// server.js const express=require('express');const {v4:uuidv4}=require('uuid');const {createWorker,PSM}=require('tesseract.js');const genericPool=require('generic-pool');const sharp=require('sharp'); const crypto = require('crypto'); // Для AES дешифрования const app=express();const port=process.env.PORT||7860;app.use(express.json({limit:'5mb'})); const cs={};const CEX=5*60*1000;const OCS="ACEFHJKMNPRTUVWXY23469";const OCL=6; const WCC=[{n:"r",rgb:[1,0,0]},{n:"g",rgb:[0,1,0]},{n:"b",rgb:[0,0,1]},{n:"y",rgb:[1,1,0]}]; // --- AES-GCM Дешифрование --- const AES_KEY_STRING = "ThisIsMySuperSecretKeyForAES128"; // ТОТ ЖЕ КЛЮЧ, ЧТО И НА КЛИЕНТЕ (16 байт для AES-128) const AES_KEY_BUFFER = Buffer.from(AES_KEY_STRING.slice(0, 16), 'utf-8'); // Используем первые 16 байт const AES_ALGORITHM = 'aes-128-gcm'; const IV_LENGTH = 12; // 96 bits const AUTH_TAG_LENGTH = 16; // GCM auth tag function decryptData(encryptedBase64) { try { const combinedBuffer = Buffer.from(encryptedBase64, 'base64'); const iv = combinedBuffer.subarray(0, IV_LENGTH); const ciphertextWithTag = combinedBuffer.subarray(IV_LENGTH); const ciphertext = ciphertextWithTag.subarray(0, ciphertextWithTag.length - AUTH_TAG_LENGTH); const authTag = ciphertextWithTag.subarray(ciphertextWithTag.length - AUTH_TAG_LENGTH); const decipher = crypto.createDecipheriv(AES_ALGORITHM, AES_KEY_BUFFER, iv); decipher.setAuthTag(authTag); let decrypted = decipher.update(ciphertext, null, 'utf8'); // null для inputEncoding, если ciphertext это Buffer decrypted += decipher.final('utf8'); return JSON.parse(decrypted); } catch (e) { console.error("AES Decrypt Error:", e.message.slice(0,100)); return null; } } // --- Конец AES-GCM Дешифрования --- const TPL=4;let tp=null;let pDO=false; const fac={create:async()=>{const w=await createWorker('eng',1,{cachePath:'/tmp/.tesscache',cacheMethod:'fs'});await w.setParameters({tessedit_char_whitelist:OCS,tessedit_pageseg_mode:PSM.SINGLE_WORD});return w;},destroy:async(w)=>{await w.terminate();}}; const pO={min:TPL,max:TPL,acquireTimeoutMillis:7000}; async function iTP(){try{tp=genericPool.createPool(fac,pO);console.log(`Pool(s:${TPL})OK`);const ws=await Promise.all(Array(TPL).fill(null).map(()=>tp.acquire()));ws.forEach(w=>tp.release(w));console.log(`${TPL}wOK`);}catch(e){console.error("PoolInitFail:",e);process.exit(1);}}iTP(); async function pIFOCR(b){try{return await sharp(b).grayscale().normalize().sharpen({sigma:0.5,m1:0,m2:3,x1:0,y2:3,y3:3}).toBuffer();}catch(e){console.warn("PreProcFail:",e.message.slice(0,50));return b;}} async function rWPW(b,h){if(!tp){console.error("PoolNA!");return null;}let w=null;try{w=await tp.acquire();const pB=await pIFOCR(b);const{data:{text}}=await w.recognize(pB);return text.trim().replace(new RegExp(`[^${OCS}]`,'g'),'');}catch(e){console.error(`OCR ${h} Err:`,e.message.slice(0,50));return null;}finally{if(w)await tp.release(w);}} async function pSO(d){if(!d||!d.startsWith('data:image/png;base64,'))return{fT:null,aL:[]};const bD=d.replace(/^data:image\/png;base64,/,"");const iB=Buffer.from(bD,'base64');let rs=[];let aL=[];if(!pDO&&tp&&tp.available>=2){pDO=true;try{const[r1,r2]=await Promise.all([rWPW(iB,"D1"),rWPW(iB,"D2")]);rs.push(r1,r2);aL.push({t:"D1",x:r1},{t:"D2",x:r2});}catch(e){console.error("DualOCRErr:",e);}finally{pDO=false;}}else if(tp&&tp.available>=1){try{const rS=await rWPW(iB,"S1");rs.push(rS);aL.push({t:"S1",x:rS});}catch(e){console.error("SingleOCRErr:",e);}}else{console.warn("NoWForOCR");aL.push({t:"N",x:null,r:"NoW"});}const vR=rs.filter(t=>t!==null&&t!=="");const fT=vR.length>0?vR[0]:null;console.log(`OCRLog: ${aL.map(a=>`${a.t}:${a.x||'-'}`).join('; ')}. Fin:"${fT||'-'}"`);return{fT,aL};} function ld(a,b){if(!a&&!b)return 0;if(!a)return b.length;if(!b)return a.length;const m=[];for(let i=0;i<=b.length;i++)m[i]=[i];for(let j=0;j<=a.length;j++)m[0][j]=j;for(let i=1;i<=b.length;i++){for(let j=1;j<=a.length;j++){if(b.charAt(i-1)===a.charAt(j-1))m[i][j]=m[i-1][j-1];else m[i][j]=Math.min(m[i-1][j-1]+1,Math.min(m[i][j-1]+1,m[i-1][j]+1));}}return m[b.length][a.length];} app.use((req,res,next)=>{res.header('Access-Control-Allow-Origin','*');res.header('Access-Control-Allow-Headers','Origin,X-Requested-With,Content-Type,Accept');res.header('Access-Control-Allow-Methods','GET,POST,OPTIONS');if(req.method==='OPTIONS')return res.sendStatus(200);next();}); app.get('/api/challenge',(req,res)=>{const sT=uuidv4();let oCT="";for(let i=0;i { const p=req.body; let sc=0; const stgs=[]; let mF=false; const sT=p.sT; const oCDU=p.oCDU; const decData = p.eD ? decryptData(p.eD) : null; // Используем AES дешифрование let s0P=false; if(decData){s0P=true;sc+=10;}else{mF=true;stgs.push({n:"E0(Dec)",p:false,pts:-100}); /* Добавил лог для этапа 0 */} if(s0P) stgs.push({n:"E0(Dec)",p:s0P,pts:10}); // Логируем успех если есть const wR=decData?.wgl; const nI=decData?.nav; const pT=decData?.perf; const aV=decData?.aut; let sV=false; let sD=null; let s1P=false; if(!mF){if(!sT||!cs[sT]||cs[sT].usd||Date.now()>cs[sT].exp){mF=true;}else{sD=cs[sT];sV=true;s1P=true;sc+=30;}} stgs.push({n:"E1(Ses)",p:s1P,pts:s1P?30:(mF&&!s0P?0:-100)}); let oP=false; let oPts=0; if(!mF){ if(!oCDU||!oCDU.startsWith('data:image/png;base64,')||oCDU.length<150){oPts=-80;mF=true;} else{const oRes=await pSO(oCDU); const rT=oRes.fT; const eT=sD.eOT; if(rT!==null){const dist=ld(rT,eT);if(dist<=1){oP=true;oPts=40+(dist===0?5:0);}else{oPts=-80;mF=true;}} else{oPts=-70;mF=true;}} if(!oP&&!mF){if(Math.random()<0.10){oP=true;oPts=5;stgs.push({n:"E2(OCR)",p:true,pts:oPts,note:"RND"});}else{mF=true;if(!stgs.find(s=>s.n==="E2(OCR)"))stgs.push({n:"E2(OCR)",p:false,pts:oPts});}} if(oP&&!stgs.find(s=>s.n==="E2(OCR)")){stgs.push({n:"E2(OCR)",p:true,pts:oPts});} else if(!oP&&!stgs.find(s=>s.n==="E2(OCR)")){stgs.push({n:"E2(OCR)",p:false,pts:oPts});} sc+=oPts; }else{stgs.push({n:"E2(OCR)",p:false,pts:0});} let wglP=false; let wglPts=0; if(sV&&wR){const eR=sD.eWCR;const eP=[Math.round(eR[0]*255),Math.round(eR[1]*255),Math.round(eR[2]*255)]; if(wR.px&&wR.px.length>=3){const cP=wR.px.slice(0,3);if(cP.every((v,i)=>Math.abs(v-eP[i])<=8)){wglP=true;wglPts=70;}else{wglPts=-10;}}else{wglPts=-5;} const rdr=wR.rdr?.toLowerCase()||"";if(rdr.includes("swiftshader")||rdr.includes("llvmpipe")){wglPts-=20;wglP=false;}}else if(wR?.err){wglPts=-5;} sc+=wglPts;stgs.push({n:"E3(WebGL)",p:wglP,pts:wglPts}); let navP=true; let navPts=0; if(nI){if(nI.wd===true){navPts-=30;navP=false;}if(!nI.ua||nI.ua===""){navPts-=10;navP=false;}else if(nI.ua.toLowerCase().includes("bot")||nI.ua.toLowerCase().includes("headless")){if(!nI.ua.toLowerCase().includes("headlesschrome")){navPts-=20;navP=false;}}}else{navPts-=5;navP=false;} sc+=navPts;stgs.push({n:"E4(Nav)",p:navP,pts:navPts}); let perfP=true; let perfPts=0; if(pT&&sV){const{dct,ocrt,wrt}=pT;if(typeof dct==='number'&&dct<10){perfPts-=10;perfP=false;}if(typeof ocrt==='number'&&ocrt<3&&oCDU){perfPts-=10;perfP=false;}if(typeof wrt==='number'&&wrt<3&&wR?.px){perfPts-=10;perfP=false;}}else if(!pT){perfPts-=3;perfP=false;} sc+=perfPts;stgs.push({n:"E5(Perf)",p:perfP,pts:perfPts}); let autoP=true; let autoPts=0; if(aV&&Object.keys(aV).length>0){autoPts-=40;autoP=false;}else{autoPts+=5;} sc+=autoPts;stgs.push({n:"E6(Auto)",p:autoP,pts:autoPts}); sc=Math.max(0,Math.min(sc,150)); let vT=""; if(mF){vT="Блок (Критический провал)";} else{const pCM=oP||wglP; const sCM=navP||perfP||autoP; if(pCM&&sCM){vT="Разрешено";if(sD)sD.usd=true;} else{vT="Блокировать (Не пройдены условия)";}} console.log(`[${new Date().toISOString().slice(0,19).replace('T',' ')}] Chk: T=${sT||'N/A'},S=${sc},V=${vT},IP=${req.ip},MF=${mF},OCR=${oP},WebGL=${wglP},Nav=${navP},Perf=${perfP},Auto=${autoP}`); res.json({vT,fS:sc,cS:stgs}); }); setInterval(()=>{const n=Date.now();for(const t in cs){if(cs[t].expCEX*2))){delete cs[t];}}},60000); async function shutdown(){console.log("Shutdown...");if(tp){console.log("Draining pool...");await tp.drain().then(()=>tp.clear()).then(()=>console.log("Pool cleared.")).catch(e=>console.error("Pool drain err:",e));}process.exit(0);} process.on('SIGTERM',shutdown);process.on('SIGINT',shutdown); app.listen(port,()=>{console.log(`AES Encrypted API on ${port}`);});