[chore] tweak NoLLaMas proof-of-work algorithm (#4090)

# Description - tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions - standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [ ] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
author: kim <grufwub@gmail.com> 2025-04-29 13:57:26 +0000
committer: tobi <kipvandenbos@noreply.codeberg.org> 2025-04-29 13:57:26 +0000
commit: 31628019fead4489d7a57868bee110f6b6e91d09 (patch)
tree: a540739f3491d23054f455e9a85afd510fbf589f /internal/middleware/nollamas_test.go
parent: [bugfix] don't prevent moved accounts from invalidating their old tokens (#4091) (diff)
download: gotosocial-31628019fead4489d7a57868bee110f6b6e91d09.tar.xz
1 files changed, 24 insertions, 9 deletions
diff --git a/internal/middleware/nollamas_test.go b/internal/middleware/nollamas_test.go
index 92a044d32..d6fdb5ff6 100644
--- a/internal/middleware/nollamas_test.go
+++ b/internal/middleware/nollamas_test.go
@@ -30,6 +30,7 @@ import (
 	"testing"
 
 	"code.superseriousbusiness.org/gotosocial/internal/api/model"
+	apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
 	"code.superseriousbusiness.org/gotosocial/internal/config"
 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
 	"code.superseriousbusiness.org/gotosocial/internal/middleware"
@@ -52,7 +53,7 @@ func TestNoLLaMasMiddleware(t *testing.T) {
 	assert.NoError(t, err)
 
 	// Add middleware to the gin engine handler stack.
-	middleware := middleware.NoLLaMas(getInstanceV1)
+	middleware := middleware.NoLLaMas(apiutil.CookiePolicy{}, getInstanceV1)
 	e.Use(middleware)
 
 	// Set test handler we can
@@ -94,8 +95,9 @@ func testNoLLaMasMiddleware(t *testing.T, e *gin.Engine, userAgent string) {
 		panic(err)
 	}
 
-	var difficulty uint64
 	var challenge string
+	var diff1 uint64
+	var diff2 uint8
 
 	// Parse output body and find the challenge / difficulty.
 	for _, line := range strings.Split(string(b), "\n") {
@@ -105,17 +107,22 @@ func testNoLLaMasMiddleware(t *testing.T, e *gin.Engine, userAgent string) {
 			line = line[25:]
 			line = line[:len(line)-1]
 			challenge = line
-		case strings.HasPrefix(line, "data-nollamas-difficulty=\""):
-			line = line[26:]
+		case strings.HasPrefix(line, "data-nollamas-difficulty1=\""):
+			line = line[27:]
 			line = line[:len(line)-1]
 			var err error
-			difficulty, err = strconv.ParseUint(line, 10, 8)
+			diff1, err = strconv.ParseUint(line, 10, 8)
 			assert.NoError(t, err)
+		case strings.HasPrefix(line, "data-nollamas-difficulty2=\""):
+			line = line[27:]
+			line = line[:len(line)-1]
+			diff2 = line[0]
 		}
 	}
 
 	// Ensure valid posed challenge.
-	assert.NotZero(t, difficulty)
+	assert.NotZero(t, diff1)
+	assert.NotZero(t, diff2)
 	assert.NotEmpty(t, challenge)
 
 	// Prepare a test request for gin engine.
@@ -124,9 +131,14 @@ func testNoLLaMasMiddleware(t *testing.T, e *gin.Engine, userAgent string) {
 	rw = httptest.NewRecorder()
 
 	// Now compute and set solution query paramater.
-	solution := computeSolution(challenge, difficulty)
+	solution := computeSolution(challenge, diff1, diff2)
 	r.URL.RawQuery = "nollamas_solution=" + solution
 
+	t.Logf("challenge=%s", challenge)
+	t.Logf("diff1=%d", diff1)
+	t.Logf("diff2='%c'", diff2)
+	t.Logf("solution=%s", solution)
+
 	// Pass req through
 	// engine handler.
 	e.ServeHTTP(rw, r)
@@ -147,18 +159,21 @@ func testNoLLaMasMiddleware(t *testing.T, e *gin.Engine, userAgent string) {
 }
 
 // computeSolution does the functional equivalent of our nollamas workerTask.js.
-func computeSolution(challenge string, difficulty uint64) string {
+func computeSolution(challenge string, diff1 uint64, diff2 uint8) string {
 outer:
 	for i := 0; ; i++ {
 		solution := strconv.Itoa(i)
 		combined := challenge + solution
 		hash := sha256.Sum256(byteutil.S2B(combined))
 		encoded := hex.EncodeToString(hash[:])
-		for i := range difficulty {
+		for i := range diff1 {
 			if encoded[i] != '0' {
 				continue outer
 			}
 		}
+		if encoded[diff1] >= diff2 {
+			continue outer
+		}
 		return solution
 	}
 }
author	kim <grufwub@gmail.com>	2025-04-29 13:57:26 +0000
committer	tobi <kipvandenbos@noreply.codeberg.org>	2025-04-29 13:57:26 +0000
commit	31628019fead4489d7a57868bee110f6b6e91d09 (patch)
tree	a540739f3491d23054f455e9a85afd510fbf589f /internal/middleware/nollamas_test.go
parent	[bugfix] don't prevent moved accounts from invalidating their old tokens (#4091) (diff)
download	gotosocial-31628019fead4489d7a57868bee110f6b6e91d09.tar.xz