diff --git a/constants.py b/constants.py index a7daa26..88ab9e0 100644 --- a/constants.py +++ b/constants.py @@ -9,8 +9,8 @@ UPLOAD_DIR = "uploads" MINIMUM_COSINE_SIMILARITY = 0.4 WORD_TO_COMPARE = "hand touching grass" DATABASE_FILE = "data.db" -MINIMUM_OCR_SIMILARITY = 0.7 -OCR_CHALLENGE_LENGTH = 1 +MINIMUM_OCR_SIMILARITY = 0.55 +OCR_CHALLENGE_LENGTH = 4 ACHIEVEMENTS = [ [1, "I went outside!", "Brag to your friends with this one! You went outside the first time in your life. Continue on your journey."], diff --git a/main.py b/main.py index 4e6e382..9469dc9 100644 --- a/main.py +++ b/main.py @@ -6,7 +6,7 @@ from PIL import Image from jina import get_grass_touching_similarity from ocr_check import generate_challenge, check_text_similarity -import os, flask_login, uuid, base64, sqlite3, bcrypt, secrets, hashlib, time, threading +import os, flask_login, uuid, base64, sqlite3, bcrypt, secrets, hashlib, time, threading, html if os.path.exists(".env"): load_dotenv(".env") @@ -328,6 +328,11 @@ def register(): elif request.method == "POST": username, password = request.form.get("username"), request.form.get("password") + if username != html.escape(username, quote=True): + return "No XSS please" + + username = html.escape(username, quote=True) + if not challenges.get(username): return Response("Start and finish a challenge before registering.", 401) @@ -356,7 +361,11 @@ def register(): @flask_login.login_required def change_username(): username = flask_login.current_user.id - new_username = request.form["new_username"] + + if request.form["new_username"] != html.escape(request.form["new_username"], quote=True): + return "No XSS please" + + new_username = html.escape(request.form["new_username"], quote=True) cur = get_db().cursor() diff --git a/ocr_check.py b/ocr_check.py index 060210e..eb96801 100644 --- a/ocr_check.py +++ b/ocr_check.py @@ -1,8 +1,6 @@ import easyocr, difflib, random, string from constants import OCR_CHALLENGE_LENGTH -from english_words import get_english_words_set -words = list(get_english_words_set(['gcide'], lower=True, alpha=True)) reader = easyocr.Reader(['en']) def check_text_similarity(image_path, text): @@ -12,4 +10,4 @@ def check_text_similarity(image_path, text): return image_text, similarity def generate_challenge(username): - return f"{username} {' '.join([random.choice(words) for _ in range(OCR_CHALLENGE_LENGTH)])}" \ No newline at end of file + return f"{username} {''.join([str(random.randint(0, 10)) for _ in range(OCR_CHALLENGE_LENGTH)])}" \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 9585263..508f5ce 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,6 @@ readme = "README.md" requires-python = ">=3.11" dependencies = [ "bcrypt>=4.3.0", - "english-words>=2.0.1", "flask>=3.1.1", "flask-login>=0.6.3", "pillow>=11.3.0", diff --git a/requirements.txt b/requirements.txt index dffabe2..fb9e85e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,8 +10,6 @@ charset-normalizer==3.4.3 # via requests click==8.2.1 # via flask -english-words==2.0.1 - # via grass-touching-captcha (pyproject.toml) flask==3.1.1 # via # grass-touching-captcha (pyproject.toml) diff --git a/templates/submit_grass_touching.jinja2 b/templates/submit_grass_touching.jinja2 index 4bc62c8..df34ce4 100644 --- a/templates/submit_grass_touching.jinja2 +++ b/templates/submit_grass_touching.jinja2 @@ -44,7 +44,7 @@
-
To complete this challenge, you need to submit a picture of you touching grass next to a paper containing the following text: Loading...
+
To complete this challenge, you need to submit a picture of you touching grass next to a paper containing the following text(use black markers, strictly uppercase and not handwritten letters): Loading...
@@ -153,7 +153,7 @@ function get_challenge() { }).then(response => { response.text().then(challenge_text => { if (challenge_text) { - document.getElementById("challengehelp").innerHTML = `To complete this challenge, you need to submit a picture of you touching grass next to a paper containing the following text: ${challenge_text}` + document.getElementById("challengehelp").innerHTML = `To complete this challenge, you need to submit a picture of you touching grass next to a paper containing the following text(use black markers, strictly uppercase and not handwritten letters): ${challenge_text}` } }) diff --git a/uv.lock b/uv.lock index 60cda1d..7894c21 100644 --- a/uv.lock +++ b/uv.lock @@ -148,12 +148,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload_time = "2022-10-25T02:36:20.889Z" }, ] -[[package]] -name = "english-words" -version = "2.0.1" -source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/94/d1/78b51ad44e4a318ee4f6d32a0b344a918d5fd690de0b0ff6a116b1bc97cf/english-words-2.0.1.tar.gz", hash = "sha256:a4105c57493bb757a3d8973fcf8e1dc05e7ca09c836dff467c3fb445f84bc43d", size = 8151936, upload_time = "2023-05-24T15:10:50.093Z" } - [[package]] name = "flask" version = "3.1.1" @@ -190,7 +184,6 @@ version = "0.1.0" source = { virtual = "." } dependencies = [ { name = "bcrypt" }, - { name = "english-words" }, { name = "flask" }, { name = "flask-login" }, { name = "pillow" }, @@ -201,7 +194,6 @@ dependencies = [ [package.metadata] requires-dist = [ { name = "bcrypt", specifier = ">=4.3.0" }, - { name = "english-words", specifier = ">=2.0.1" }, { name = "flask", specifier = ">=3.1.1" }, { name = "flask-login", specifier = ">=0.6.3" }, { name = "pillow", specifier = ">=11.3.0" },