Shared Responsibility 3 - Identify and Destroy the Bots

index.js

var express = require('express')
var app = express()
var bodyParser = require('body-parser')

app.set('port', (process.env.PORT ||8080));
app.use(express.static(__dirname + '/public'));
app.use(bodyParser.urlencoded({ extended: true }));

app.get('/', function(request, response) {
  response.send(dynamicCSS())
})

app.post('/login', function(request, response) {
  var botScore = 0
  if (request.body.plugins == 0) ++botScore // Empty plugins array
  if (!request.body.username) ++botScore // Clicked on decoy inputs
  if (!request.body.password) ++botScore
  if (getObjectKeyIndex(request.headers, 'host') != 0) ++botScore // Bot type header info
  if (getObjectKeyIndex(request.headers, 'accept') == 0) ++botScore
  if (getObjectKeyIndex(request.headers, 'referer') == 1) ++botScore
  if (getObjectKeyIndex(request.headers, 'origin') == 2) ++botScore
  console.log('Bot score = ' + botScore)
  if (botScore > 4) {
    console.log('Destroy Bot')
    response.send('fail')
  }
  else {
    response.send('Logged in ' + request.body.username)
  }
})

function getObjectKeyIndex(obj, keyToFind) {
  var i = 0, key;
  for (key in obj) {
    if (key == keyToFind) {
      return i;
    }
    i++;
  }
  return null;
}

function dynamicCSS(){
	var username, password
	x = ''
	if ((Math.random()*2) > 1)
		x += '<style>.btnSubmit,.password,.username{position:absolute;left:10}.username{top:50px}.password{top:80px}.btnSubmit{top:110px}</style>'
	else
		x += '<style>.btnSubmit,.password,.username{position:absolute;left:10}.username{top:80px}.password{top:110px}.btnSubmit{top:140px}</style>'
	x += '<form>'
	x += '<h1>Please Login</h1>'
	y = Math.floor((Math.random()*5)) + 2
	for (var a=0; a<y; ++a){
		username = randonString()
		password = randonString()
		x += '<input type="text" class="username" id="' + username + '" name="' + username + '" placeholder="Enter Username"></input>'
		x += '<input type="password" class="password" id="' + password + '" name="' + password + '" placeholder="Enter Password"></input>'
	  x += '<button class="btnSubmit" onclick="submitForm(' + '\'' + username + '\'' + ',' + '\'' + password + '\'' + ')" type="button">Log in</button>'
	}
	for (var a=0; a<y; ++a){
		username = randonString()
		password = randonString()
		x += '<input type="text" style="visibility:hidden;" class="username" id="' + username + '" name="' + username + '" placeholder="Enter Username"></input>'
		x += '<input type="password" style="visibility:hidden;" class="password" id="' + password + '" name="' + password + '" placeholder="Enter Password"></input>'
	  x += '<button class="btnSubmit" style="visibility:hidden;" onclick="submitForm(' + '\'' + username + '\'' + ',' + '\'' + password + '\'' + ')" type="button">Log in</button>'
	}
	x += '</form>'
  x += '<script src="https://code.jquery.com/jquery-3.1.0.min.js"></script>'
  x += '<script src="login.js"></script>'
	return x
}

function randonString(){
	chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz'.split('')
	chars.sort(function() {
	  return 0.5 - Math.random()
	})
	return chars.splice(0, 8).toString().replace(/,/g, '')
}

app.listen(app.get('port'), function() {
  console.log("Node app is running at localhost:" + app.get('port'))
})

login.js

function submitForm(username, password) {
  loginURL = 'http://54.197.212.141' + '/login'
  user = $('#' + username).val()
  pass = $('#' + password).val()
  $.post( loginURL, { 
    username: 'user',
    password: 'pass',
    plugins: navigator.plugins.length
  })
    .done(function( result ) {
      if (result == 'fail')
        while(true) location.reload(true) // Crash the Bot
      else {
        alert(result)
      }
    })
}