[minor] add proof of work failover

Author: joecorall

README.md

@@ -24,9 +24,13 @@ flowchart TD
     PROTECTED_ROUTE -- No --> Continue(Go to original destination)
     RATE_LIMIT -- Yes --> REDIRECT(Redirect to /challenge)
     RATE_LIMIT -- No --> Continue(Go to original destination)
-    REDIRECT --> CHALLENGE{turnstile/recaptcha/hcaptcha challenge}
-    CHALLENGE -- Pass --> Continue(Go to original destination)
-    CHALLENGE -- Fail --> Stuck
+    REDIRECT --> CIRCUIT{Is circuit breaker open?}
+    CIRCUIT -- Yes --> POW_CHALLENGE{Proof-of-Work challenge}
+    CIRCUIT -- No --> CAPTCHA_CHALLENGE{turnstile/recaptcha/hcaptcha challenge}
+    POW_CHALLENGE -- Pass --> Continue(Go to original destination)
+    POW_CHALLENGE -- Fail --> Stuck
+    CAPTCHA_CHALLENGE -- Pass --> Continue(Go to original destination)
+    CAPTCHA_CHALLENGE -- Fail --> Stuck
 ```
 </details>
 
@@ -99,9 +103,11 @@ services:
 | `mode`                  | `string`                | `prefix`                 | Must be: `prefix`, `suffix`, `regex`. Matching does not include query parameters. `excludeRoutes` always uses `prefix` except when `mode: regex`. Only use `regex` when needed                   |
 | `protectRoutes`         | `[]string` (required)   | `""`                     | Comma-separated list of route prefixes/suffixes/regex patterns to protect.                                                                                                                       |
 | `excludeRoutes`         | `[]string`              | `""`                     | Comma-separated list of route prefixes to **never** protect. e.g., `protectRoutes: "/"` protects the entire site. `excludeRoutes: "/ajax"` would never challenge any route starting with `/ajax` |
-| `captchaProvider`       | `string` (required)     | `""`                     | The captcha type to use. Supported values: `turnstile`, `hcaptcha`, and `recaptcha`.                                                                                                             |
+| `captchaProvider`       | `string` (required)     | `""`                     | The captcha type to use. Supported values: `turnstile`, `hcaptcha`, `recaptcha`, and `pow` (proof-of-work).                                                                                      |
 | `siteKey`               | `string` (required)     | `""`                     | The captcha site key.                                                                                                                                                                            |
 | `secretKey`             | `string` (required)     | `""`                     | The captcha secret key.                                                                                                                                                                          |
+| `periodSeconds`         | `int`                   | `30`                     | Health check interval (in seconds) for the primary captcha provider. The circuit breaker uses this to detect provider outages.                                                                    |
+| `failureThreshold`      | `int`                   | `3`                      | Number of consecutive health check failures before the circuit breaker opens and switches to proof-of-work fallback.                                                                              |
 | `rateLimit`             | `uint`                  | `20`                     | Maximum requests allowed from a subnet before a challenge is triggered.                                                                                                                          |
 | `window`                | `int`                   | `86400`                  | Duration (in seconds) for monitoring requests per subnet.                                                                                                                                        |
 | `ipv4subnetMask`        | `int`                   | `16`                     | CIDR subnet mask to group IPv4 addresses for rate limiting.                                                                                                                                      |
@@ -122,6 +128,27 @@ services:
 | `persistentStateFile`   | `string`                | `""`                     | File path to persist rate limiter state across Traefik restarts. In Docker, mount this file from the host.                                                                                       |
 | `enableStateReconciliation` | `string`            | `"false"`                | When `"true"`, reads and merges disk state before each save to prevent multiple instances from overwriting data. Adds extra I/O overhead. Only enable for multi-instance deployments sharing state. **Performance warning**: Not recommended for sites with >1M unique visitors due to reconciliation overhead (5-8s per cycle at scale). |
 
+### Circuit Breaker
+
+The circuit breaker provides automatic failover when the primary captcha provider (Turnstile, reCAPTCHA, or hCaptcha) becomes unavailable. When enabled, it:
+
+1. **Monitors provider health**: Periodically sends HEAD requests to the provider's JavaScript file (every `periodSeconds`, default 30s)
+2. **Detects failures**: Counts consecutive health check failures
+3. **Opens circuit**: After `failureThreshold` consecutive failures (default 3), switches to proof-of-work fallback
+4. **Falls back to PoW**: Uses browser-based SHA-256 proof-of-work instead of external provider
+5. **Auto-recovery**: Automatically returns to primary provider when health checks succeed
+
+**Proof-of-Work Fallback:**
+- Requires browsers to compute SHA-256 hashes with 4 leading zeros
+- Self-contained (no external dependencies)
+- Typical solve time: <1 second
+- Progress shown to users during computation
+- Server validates solutions to prevent cheating
+
+**Configuration:**
+- Circuit breaker is **enabled by default** with `periodSeconds: 30` and `failureThreshold: 3`
+- To disable: set both `periodSeconds: 0` and `failureThreshold: 0`
+- The `pow` provider can also be used directly as the primary provider (no circuit breaker needed)
 
 ### Good Bots
 

challenge.tmpl.html

@@ -16,14 +16,37 @@ <h1>Verifying connection</h1>
             data-language="auto"
             data-retry="auto"
             interval="8000"
-            data-appearance="always">
-        </div>
+            data-appearance="always"
+            {{- if .Challenge }}
+            data-challenge="{{ .Challenge }}"
+            {{- end }}
+            {{- if .Difficulty }}
+            data-difficulty="{{ .Difficulty }}"
+            {{- end }}
+        ></div>
         <input type="hidden" name="destination" value="{{ .Destination }}">
     </form>
     <script type="text/javascript">
         function captchaCallback(token) {
+            var form = document.getElementById("captcha-form");
+            var captchaDiv = document.querySelector('[data-callback]');
+            var frontendKey = captchaDiv.className;
+
+            // Create hidden input for the token if it doesn't exist
+            var inputName = frontendKey + "-response";
+            var existingInput = form.querySelector('input[name="' + inputName + '"]');
+            if (!existingInput) {
+                var input = document.createElement("input");
+                input.type = "hidden";
+                input.name = inputName;
+                input.value = token;
+                form.appendChild(input);
+            } else {
+                existingInput.value = token;
+            }
+
             setTimeout(function() {
-                document.getElementById("captcha-form").submit();
+                form.submit();
             }, 1000);
         }
     </script>

internal/helper/pow.go

@@ -0,0 +1,171 @@
+package helper
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	// DefaultPowDifficulty is the default number of leading zeros required in the hash
+	DefaultPowDifficulty = 4
+)
+
+// GeneratePowChallenge generates a random challenge string for proof-of-work
+func GeneratePowChallenge() string {
+	// Use timestamp + random bytes for uniqueness
+	timestamp := time.Now().UnixNano()
+	randomBytes := make([]byte, 16)
+	_, _ = rand.Read(randomBytes)
+	return fmt.Sprintf("%d-%s", timestamp, hex.EncodeToString(randomBytes))
+}
+
+// VerifyPowSolution verifies that a nonce produces a valid proof-of-work for the given challenge
+func VerifyPowSolution(challenge string, nonce int, difficulty int) bool {
+	// Compute SHA-256(challenge + nonce)
+	input := challenge + strconv.Itoa(nonce)
+	hash := sha256.Sum256([]byte(input))
+	hashHex := hex.EncodeToString(hash[:])
+
+	// Check if hash has required number of leading zeros
+	target := strings.Repeat("0", difficulty)
+	return strings.HasPrefix(hashHex, target)
+}
+
+// GetPowJS returns the proof-of-work JavaScript implementation
+func GetPowJS() string {
+	return `// Proof of Work CAPTCHA
+(function() {
+    function initPoW() {
+        var captchaDiv = document.querySelector('[data-callback]');
+        if (!captchaDiv) {
+            console.error('PoW: captcha div not found');
+            return;
+        }
+
+        var callbackName = captchaDiv.getAttribute('data-callback');
+        var challenge = captchaDiv.getAttribute('data-challenge');
+        var difficulty = parseInt(captchaDiv.getAttribute('data-difficulty') || '4', 10);
+
+        if (!callbackName || !challenge) {
+            console.error('PoW: missing callback or challenge');
+            return;
+        }
+
+        var progressDiv = document.createElement('div');
+        progressDiv.id = 'pow-progress';
+        progressDiv.style.marginTop = '20px';
+        progressDiv.style.fontFamily = 'monospace';
+        progressDiv.textContent = 'Computing proof of work...';
+        captchaDiv.parentNode.insertBefore(progressDiv, captchaDiv.nextSibling);
+
+        // Create worker from function
+        var worker = createWorker(powWorker);
+
+        worker.onmessage = function(e) {
+            if (e.data.nonce !== undefined) {
+                progressDiv.textContent = 'Proof of work completed in ' + (e.data.duration / 1000).toFixed(2) + 's (tried ' + e.data.nonce + ' nonces)';
+                var token = challenge + ':' + e.data.nonce;
+                if (typeof window[callbackName] === 'function') {
+                    window[callbackName](token);
+                }
+                worker.terminate();
+            } else if (e.data.progress !== undefined) {
+                progressDiv.textContent = 'Computing proof of work... (' + e.data.progress + ' attempts, ' + (e.data.duration / 1000).toFixed(1) + 's)';
+            }
+        };
+
+        worker.onerror = function(error) {
+            console.error('PoW worker error:', error);
+            progressDiv.textContent = 'Error computing proof of work';
+        };
+
+        worker.postMessage({
+            challenge: challenge,
+            difficulty: difficulty
+        });
+    }
+
+    // Helper to create worker from function
+    function createWorker(fn) {
+        var blob = new Blob(['(' + fn.toString() + ')()'], { type: 'application/javascript' });
+        return new Worker(URL.createObjectURL(blob));
+    }
+
+    // Worker function (will be serialized and run in worker context)
+    function powWorker() {
+        self.onmessage = function(e) {
+            var challenge = e.data.challenge;
+            var difficulty = e.data.difficulty;
+            var target = "0".repeat(difficulty);
+            var nonce = 0;
+            var startTime = Date.now();
+            
+            while (true) {
+                var hash = sha256(challenge + nonce);
+                if (hash.substring(0, difficulty) === target) {
+                    self.postMessage({ nonce: nonce, hash: hash, duration: Date.now() - startTime });
+                    return;
+                }
+                nonce++;
+                if (nonce % 10000 === 0) {
+                    self.postMessage({ progress: nonce, duration: Date.now() - startTime });
+                }
+            }
+        };
+
+        function sha256(ascii) {
+            function rightRotate(value, amount) { return (value >>> amount) | (value << (32 - amount)); }
+            var mathPow = Math.pow, maxWord = mathPow(2, 32), lengthProperty = "length", i, j, result = "";
+            var words = [], asciiBitLength = ascii[lengthProperty] * 8;
+            var hash = sha256.h = sha256.h || [], k = sha256.k = sha256.k || [], primeCounter = k[lengthProperty];
+            var isComposite = {};
+            for (var candidate = 2; primeCounter < 64; candidate++) {
+                if (!isComposite[candidate]) {
+                    for (i = 0; i < 313; i += candidate) { isComposite[i] = candidate; }
+                    hash[primeCounter] = (mathPow(candidate, .5) * maxWord) | 0;
+                    k[primeCounter++] = (mathPow(candidate, 1 / 3) * maxWord) | 0;
+                }
+            }
+            ascii += "\x80";
+            while (ascii[lengthProperty] % 64 - 56) ascii += "\x00";
+            for (i = 0; i < ascii[lengthProperty]; i++) {
+                j = ascii.charCodeAt(i);
+                if (j >> 8) return;
+                words[i >> 2] |= j << ((3 - i) % 4) * 8;
+            }
+            words[words[lengthProperty]] = ((asciiBitLength / maxWord) | 0);
+            words[words[lengthProperty]] = (asciiBitLength);
+            for (j = 0; j < words[lengthProperty];) {
+                var w = words.slice(j, j += 16), oldHash = hash;
+                hash = hash.slice(0, 8);
+                for (i = 0; i < 64; i++) {
+                    var w15 = w[i - 15], w2 = w[i - 2], a = hash[0], e = hash[4];
+                    var temp1 = hash[7] + (rightRotate(e, 6) ^ rightRotate(e, 11) ^ rightRotate(e, 25)) + ((e & hash[5]) ^ ((~e) & hash[6])) + k[i] + (w[i] = (i < 16) ? w[i] : (w[i - 16] + (rightRotate(w15, 7) ^ rightRotate(w15, 18) ^ (w15 >>> 3)) + w[i - 7] + (rightRotate(w2, 17) ^ rightRotate(w2, 19) ^ (w2 >>> 10))) | 0);
+                    var temp2 = (rightRotate(a, 2) ^ rightRotate(a, 13) ^ rightRotate(a, 22)) + ((a & hash[1]) ^ (a & hash[2]) ^ (hash[1] & hash[2]));
+                    hash = [(temp1 + temp2) | 0].concat(hash);
+                    hash[4] = (hash[4] + temp1) | 0;
+                }
+                for (i = 0; i < 8; i++) { hash[i] = (hash[i] + oldHash[i]) | 0; }
+            }
+            for (i = 0; i < 8; i++) {
+                for (j = 3; j + 1; j--) {
+                    var b = (hash[i] >> (j * 8)) & 255;
+                    result += ((b < 16) ? 0 : "") + b.toString(16);
+                }
+            }
+            return result;
+        }
+    }
+
+    if (document.readyState === 'loading') {
+        document.addEventListener('DOMContentLoaded', initPoW);
+    } else {
+        initPoW();
+    }
+})();`
+}

internal/helper/pow_test.go

@@ -0,0 +1,112 @@
+package helper
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestGeneratePowChallenge(t *testing.T) {
+	challenge1 := GeneratePowChallenge()
+	challenge2 := GeneratePowChallenge()
+
+	// Challenges should be unique
+	if challenge1 == challenge2 {
+		t.Errorf("Expected unique challenges, got same: %s", challenge1)
+	}
+
+	// Challenge should contain a hyphen separator
+	if !strings.Contains(challenge1, "-") {
+		t.Errorf("Expected challenge to contain hyphen separator, got: %s", challenge1)
+	}
+
+	// Challenge should be non-empty
+	if len(challenge1) == 0 {
+		t.Error("Expected non-empty challenge")
+	}
+}
+
+func TestVerifyPowSolution(t *testing.T) {
+	tests := []struct {
+		name       string
+		challenge  string
+		nonce      int
+		difficulty int
+		want       bool
+	}{
+		{
+			name:       "Valid solution difficulty 1",
+			challenge:  "test-challenge",
+			nonce:      8, // This nonce produces a hash starting with 0 for "test-challenge8"
+			difficulty: 1,
+			want:       true,
+		},
+		{
+			name:       "Invalid solution - wrong nonce",
+			challenge:  "test-challenge",
+			nonce:      0,
+			difficulty: 4,
+			want:       false,
+		},
+		{
+			name:       "Difficulty 0 always passes",
+			challenge:  "any-challenge",
+			nonce:      123,
+			difficulty: 0,
+			want:       true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := VerifyPowSolution(tt.challenge, tt.nonce, tt.difficulty)
+			if got != tt.want {
+				t.Errorf("VerifyPowSolution() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestVerifyPowSolutionFindValid(t *testing.T) {
+	// Test that we can find a valid nonce for a given challenge
+	challenge := "test-find-valid"
+	difficulty := 2
+
+	// Try to find a valid nonce (limit search to prevent infinite loop)
+	found := false
+	for nonce := 0; nonce < 10000; nonce++ {
+		if VerifyPowSolution(challenge, nonce, difficulty) {
+			found = true
+			t.Logf("Found valid nonce %d for challenge %s with difficulty %d", nonce, challenge, difficulty)
+			break
+		}
+	}
+
+	if !found {
+		t.Errorf("Could not find valid nonce within 10000 attempts for difficulty %d", difficulty)
+	}
+}
+
+func TestGetPowJS(t *testing.T) {
+	js := GetPowJS()
+
+	// Check that JS is not empty
+	if len(js) == 0 {
+		t.Error("Expected non-empty JavaScript")
+	}
+
+	// Check that JS contains key components
+	expectedComponents := []string{
+		"data-callback",
+		"data-challenge",
+		"data-difficulty",
+		"sha256",
+		"nonce",
+		"challenge",
+	}
+
+	for _, component := range expectedComponents {
+		if !strings.Contains(js, component) {
+			t.Errorf("Expected JavaScript to contain '%s'", component)
+		}
+	}
+}