The test environment doesn't have OpenResty libraries, so we need
to provide mock implementations for testing.
Created:
- tests/mock_resty_sha256.lua: Uses system sha256sum command to
compute SHA-256 hashes. Mimics the resty.sha256 API (new,
update, final).
- tests/mock_resty_string.lua: Implements to_hex() to convert
binary strings to hexadecimal.
Updated test.lua to preload these mocks so that when the module
or tests require 'resty.sha256' or 'resty.string', they get our
mock implementations instead.
This allows the PoW verification tests to run and actually verify
the SHA-256 proof-of-work.
Added debug logging to see what's happening with cookie header
parsing in the failing token validation tests. This will help
identify whether:
- ngx.req.get_headers() is returning the expected headers
- The Cookie header is being found (case sensitivity check)
- The token is being extracted correctly
- The token is found in the shared dict
Also added ngx log level constants (DEBUG, INFO, WARN, ERR) to
the test framework since the module uses them.
Implements a Cloudflare-style "Under Attack" mode that protects against
DDoS attacks, scraping, and automated bots.
Features:
- Challenge-response system requiring human interaction
- Honeypot link that automatically bans IPs of bots that click it
- Cookie-based token system for validated users (24h default)
- Temporary IP banning (1h default)
- Comprehensive test suite
The module intercepts requests before they hit the backend, reducing
computational cost from scraping and DDoS attempts. It's particularly
effective against simple scrapers and volumetric attacks.
Files added:
- scripts/ddos_protection_challenge.lua - Main module implementation
- tests/ddos_protection_challenge.lua - Comprehensive test suite
- scripts/ddos_protection_challenge.README.md - Full documentation
- conf.example.ddos_protection.lua - Example configuration
- test.lua - Added test import
