdown is better than a complete outage.

Additionally, this PR addresses a previous vulnerability in Anubis that allowed malicious users to perform replay attacks, effectively bypassing the challenge. This was not immediately apparent in Anubis, as it grants each user a 1-week pass, leaving the door wide open even without this vulnerability.

github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 26, 2025
View reviewed changes
Comment thread web/dist/main.mjs
@@ -1 +1 @@
(()=>{function f(l,e=5,t=null,s=null,a=navigator.hardwareConcurrency||1){return console.debug("fast algo"),new Promise((o,n)=>{let d=URL.createObjectURL(new Blob(["(",w(),")()"],{type:"application/javascript"})),m=[],u=()=>{m.forEach(i=>i.terminate()),t!=null&&(t.removeEventListener("abort",u),t.aborted&&(console.log("PoW aborted"),n(!1)))};t?.addEventListener("abort",u,{once:!0});for(let i=0;i<a;i++){let r=new Worker(d);r.onmessage=c=>{typeof c.data=="number"?s?.(c.data):(u(),o(c.data))},r.onerror=c=>{u(),n(c)},r.postMessage({data:l,difficulty:e,nonce:i,threads:a}),m.push(r)}URL.revokeObjectURL(d)})}function w(){return function(){let l=t=>{let s=new TextEncoder().encode(t);return crypto.subtle.digest("SHA-256",s.buffer)};function e(t){return Array.from(t).map(s=>s.toString(16).padStart(2,"0")).join("")}addEventListener("message",async t=>{let s=t.data.data,a=t.data.difficulty,o,n=t.data.nonce,d=t.data.threads,m=n;for(;;){let u=await l(s+n),i=new Uint8Array(u),r=!0;for(let p=0;p<a;p++){let y=Math.floor(p/2),h=p%2;if((i[y]>>(h===0?4:0)&15)!==0){r=!1;break}}if(r){o=e(i),console.log(o);break}let c=n;n+=d,n>c|1023&&(n>>10)%d===m&&postMessage(n)}postMessage({hash:o,data:s,difficulty:a,nonce:n})})}.toString()}var g=class{static state={baseURL:"",version:"1.0.0"};static elements={title:null,mascot:null,status:null,metrics:null,message:null,progressContainer:null,progressBar:null};static initialize(e){this.state={...this.state,...e},this.elements={title:document.getElementById("title"),mascot:document.getElementById("mascot"),status:document.getElementById("status"),metrics:document.getElementById("metrics"),message:document.getElementById("message"),progressContainer:document.getElementById("progress-container"),progressBar:document.getElementById("progress-bar")}}static setState(e,t={}){switch(e){case"checking":this.setChecking(t);break;case"success":this.setSuccess(t);break}}static setChecking(e){this.elements.title.textContent=e.title||"Making sure you're not a bot!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-puzzle.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Calculating...",this.elements.progressContainer.classList.remove("hidden"),this.setCheckingProgress(e.progress,e.metrics,e.message)}static setCheckingProgress(e,t,s){e!==void 0&&(this.elements.progressBar.style.width=`${e}%`),t!==void 0&&(t===""?this.elements.metrics.classList.add("hidden"):(this.elements.metrics.classList.remove("hidden"),this.elements.metrics.textContent=t)),s!==void 0&&(this.elements.message.textContent=s)}static setSuccess(e){this.elements.title.textContent="Success!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-pass.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Done!",this.elements.metrics.textContent=e.metrics||"Took ?, ? iterations",this.elements.message.textContent=e.message||"",this.elements.progressContainer.classList.add("hidden")}};function C(l,e,t){console.log("post url",`${t}/answer`);let s=document.createElement("form");s.method="POST",s.action=`${t}/answer`;let a=document.createElement("input");a.type="hidden",a.name="response",a.value=l;let o=document.createElement("input");o.type="hidden",o.name="nonce",o.value=e;let n=document.createElement("input");return n.type="hidden",n.name="redir",n.value=window.location.href,console.log("redir value",n.value),s.appendChild(a),s.appendChild(o),s.appendChild(n),document.body.appendChild(s),s}(async()=>{let l=JSON.parse(document.getElementById("challenge").textContent),e=JSON.parse(document.getElementById("difficulty").textContent),t=JSON.parse(document.getElementById("baseURL").textContent),s=JSON.parse(document.getElementById("version").textContent);g.initialize({baseURL:t,version:s}),g.setState("checking",{metrics:`Difficulty: ${e}, Speed: calculating...`,message:""});let a=Date.now(),o=0,n=Math.pow(16,-e),{hash:d,nonce:m}=await f(l,e,null,r=>{let c=Math.pow(1-n,r),p=(1-Math.pow(c,2))*100,h=Date.now()-a;if(console.log("delta",h,"lastUpdate",o,"delta - lastUpdate",h-o),h-o>100){let b=r/h;g.setCheckingProgress(p,`Difficulty: ${e}, Speed: ${b.toFixed(3)}kH/s`,c<.01?"This is taking longer than expected. Please do not refresh the page.":void 0),o=h}}),u=Date.now();console.log({hash:d,nonce:m}),g.setState("success",{status:"Verification Complete!",metrics:`Took ${u-a}ms, ${m} iterations`});let i=C(d,m,t);setTimeout(()=>{i.submit()},250)})();})();
(()=>{function b(u,e=5,t=null,o=null,d=navigator.hardwareConcurrency||1){return console.debug("fast algo"),new Promise((m,n)=>{let r=URL.createObjectURL(new Blob(["(",k(),")()"],{type:"application/javascript"})),c=[],l=()=>{c.forEach(a=>a.terminate()),t!=null&&(t.removeEventListener("abort",l),t.aborted&&(console.log("PoW aborted"),n(!1)))};t?.addEventListener("abort",l,{once:!0});for(let a=0;a<d;a++){let i=new Worker(r);i.onmessage=s=>{typeof s.data=="number"?o?.(s.data):(l(),m(s.data))},i.onerror=s=>{l(),n(s)},i.postMessage({data:u,difficulty:e,nonce:a,threads:d}),c.push(i)}URL.revokeObjectURL(r)})}function k(){return function(){let u=t=>{let o=new TextEncoder().encode(t);return crypto.subtle.digest("SHA-256",o.buffer)};function e(t){return Array.from(t).map(o=>o.toString(16).padStart(2,"0")).join("")}addEventListener("message",async t=>{let o=t.data.data,d=t.data.difficulty,m,n=t.data.nonce,r=t.data.threads,c=n;for(;;){let l=await u(o+n),a=new Uint8Array(l),i=!0;for(let p=0;p<d;p++){let y=Math.floor(p/2),f=p%2;if((a[y]>>(f===0?4:0)&15)!==0){i=!1;break}}if(i){m=e(a),console.log(m);break}let s=n;n+=r,n>s|1023&&(n>>10)%r===c&&postMessage(n)}postMessage({hash:m,data:o,difficulty:d,nonce:n})})}.toString()}var h=class{static state={baseURL:"",version:"unknown"};static elements={title:null,mascot:null,status:null,metrics:null,message:null,progressContainer:null,progressBar:null};static initialize(e){this.state={...this.state,...e},this.elements={title:document.getElementById("title"),mascot:document.getElementById("mascot"),status:document.getElementById("status"),metrics:document.getElementById("metrics"),message:document.getElementById("message"),progressContainer:document.getElementById("progress-container"),progressBar:document.getElementById("progress-bar")}}static setState(e,t={}){switch(e){case"checking":this.setChecking(t);break;case"success":this.setSuccess(t);break}}static setChecking(e){this.elements.title.textContent=e.title||"Making sure you're not a bot!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-puzzle.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Calculating...",this.elements.progressContainer.classList.remove("hidden"),this.setCheckingProgress(e.progress,e.metrics,e.message)}static setCheckingProgress(e,t,o){e!==void 0&&(this.elements.progressBar.style.width=`${e}%`),t!==void 0&&(t===""?this.elements.metrics.classList.add("hidden"):(this.elements.metrics.classList.remove("hidden"),this.elements.metrics.textContent=t)),o!==void 0&&(this.elements.message.textContent=o)}static setSuccess(e){this.elements.title.textContent="Success!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-pass.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Done!",this.elements.metrics.textContent=e.metrics||"Took ?, ? iterations",this.elements.message.textContent=e.message||"",this.elements.progressContainer.classList.add("hidden")}};function x(u,e,t,o,d,m){let n=document.createElement("form");n.method="POST",n.action=`${t}/answer`;let r=document.createElement("input");r.type="hidden",r.name="response",r.value=u;let c=document.createElement("input");c.type="hidden",c.name="solution",c.value=e;let l=document.createElement("input");l.type="hidden",l.name="nonce",l.value=o;let a=document.createElement("input");a.type="hidden",a.name="ts",a.value=d;let i=document.createElement("input");i.type="hidden",i.name="signature",i.value=m;let s=document.createElement("input");return s.type="hidden",s.name="redir",s.value=window.location.href,n.appendChild(r),n.appendChild(c),n.appendChild(l),n.appendChild(a),n.appendChild(i),n.appendChild(s),document.body.appendChild(n),n}(async()=>{let u=JSON.parse(document.getElementById("challenge").textContent),e=JSON.parse(document.getElementById("difficulty").textContent),t=JSON.parse(document.getElementById("baseURL").textContent),o=JSON.parse(document.getElementById("version").textContent),d=JSON.parse(document.getElementById("nonce").textContent),m=JSON.parse(document.getElementById("ts").textContent),n=JSON.parse(document.getElementById("signature").textContent);h.initialize({baseURL:t,version:o}),h.setState("checking",{metrics:`Difficulty: ${e}, Speed: calculating...`,message:""});let r=Date.now(),c=0,l=Math.pow(16,-e),a=`${u}|${d}|${m}|${n}`,{hash:i,nonce:s}=await b(a,e,null,f=>{let C=Math.pow(1-l,f),w=(1-Math.pow(C,2))*100,g=Date.now()-r;if(console.log("delta",g,"lastUpdate",c,"delta - lastUpdate",g-c),g-c>100){let E=f/g;h.setCheckingProgress(w,`Difficulty: ${e}, Speed: ${E.toFixed(3)}kH/s`,C<.01?"This is taking longer than expected. Please do not refresh the page.":void 0),c=g}}),p=Date.now();console.log({hash:i,solution:s}),h.setState("success",{status:"Verification Complete!",metrics:`Took ${p-r}ms, ${s} iterations`});let y=x(i,s,t,d,m,n);setTimeout(()=>{y.submit()},250)})();})();

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI about 1 year ago

To fix the issue, the value of t (derived from document.getElementById("baseURL").textContent) should be sanitized or validated before being used in the template literal. A simple and effective approach is to use a URL parser to validate and construct the URL safely. The URL constructor in JavaScript can be used for this purpose, as it ensures that the resulting URL is well-formed and prevents injection of malicious content.

Suggested changeset 1
web/dist/main.mjs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/web/dist/main.mjs b/web/dist/main.mjs
--- a/web/dist/main.mjs
+++ b/web/dist/main.mjs
@@ -1 +1 @@
-(()=>{function b(u,e=5,t=null,o=null,d=navigator.hardwareConcurrency||1){return console.debug("fast algo"),new Promise((m,n)=>{let r=URL.createObjectURL(new Blob(["(",k(),")()"],{type:"application/javascript"})),c=[],l=()=>{c.forEach(a=>a.terminate()),t!=null&&(t.removeEventListener("abort",l),t.aborted&&(console.log("PoW aborted"),n(!1)))};t?.addEventListener("abort",l,{once:!0});for(let a=0;a<d;a++){let i=new Worker(r);i.onmessage=s=>{typeof s.data=="number"?o?.(s.data):(l(),m(s.data))},i.onerror=s=>{l(),n(s)},i.postMessage({data:u,difficulty:e,nonce:a,threads:d}),c.push(i)}URL.revokeObjectURL(r)})}function k(){return function(){let u=t=>{let o=new TextEncoder().encode(t);return crypto.subtle.digest("SHA-256",o.buffer)};function e(t){return Array.from(t).map(o=>o.toString(16).padStart(2,"0")).join("")}addEventListener("message",async t=>{let o=t.data.data,d=t.data.difficulty,m,n=t.data.nonce,r=t.data.threads,c=n;for(;;){let l=await u(o+n),a=new Uint8Array(l),i=!0;for(let p=0;p<d;p++){let y=Math.floor(p/2),f=p%2;if((a[y]>>(f===0?4:0)&15)!==0){i=!1;break}}if(i){m=e(a),console.log(m);break}let s=n;n+=r,n>s|1023&&(n>>10)%r===c&&postMessage(n)}postMessage({hash:m,data:o,difficulty:d,nonce:n})})}.toString()}var h=class{static state={baseURL:"",version:"unknown"};static elements={title:null,mascot:null,status:null,metrics:null,message:null,progressContainer:null,progressBar:null};static initialize(e){this.state={...this.state,...e},this.elements={title:document.getElementById("title"),mascot:document.getElementById("mascot"),status:document.getElementById("status"),metrics:document.getElementById("metrics"),message:document.getElementById("message"),progressContainer:document.getElementById("progress-container"),progressBar:document.getElementById("progress-bar")}}static setState(e,t={}){switch(e){case"checking":this.setChecking(t);break;case"success":this.setSuccess(t);break}}static setChecking(e){this.elements.title.textContent=e.title||"Making sure you're not a bot!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-puzzle.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Calculating...",this.elements.progressContainer.classList.remove("hidden"),this.setCheckingProgress(e.progress,e.metrics,e.message)}static setCheckingProgress(e,t,o){e!==void 0&&(this.elements.progressBar.style.width=`${e}%`),t!==void 0&&(t===""?this.elements.metrics.classList.add("hidden"):(this.elements.metrics.classList.remove("hidden"),this.elements.metrics.textContent=t)),o!==void 0&&(this.elements.message.textContent=o)}static setSuccess(e){this.elements.title.textContent="Success!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-pass.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Done!",this.elements.metrics.textContent=e.metrics||"Took ?, ? iterations",this.elements.message.textContent=e.message||"",this.elements.progressContainer.classList.add("hidden")}};function x(u,e,t,o,d,m){let n=document.createElement("form");n.method="POST",n.action=`${t}/answer`;let r=document.createElement("input");r.type="hidden",r.name="response",r.value=u;let c=document.createElement("input");c.type="hidden",c.name="solution",c.value=e;let l=document.createElement("input");l.type="hidden",l.name="nonce",l.value=o;let a=document.createElement("input");a.type="hidden",a.name="ts",a.value=d;let i=document.createElement("input");i.type="hidden",i.name="signature",i.value=m;let s=document.createElement("input");return s.type="hidden",s.name="redir",s.value=window.location.href,n.appendChild(r),n.appendChild(c),n.appendChild(l),n.appendChild(a),n.appendChild(i),n.appendChild(s),document.body.appendChild(n),n}(async()=>{let u=JSON.parse(document.getElementById("challenge").textContent),e=JSON.parse(document.getElementById("difficulty").textContent),t=JSON.parse(document.getElementById("baseURL").textContent),o=JSON.parse(document.getElementById("version").textContent),d=JSON.parse(document.getElementById("nonce").textContent),m=JSON.parse(document.getElementById("ts").textContent),n=JSON.parse(document.getElementById("signature").textContent);h.initialize({baseURL:t,version:o}),h.setState("checking",{metrics:`Difficulty: ${e}, Speed: calculating...`,message:""});let r=Date.now(),c=0,l=Math.pow(16,-e),a=`${u}|${d}|${m}|${n}`,{hash:i,nonce:s}=await b(a,e,null,f=>{let C=Math.pow(1-l,f),w=(1-Math.pow(C,2))*100,g=Date.now()-r;if(console.log("delta",g,"lastUpdate",c,"delta - lastUpdate",g-c),g-c>100){let E=f/g;h.setCheckingProgress(w,`Difficulty: ${e}, Speed: ${E.toFixed(3)}kH/s`,C<.01?"This is taking longer than expected. Please do not refresh the page.":void 0),c=g}}),p=Date.now();console.log({hash:i,solution:s}),h.setState("success",{status:"Verification Complete!",metrics:`Took ${p-r}ms, ${s} iterations`});let y=x(i,s,t,d,m,n);setTimeout(()=>{y.submit()},250)})();})();
+(()=>{function b(u,e=5,t=null,o=null,d=navigator.hardwareConcurrency||1){return console.debug("fast algo"),new Promise((m,n)=>{let r=URL.createObjectURL(new Blob(["(",k(),")()"],{type:"application/javascript"})),c=[],l=()=>{c.forEach(a=>a.terminate()),t!=null&&(t.removeEventListener("abort",l),t.aborted&&(console.log("PoW aborted"),n(!1)))};t?.addEventListener("abort",l,{once:!0});for(let a=0;a<d;a++){let i=new Worker(r);i.onmessage=s=>{typeof s.data=="number"?o?.(s.data):(l(),m(s.data))},i.onerror=s=>{l(),n(s)},i.postMessage({data:u,difficulty:e,nonce:a,threads:d}),c.push(i)}URL.revokeObjectURL(r)})}function k(){return function(){let u=t=>{let o=new TextEncoder().encode(t);return crypto.subtle.digest("SHA-256",o.buffer)};function e(t){return Array.from(t).map(o=>o.toString(16).padStart(2,"0")).join("")}addEventListener("message",async t=>{let o=t.data.data,d=t.data.difficulty,m,n=t.data.nonce,r=t.data.threads,c=n;for(;;){let l=await u(o+n),a=new Uint8Array(l),i=!0;for(let p=0;p<d;p++){let y=Math.floor(p/2),f=p%2;if((a[y]>>(f===0?4:0)&15)!==0){i=!1;break}}if(i){m=e(a),console.log(m);break}let s=n;n+=r,n>s|1023&&(n>>10)%r===c&&postMessage(n)}postMessage({hash:m,data:o,difficulty:d,nonce:n})})}.toString()}var h=class{static state={baseURL:"",version:"unknown"};static elements={title:null,mascot:null,status:null,metrics:null,message:null,progressContainer:null,progressBar:null};static initialize(e){this.state={...this.state,...e},this.elements={title:document.getElementById("title"),mascot:document.getElementById("mascot"),status:document.getElementById("status"),metrics:document.getElementById("metrics"),message:document.getElementById("message"),progressContainer:document.getElementById("progress-container"),progressBar:document.getElementById("progress-bar")}}static setState(e,t={}){switch(e){case"checking":this.setChecking(t);break;case"success":this.setSuccess(t);break}}static setChecking(e){this.elements.title.textContent=e.title||"Making sure you're not a bot!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-puzzle.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Calculating...",this.elements.progressContainer.classList.remove("hidden"),this.setCheckingProgress(e.progress,e.metrics,e.message)}static setCheckingProgress(e,t,o){e!==void 0&&(this.elements.progressBar.style.width=`${e}%`),t!==void 0&&(t===""?this.elements.metrics.classList.add("hidden"):(this.elements.metrics.classList.remove("hidden"),this.elements.metrics.textContent=t)),o!==void 0&&(this.elements.message.textContent=o)}static setSuccess(e){this.elements.title.textContent="Success!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-pass.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Done!",this.elements.metrics.textContent=e.metrics||"Took ?, ? iterations",this.elements.message.textContent=e.message||"",this.elements.progressContainer.classList.add("hidden")}};function x(u,e,t,o,d,m){let n=document.createElement("form");n.method="POST";try { t = new URL(t).toString(); } catch { console.error("Invalid baseURL"); return; } n.action=`${t}/answer`;let r=document.createElement("input");r.type="hidden",r.name="response",r.value=u;let c=document.createElement("input");c.type="hidden",c.name="solution",c.value=e;let l=document.createElement("input");l.type="hidden",l.name="nonce",l.value=o;let a=document.createElement("input");a.type="hidden",a.name="ts",a.value=d;let i=document.createElement("input");i.type="hidden",i.name="signature",i.value=m;let s=document.createElement("input");return s.type="hidden",s.name="redir",s.value=window.location.href,n.appendChild(r),n.appendChild(c),n.appendChild(l),n.appendChild(a),n.appendChild(i),n.appendChild(s),document.body.appendChild(n),n}(async()=>{let u=JSON.parse(document.getElementById("challenge").textContent),e=JSON.parse(document.getElementById("difficulty").textContent),t=JSON.parse(document.getElementById("baseURL").textContent),o=JSON.parse(document.getElementById("version").textContent),d=JSON.parse(document.getElementById("nonce").textContent),m=JSON.parse(document.getElementById("ts").textContent),n=JSON.parse(document.getElementById("signature").textContent);h.initialize({baseURL:t,version:o}),h.setState("checking",{metrics:`Difficulty: ${e}, Speed: calculating...`,message:""});let r=Date.now(),c=0,l=Math.pow(16,-e),a=`${u}|${d}|${m}|${n}`,{hash:i,nonce:s}=await b(a,e,null,f=>{let C=Math.pow(1-l,f),w=(1-Math.pow(C,2))*100,g=Date.now()-r;if(console.log("delta",g,"lastUpdate",c,"delta - lastUpdate",g-c),g-c>100){let E=f/g;h.setCheckingProgress(w,`Difficulty: ${e}, Speed: ${E.toFixed(3)}kH/s`,C<.01?"This is taking longer than expected. Please do not refresh the page.":void 0),c=g}}),p=Date.now();console.log({hash:i,solution:s}),h.setState("success",{status:"Verification Complete!",metrics:`Took ${p-r}ms, ${s} iterations`});let y=x(i,s,t,d,m,n);setTimeout(()=>{y.submit()},250)})();})();
EOF
@@ -1 +1 @@
(()=>{function b(u,e=5,t=null,o=null,d=navigator.hardwareConcurrency||1){return console.debug("fast algo"),new Promise((m,n)=>{let r=URL.createObjectURL(new Blob(["(",k(),")()"],{type:"application/javascript"})),c=[],l=()=>{c.forEach(a=>a.terminate()),t!=null&&(t.removeEventListener("abort",l),t.aborted&&(console.log("PoW aborted"),n(!1)))};t?.addEventListener("abort",l,{once:!0});for(let a=0;a<d;a++){let i=new Worker(r);i.onmessage=s=>{typeof s.data=="number"?o?.(s.data):(l(),m(s.data))},i.onerror=s=>{l(),n(s)},i.postMessage({data:u,difficulty:e,nonce:a,threads:d}),c.push(i)}URL.revokeObjectURL(r)})}function k(){return function(){let u=t=>{let o=new TextEncoder().encode(t);return crypto.subtle.digest("SHA-256",o.buffer)};function e(t){return Array.from(t).map(o=>o.toString(16).padStart(2,"0")).join("")}addEventListener("message",async t=>{let o=t.data.data,d=t.data.difficulty,m,n=t.data.nonce,r=t.data.threads,c=n;for(;;){let l=await u(o+n),a=new Uint8Array(l),i=!0;for(let p=0;p<d;p++){let y=Math.floor(p/2),f=p%2;if((a[y]>>(f===0?4:0)&15)!==0){i=!1;break}}if(i){m=e(a),console.log(m);break}let s=n;n+=r,n>s|1023&&(n>>10)%r===c&&postMessage(n)}postMessage({hash:m,data:o,difficulty:d,nonce:n})})}.toString()}var h=class{static state={baseURL:"",version:"unknown"};static elements={title:null,mascot:null,status:null,metrics:null,message:null,progressContainer:null,progressBar:null};static initialize(e){this.state={...this.state,...e},this.elements={title:document.getElementById("title"),mascot:document.getElementById("mascot"),status:document.getElementById("status"),metrics:document.getElementById("metrics"),message:document.getElementById("message"),progressContainer:document.getElementById("progress-container"),progressBar:document.getElementById("progress-bar")}}static setState(e,t={}){switch(e){case"checking":this.setChecking(t);break;case"success":this.setSuccess(t);break}}static setChecking(e){this.elements.title.textContent=e.title||"Making sure you're not a bot!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-puzzle.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Calculating...",this.elements.progressContainer.classList.remove("hidden"),this.setCheckingProgress(e.progress,e.metrics,e.message)}static setCheckingProgress(e,t,o){e!==void 0&&(this.elements.progressBar.style.width=`${e}%`),t!==void 0&&(t===""?this.elements.metrics.classList.add("hidden"):(this.elements.metrics.classList.remove("hidden"),this.elements.metrics.textContent=t)),o!==void 0&&(this.elements.message.textContent=o)}static setSuccess(e){this.elements.title.textContent="Success!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-pass.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Done!",this.elements.metrics.textContent=e.metrics||"Took ?, ? iterations",this.elements.message.textContent=e.message||"",this.elements.progressContainer.classList.add("hidden")}};function x(u,e,t,o,d,m){let n=document.createElement("form");n.method="POST",n.action=`${t}/answer`;let r=document.createElement("input");r.type="hidden",r.name="response",r.value=u;let c=document.createElement("input");c.type="hidden",c.name="solution",c.value=e;let l=document.createElement("input");l.type="hidden",l.name="nonce",l.value=o;let a=document.createElement("input");a.type="hidden",a.name="ts",a.value=d;let i=document.createElement("input");i.type="hidden",i.name="signature",i.value=m;let s=document.createElement("input");return s.type="hidden",s.name="redir",s.value=window.location.href,n.appendChild(r),n.appendChild(c),n.appendChild(l),n.appendChild(a),n.appendChild(i),n.appendChild(s),document.body.appendChild(n),n}(async()=>{let u=JSON.parse(document.getElementById("challenge").textContent),e=JSON.parse(document.getElementById("difficulty").textContent),t=JSON.parse(document.getElementById("baseURL").textContent),o=JSON.parse(document.getElementById("version").textContent),d=JSON.parse(document.getElementById("nonce").textContent),m=JSON.parse(document.getElementById("ts").textContent),n=JSON.parse(document.getElementById("signature").textContent);h.initialize({baseURL:t,version:o}),h.setState("checking",{metrics:`Difficulty: ${e}, Speed: calculating...`,message:""});let r=Date.now(),c=0,l=Math.pow(16,-e),a=`${u}|${d}|${m}|${n}`,{hash:i,nonce:s}=await b(a,e,null,f=>{let C=Math.pow(1-l,f),w=(1-Math.pow(C,2))*100,g=Date.now()-r;if(console.log("delta",g,"lastUpdate",c,"delta - lastUpdate",g-c),g-c>100){let E=f/g;h.setCheckingProgress(w,`Difficulty: ${e}, Speed: ${E.toFixed(3)}kH/s`,C<.01?"This is taking longer than expected. Please do not refresh the page.":void 0),c=g}}),p=Date.now();console.log({hash:i,solution:s}),h.setState("success",{status:"Verification Complete!",metrics:`Took ${p-r}ms, ${s} iterations`});let y=x(i,s,t,d,m,n);setTimeout(()=>{y.submit()},250)})();})();
(()=>{function b(u,e=5,t=null,o=null,d=navigator.hardwareConcurrency||1){return console.debug("fast algo"),new Promise((m,n)=>{let r=URL.createObjectURL(new Blob(["(",k(),")()"],{type:"application/javascript"})),c=[],l=()=>{c.forEach(a=>a.terminate()),t!=null&&(t.removeEventListener("abort",l),t.aborted&&(console.log("PoW aborted"),n(!1)))};t?.addEventListener("abort",l,{once:!0});for(let a=0;a<d;a++){let i=new Worker(r);i.onmessage=s=>{typeof s.data=="number"?o?.(s.data):(l(),m(s.data))},i.onerror=s=>{l(),n(s)},i.postMessage({data:u,difficulty:e,nonce:a,threads:d}),c.push(i)}URL.revokeObjectURL(r)})}function k(){return function(){let u=t=>{let o=new TextEncoder().encode(t);return crypto.subtle.digest("SHA-256",o.buffer)};function e(t){return Array.from(t).map(o=>o.toString(16).padStart(2,"0")).join("")}addEventListener("message",async t=>{let o=t.data.data,d=t.data.difficulty,m,n=t.data.nonce,r=t.data.threads,c=n;for(;;){let l=await u(o+n),a=new Uint8Array(l),i=!0;for(let p=0;p<d;p++){let y=Math.floor(p/2),f=p%2;if((a[y]>>(f===0?4:0)&15)!==0){i=!1;break}}if(i){m=e(a),console.log(m);break}let s=n;n+=r,n>s|1023&&(n>>10)%r===c&&postMessage(n)}postMessage({hash:m,data:o,difficulty:d,nonce:n})})}.toString()}var h=class{static state={baseURL:"",version:"unknown"};static elements={title:null,mascot:null,status:null,metrics:null,message:null,progressContainer:null,progressBar:null};static initialize(e){this.state={...this.state,...e},this.elements={title:document.getElementById("title"),mascot:document.getElementById("mascot"),status:document.getElementById("status"),metrics:document.getElementById("metrics"),message:document.getElementById("message"),progressContainer:document.getElementById("progress-container"),progressBar:document.getElementById("progress-bar")}}static setState(e,t={}){switch(e){case"checking":this.setChecking(t);break;case"success":this.setSuccess(t);break}}static setChecking(e){this.elements.title.textContent=e.title||"Making sure you're not a bot!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-puzzle.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Calculating...",this.elements.progressContainer.classList.remove("hidden"),this.setCheckingProgress(e.progress,e.metrics,e.message)}static setCheckingProgress(e,t,o){e!==void 0&&(this.elements.progressBar.style.width=`${e}%`),t!==void 0&&(t===""?this.elements.metrics.classList.add("hidden"):(this.elements.metrics.classList.remove("hidden"),this.elements.metrics.textContent=t)),o!==void 0&&(this.elements.message.textContent=o)}static setSuccess(e){this.elements.title.textContent="Success!",this.elements.mascot.src=`${this.state.baseURL}/static/img/mascot-pass.png?v=${this.state.version}`,this.elements.status.textContent=e.status||"Done!",this.elements.metrics.textContent=e.metrics||"Took ?, ? iterations",this.elements.message.textContent=e.message||"",this.elements.progressContainer.classList.add("hidden")}};function x(u,e,t,o,d,m){let n=document.createElement("form");n.method="POST";try { t = new URL(t).toString(); } catch { console.error("Invalid baseURL"); return; } n.action=`${t}/answer`;let r=document.createElement("input");r.type="hidden",r.name="response",r.value=u;let c=document.createElement("input");c.type="hidden",c.name="solution",c.value=e;let l=document.createElement("input");l.type="hidden",l.name="nonce",l.value=o;let a=document.createElement("input");a.type="hidden",a.name="ts",a.value=d;let i=document.createElement("input");i.type="hidden",i.name="signature",i.value=m;let s=document.createElement("input");return s.type="hidden",s.name="redir",s.value=window.location.href,n.appendChild(r),n.appendChild(c),n.appendChild(l),n.appendChild(a),n.appendChild(i),n.appendChild(s),document.body.appendChild(n),n}(async()=>{let u=JSON.parse(document.getElementById("challenge").textContent),e=JSON.parse(document.getElementById("difficulty").textContent),t=JSON.parse(document.getElementById("baseURL").textContent),o=JSON.parse(document.getElementById("version").textContent),d=JSON.parse(document.getElementById("nonce").textContent),m=JSON.parse(document.getElementById("ts").textContent),n=JSON.parse(document.getElementById("signature").textContent);h.initialize({baseURL:t,version:o}),h.setState("checking",{metrics:`Difficulty: ${e}, Speed: calculating...`,message:""});let r=Date.now(),c=0,l=Math.pow(16,-e),a=`${u}|${d}|${m}|${n}`,{hash:i,nonce:s}=await b(a,e,null,f=>{let C=Math.pow(1-l,f),w=(1-Math.pow(C,2))*100,g=Date.now()-r;if(console.log("delta",g,"lastUpdate",c,"delta - lastUpdate",g-c),g-c>100){let E=f/g;h.setCheckingProgress(w,`Difficulty: ${e}, Speed: ${E.toFixed(3)}kH/s`,C<.01?"This is taking longer than expected. Please do not refresh the page.":void 0),c=g}}),p=Date.now();console.log({hash:i,solution:s}),h.setState("success",{status:"Verification Complete!",metrics:`Took ${p-r}ms, ${s} iterations`});let y=x(i,s,t,d,m,n);setTimeout(()=>{y.submit()},250)})();})();
Copilot is powered by AI and may make mistakes. Always verify output.
@PhotonQuantum PhotonQuantum merged commit c183081 into master Apr 26, 2025
@PhotonQuantum PhotonQuantum deleted the feat/stateful branch April 26, 2025 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PhotonQuantum @github-advanced-security