Re-challenge when difficulty increases across requests

[compilade]

#365 removed the checks on the claims of the cookie because of problems caused by legitimate clients using different IP addresses (which seems reasonable).

But this also makes page-specific difficulties less meaningful since if there's a page with an "easy" difficulty, then accessing that page first before more difficult pages would bypass the harder difficulty.

I think some form of check should be re-introduced to handle when there's an increase of difficulty in the challenge that would be given if the client didn't have a cookie.

Possible implementation

The difficulty can be extracted from the claimed challenge by counting the leading zero bits or nibbles of the sha256sum of the concatenation of the claimed challenge and nonce (assuming that is true for all algorithms, which might not be anymore with #240), or simply directly use the response claim, and then re-challenging when the required difficulty is higher.

Or the difficulty could be explicitly added to the claims (which are trusted anyway since #365), and this would not depend on how the challenge is validated.

Both approaches would also gracefully handle decreases of required difficulty (since a higher-difficulty cookie will still be accepted for a lower-difficulty request) when the algorithm is the same.

Not sure how to handle difficulties across algorithms, though.

[SlyEcho]

One could just rotate the token key to invalidate all previous cookies?

[Ventriduct]

I had a problem with challenges occurring every time I change between pages with different rules. I made a patch that fixes that by accepting a previously passed challenge if the new algorithm and difficulty are equal to or less than the previous values.

It works for now, but it will need to compare the algorithms without hardcoded "fast" and "slow" strings now that there are more algorithms being added in #240.

I'm not sure if removing the check for different policyRule values makes sense in all scenarios, maybe that check should be configurable.

I made this patch against the main branch (currently 76fa3e0).

diff --unified --text --recursive anubis.orig/lib/anubis.go anubis.new/lib/anubis.go
--- anubis.orig/lib/anubis.go	2025-06-04 22:26:35.392806936 -0400
+++ anubis.new/lib/anubis.go	2025-06-04 22:26:48.961218235 -0400
@@ -171,16 +171,34 @@
 		return
 	}
 
-	policyRule, ok := claims["policyRule"].(string)
+	algorithm, ok := claims["method"].(string)
 	if !ok {
-		lg.Debug("policyRule claim is not a string")
+		lg.Debug("method claim is not a string")
 		s.ClearCookie(w, s.cookieName, cookiePath)
 		s.RenderIndex(w, r, rule, httpStatusOnly)
 		return
 	}
 
-	if policyRule != rule.Hash() {
-		lg.Debug("user originally passed with a different rule, issuing new challenge", "old", policyRule, "new", rule.Name)
+	if algorithm == "fast" && rule.Challenge.Algorithm != "fast" {
+		lg.Debug("user originally passed with a faster algorithm, issuing new challenge", "old", algorithm, "new", rule.Challenge.Algorithm)
+		s.ClearCookie(w, s.cookieName, cookiePath)
+		s.RenderIndex(w, r, rule, httpStatusOnly)
+		return
+	}
+
+	difficulty := -1
+	difficultyF64, ok := claims["difficulty"].(float64)
+	if ok {
+		difficulty = int(difficultyF64)
+	} else {
+		lg.Debug("difficulty claim is not float64", "difficulty", claims["difficulty"])
+		s.ClearCookie(w, s.cookieName, cookiePath)
+		s.RenderIndex(w, r, rule, httpStatusOnly)
+		return
+	}
+
+	if difficulty < rule.Challenge.Difficulty {
+		lg.Debug("user originally passed with a lesser difficulty, issuing new challenge", "old", difficulty, "new", rule.Challenge.Difficulty)
 		s.ClearCookie(w, s.cookieName, cookiePath)
 		s.RenderIndex(w, r, rule, httpStatusOnly)
 		return
@@ -384,7 +402,7 @@
 	tokenString, err := s.signJWT(jwt.MapClaims{
 		"challenge":  challengeStr,
 		"method":     rule.Challenge.Algorithm,
-		"policyRule": rule.Hash(),
+		"difficulty": rule.Challenge.Difficulty,
 		"action":     string(cr.Rule),
 	})
 	if err != nil {