mirror of
https://github.com/spacebarchat/server.git
synced 2026-04-15 04:55:41 +00:00
Merge pull request #799 from MaddyUnderStars/feat/captchaVerify
Captcha verification
This commit is contained in:
TheArcaneBrony
@@ -1,7 +1,7 @@
|
||||
import { route } from "@fosscord/api";
|
||||
import { adjustEmail, Config, FieldErrors, generateToken, LoginSchema, User } from "@fosscord/util";
|
||||
import crypto from "crypto";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { route, getIpAdress, verifyCaptcha } from "@fosscord/api";
|
||||
import { Config, User, generateToken, adjustEmail, FieldErrors, LoginSchema } from "@fosscord/util";
|
||||
import crypto from "crypto";
|
||||
|
||||
let bcrypt: any;
|
||||
try {
|
||||
@@ -17,12 +17,13 @@ export default router;
|
||||
router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Response) => {
|
||||
const { login, password, captcha_key, undelete } = req.body as LoginSchema;
|
||||
const email = adjustEmail(login);
|
||||
const ip = getIpAdress(req);
|
||||
|
||||
const config = Config.get();
|
||||
|
||||
if (config.login.requireCaptcha && config.security.captcha.enabled) {
|
||||
const { sitekey, service } = config.security.captcha;
|
||||
if (!captcha_key) {
|
||||
const { sitekey, service } = config.security.captcha;
|
||||
return res.status(400).json({
|
||||
captcha_key: ["captcha-required"],
|
||||
captcha_sitekey: sitekey,
|
||||
@@ -30,7 +31,15 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
|
||||
});
|
||||
}
|
||||
|
||||
// TODO: check captcha
|
||||
const ip = getIpAdress(req);
|
||||
const verify = await verifyCaptcha(captcha_key, ip);
|
||||
if (!verify.success) {
|
||||
return res.status(400).json({
|
||||
captcha_key: verify["error-codes"],
|
||||
captcha_sitekey: sitekey,
|
||||
captcha_service: service
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
const user = await User.findOneOrFail({
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { getIpAdress, IPAnalysis, isProxy, route } from "@fosscord/api";
|
||||
import { adjustEmail, Config, FieldErrors, generateToken, HTTPError, Invite, RegisterSchema, User } from "@fosscord/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { Config, generateToken, Invite, FieldErrors, User, adjustEmail, RegisterSchema } from "@fosscord/util";
|
||||
import { route, getIpAdress, IPAnalysis, isProxy, verifyCaptcha } from "@fosscord/api";
|
||||
|
||||
let bcrypt: any;
|
||||
try {
|
||||
@@ -9,6 +9,7 @@ try {
|
||||
bcrypt = require("bcryptjs");
|
||||
console.log("Warning: using bcryptjs because bcrypt is not installed! Performance will be affected.");
|
||||
}
|
||||
import { HTTPError } from "@fosscord/util";
|
||||
|
||||
const router: Router = Router();
|
||||
|
||||
@@ -44,8 +45,8 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
|
||||
}
|
||||
|
||||
if (register.requireCaptcha && security.captcha.enabled) {
|
||||
const { sitekey, service } = security.captcha;
|
||||
if (!body.captcha_key) {
|
||||
const { sitekey, service } = security.captcha;
|
||||
return res?.status(400).json({
|
||||
captcha_key: ["captcha-required"],
|
||||
captcha_sitekey: sitekey,
|
||||
@@ -53,7 +54,14 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
|
||||
});
|
||||
}
|
||||
|
||||
// TODO: check captcha
|
||||
const verify = await verifyCaptcha(body.captcha_key, ip);
|
||||
if (!verify.success) {
|
||||
return res.status(400).json({
|
||||
captcha_key: verify["error-codes"],
|
||||
captcha_sitekey: sitekey,
|
||||
captcha_service: service
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
if (!register.allowMultipleAccounts) {
|
||||
|
||||
@@ -7,3 +7,4 @@ export * from "./utility/ipAddress";
|
||||
export * from "./utility/passwordStrength";
|
||||
export * from "./utility/RandomInviteID";
|
||||
export * from "./utility/String";
|
||||
export * from "./utility/captcha";
|
||||
46
src/api/util/utility/captcha.ts
Normal file
46
src/api/util/utility/captcha.ts
Normal file
@@ -0,0 +1,46 @@
|
||||
import { Config } from "@fosscord/util";
|
||||
import fetch from "node-fetch";
|
||||
|
||||
export interface hcaptchaResponse {
|
||||
success: boolean;
|
||||
challenge_ts: string;
|
||||
hostname: string;
|
||||
credit: boolean;
|
||||
"error-codes": string[];
|
||||
score: number; // enterprise only
|
||||
score_reason: string[]; // enterprise only
|
||||
}
|
||||
|
||||
export interface recaptchaResponse {
|
||||
success: boolean;
|
||||
score: number; // between 0 - 1
|
||||
action: string;
|
||||
challenge_ts: string;
|
||||
hostname: string;
|
||||
"error-codes"?: string[];
|
||||
}
|
||||
|
||||
const verifyEndpoints = {
|
||||
hcaptcha: "https://hcaptcha.com/siteverify",
|
||||
recaptcha: "https://www.google.com/recaptcha/api/siteverify",
|
||||
}
|
||||
|
||||
export async function verifyCaptcha(response: string, ip?: string) {
|
||||
const { security } = Config.get();
|
||||
const { service, secret, sitekey } = security.captcha;
|
||||
|
||||
if (!service) throw new Error("Cannot verify captcha without service");
|
||||
|
||||
const res = await fetch(verifyEndpoints[service], {
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/x-www-form-urlencoded",
|
||||
},
|
||||
body: `response=${encodeURIComponent(response)}`
|
||||
+ `&secret=${encodeURIComponent(secret!)}`
|
||||
+ `&sitekey=${encodeURIComponent(sitekey!)}`
|
||||
+ (ip ? `&remoteip=${encodeURIComponent(ip!)}` : ""),
|
||||
});
|
||||
|
||||
return await res.json() as hcaptchaResponse | recaptchaResponse;
|
||||
}
|
||||
Reference in New Issue
Block a user