From 2f0188b6207cfb343c2728f5a749b2a61693ad19 Mon Sep 17 00:00:00 2001
From: Pawel Miech <pawelmhm@gmail.com>
Date: Fri, 4 Oct 2024 08:38:25 +0200
Subject: [PATCH] add fingerprinting page

---
 spidyquotes.py       | 29 ++++++++++++++++++++++-
 templates/base.html  |  2 ++
 templates/fs-js.html | 55 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 templates/fs-js.html

diff --git a/spidyquotes.py b/spidyquotes.py
index eaace1b..1279bd8 100644
--- a/spidyquotes.py
+++ b/spidyquotes.py
@@ -3,13 +3,14 @@
 """Run app
 """
 
+import datetime
 import os
 import json
 import uuid
 import random
 import string
 import base64
-from flask import Flask, render_template, request, jsonify, session, redirect, url_for
+from flask import Flask, render_template, request, jsonify, session, redirect, url_for, make_response
 from collections import Counter, defaultdict
 from flask_limiter import Limiter
 from slugify import slugify
@@ -146,6 +147,32 @@ def random_quote():
     return render_template('index.html', quotes=[QUOTES[i]])
 
 
+
+@app.route("/fingerprint", methods=["GET", "POST"])
+def fingerprint_check():
+    if request.method == 'POST':
+        data = request.get_json()
+        result = data['result']
+        confidenceScore = result['confidence']['score']
+        clicked = data.get('clicked')
+        if confidenceScore >= 0.6 and clicked:
+            response = make_response(jsonify({"allowed": True}))
+            expire_time = datetime.datetime.utcnow() + datetime.timedelta(seconds=30)
+            response.set_cookie('score', value=str(confidenceScore),
+                expires=expire_time)
+            response.set_cookie('visitorId', value=result['visitorId'], expires=expire_time)
+            return response
+        else:
+            return jsonify({"allowed": False})
+    else:
+        score = request.cookies.get('score')
+        visitor_id = request.cookies.get('visitorId')
+        if visitor_id and score and float(score) >= 0.6:
+            return render_template('ajax.html')
+        return render_template('fs-js.html')
+
+
+
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     error = ''
diff --git a/templates/base.html b/templates/base.html
index f743643..e406341 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -5,6 +5,8 @@
 	<title>Quotes to Scrape</title>
     <link rel="stylesheet" href="{{ url_for('static', filename='bootstrap.min.css') }}">
     <link rel="stylesheet" href="{{ url_for('static', filename='main.css') }}">
+    {% block headExtend %}
+    {% endblock %}
 </head>
 <body>
     <div class="container">
diff --git a/templates/fs-js.html b/templates/fs-js.html
new file mode 100644
index 0000000..76aef11
--- /dev/null
+++ b/templates/fs-js.html
@@ -0,0 +1,55 @@
+{% extends "base.html" %}
+{%block headExtend %}
+<script src="https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js"></script>
+{% endblock %}
+{% block content %}
+
+<div class="row">
+    <div class="col-md-8" id="clickable">
+        <h2>Our system found something suspicious.</h2>
+        <h3>Click anywhere button to unlock site access</h3>
+    </div>
+
+
+<script>
+    // Initialize the FingerprintJS library
+    const fpPromise = FingerprintJS.load();
+    const myButton = document.getElementById("clickable");
+
+    // When the library is ready
+    fpPromise.then(fp => fp.get()).then(result => {
+        // Send the fingerprint to the server
+        const browserData = result.components;
+        const visitorId = result.visitorId;
+        const components = result.components;
+        let clicked = 0
+        myButton.addEventListener('click', function(event) {
+            clicked += 1
+        });
+
+        setTimeout(
+            function () {
+                fetch('/fingerprint', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify({
+                    result: result,
+                    clicked: clicked
+                })
+            })
+            .then(response => response.json())
+            .then(data => {
+                if (!data.allowed) {
+                    // If the fingerprint is not valid, redirect or block content
+                    document.body.innerHTML = "Access denied. Non-browser client detected.";
+                } else {
+                    window.location.reload(true)
+                }
+            })}, 6000);
+    });
+</script>
+
+</div>
+{% endblock %}