Pow phalanx connection (#341)

* edit redis prefix and change db service name * add control socket support * fix incorrect socket response * add whitelist functionality and add two stats * update readme * add blacklist sync * add update_model placeholder * update dependencies * fix deepsource issues
RuiSiang · May 23, 2022 · 7022f72 · 7022f72
1 parent 5ba7da8
commit 7022f72
Show file tree

Hide file tree

Showing 18 changed files with 825 additions and 1,268 deletions.
diff --git a/.env.example b/.env.example
@@ -2,7 +2,7 @@ PORT=3000
 SESSION_KEY="abcdefghijklmnop"
 POW=on
 NONCE_VALIDITY=60000
-INITIAL_DIFFICULTY=13
+DIFFICULTY=13
 BACKEND_URL="http://example.com"
 
 DATABASE_HOST=127.0.0.1
@@ -23,4 +23,8 @@ WAF_BODY_EXCLUDE_RULES=
 
 SSL=off
 SSL_CERT_PATH=
-SSL_KEY_PATH=
+SSL_KEY_PATH=
+
+SOCKET=off
+SOCKET_URL=http://hostname:port
+SOCKET_TOKEN=pow-phalanx-subscription-token
diff --git a/README.md b/README.md
@@ -48,6 +48,13 @@ PoW Shield aims to provide the following services bundled in a single webapp / d
 - Multi-Instance Syncing (Redis)
 - SSL Support
 
+Supported via [PoW Phalanx](https://github.com/ruisiang/PoW-Phalanx) controller:
+- Multi-instance Management
+- Whitelist tokens
+- Blacklist IP syncing
+- Dynamic difficulty control
+- Dashboard
+
 ## How it Works
 
 So basically, PoW Shield works as a proxy in front of the actual web app/service. It conducts verification via proof-of-work and only proxies authorized traffic through to the actual server. The proxy is easily installable, and is capable of protecting low security applications with a WAF.
@@ -79,7 +86,7 @@ You can configure PoW Shield via the following methods.
 | DATABASE_PASSWORD            | Redis      | null                    | redis service password                                                                                                                                            |
 | POW                          | PoW        | on                      | toggles PoW functionality on/off (if not temporary switched off, why use this project at all?)                                                                    |
 | NONCE_VALIDITY               | PoW        | 60000                   | specifies the maximum seconds a nonce has to be submitted to the server after generation(used to enforce difficulty change and filter out stale nonces)           |
-| INITIAL_DIFFICULTY           | PoW        | 13                      | initial difficulty, number of leading 0-bits in produced hash (0:extremely easy ~ 256:impossible, 13(default) takes about 5 seconds for the browser to calculate) |
+| DIFFICULTY                   | PoW        | 13                      | problem difficulty, number of leading 0-bits in produced hash (0:extremely easy ~ 256:impossible, 13(default) takes about 5 seconds for the browser to calculate) |
 | RATE_LIMIT                   | Rate Limit | on                      | toggles ratelimit functionality on/off                                                                                                                            |
 | RATE_LIMIT_SAMPLE_MINUTES    | Rate Limit | 60                      | specifies how many minutes until statistics reset for session/ip                                                                                                  |
 | RATE_LIMIT_SESSION_THRESHOLD | Rate Limit | 100                     | number of requests that a single session can make until triggering token revocation                                                                               |
@@ -93,6 +100,9 @@ You can configure PoW Shield via the following methods.
 | SSL                          | SSL        | off                     | toggles SSL functionality on/off                                                                                                                                  |
 | SSL_CERT_PATH                | SSL        | tests/ssl/mock-cert.pem | path to SSL certificate password                                                                                                                                  |
 | SSL_KEY_PATH                 | SSL        | tests/ssl/mock-key.pem  | path to SSL key                                                                                                                                                   |
+| SOCKET                       | Socket     | off                     | toggles socket functionality on/off                                                                                                                               |
+| SOCKET_URL                   | Socket     |                         | location of PoW Phalanx controller, IP and URLs are both accepted(accepts protocol://url:port or protocol://ip:port)                                              |
+| SOCKET_TOKEN                 | Socket     |                         | subscription token for PoW Phalanx controller                                                                                                                     |
 
 ## Usage
 

diff --git a/app.ts b/app.ts
@@ -11,6 +11,7 @@ import config from './service/util/config-parser'
 import powRouter from './routes/pow-router'
 import testRouter from './routes/test-router'
 import { controller } from './service/controller-service'
+import Client from './service/util/socket'
 
 app.keys = [config.session_key]
 app.use(
@@ -57,6 +58,9 @@ app.use(
 )
 
 // service and routes
+if (config.socket) {
+  Client.getInstance()
+}
 if (process.env.NODE_ENV === 'test' || process.env.NODE_ENV === 'standalone') {
   app.use(testRouter.routes())
 }

diff --git a/docker-compose.example.yaml b/docker-compose.example.yaml
@@ -9,7 +9,7 @@ services:
       - 'SESSION_KEY=abcdefghijklmnop'
       - 'POW=on'
       - 'NONCE_VALIDITY=60000'
-      - 'INITIAL_DIFFICULTY=13'
+      - 'DIFFICULTY=13'
       - 'BACKEND_URL=http://webapp:80'
       - 'DATABASE_HOST=redis'
       - 'DATABASE_PORT=6379'