diff options
author | Scott Gould <greysilly7@gmail.com> | 2022-08-23 13:18:36 -0400 |
---|---|---|
committer | TheArcaneBrony <myrainbowdash949@gmail.com> | 2022-08-23 22:44:28 +0200 |
commit | 89ac7f2ce42387d956e85ad5c58d3f8a19598b15 (patch) | |
tree | f4740ad1f1a36f2486f33f880376181081bfca90 | |
parent | Merge branch 'dev/cherry-plugins-improvements' into staging (diff) | |
download | server-89ac7f2ce42387d956e85ad5c58d3f8a19598b15.tar.xz |
Check Captcha
-rw-r--r-- | src/api/routes/auth/login.ts | 22 | ||||
-rw-r--r-- | src/api/routes/auth/register.ts | 20 |
2 files changed, 37 insertions, 5 deletions
diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts index 5923708c..f5415a56 100644 --- a/src/api/routes/auth/login.ts +++ b/src/api/routes/auth/login.ts @@ -1,7 +1,8 @@ -import { route } from "@fosscord/api"; +import { route, getIpAdress } from "@fosscord/api"; import { adjustEmail, Config, FieldErrors, generateToken, LoginSchema, User } from "@fosscord/util"; import crypto from "crypto"; import { Request, Response, Router } from "express"; +import fetch from "node-fetch"; let bcrypt: any; try { @@ -17,12 +18,13 @@ export default router; router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Response) => { const { login, password, captcha_key, undelete } = req.body as LoginSchema; const email = adjustEmail(login); + const ip = getIpAdress(req); const config = Config.get(); if (config.login.requireCaptcha && config.security.captcha.enabled) { + const { sitekey, secret, service } = config.security.captcha; if (!captcha_key) { - const { sitekey, service } = config.security.captcha; return res.status(400).json({ captcha_key: ["captcha-required"], captcha_sitekey: sitekey, @@ -30,7 +32,21 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo }); } - // TODO: check captcha + + let captchaUrl = ""; + if (service === "recaptcha") { + captchaUrl = `https://www.google.com/recaptcha/api/siteverify=${sitekey}?secret=${secret}&response=${captcha_key}&remoteip=${ip}`; + } else if (service === "hcaptcha") { + captchaUrl = `https://hcaptcha.com/siteverify?sitekey=${sitekey}&secret=${secret}&response=${captcha_key}&remoteip=${ip}`; + } + const response: { success: boolean; "error-codes": string[] } = await (await fetch(captchaUrl, { method: "POST" })).json(); + if (!response.success) { + return res.status(400).json({ + captcha_key: response["error-codes"], + captcha_sitekey: sitekey, + captcha_service: service + }); + } } const user = await User.findOneOrFail({ diff --git a/src/api/routes/auth/register.ts b/src/api/routes/auth/register.ts index 7d0f5f57..7ff691d0 100644 --- a/src/api/routes/auth/register.ts +++ b/src/api/routes/auth/register.ts @@ -1,6 +1,7 @@ import { getIpAdress, IPAnalysis, isProxy, route } from "@fosscord/api"; import { adjustEmail, Config, FieldErrors, generateToken, HTTPError, Invite, RegisterSchema, User } from "@fosscord/util"; import { Request, Response, Router } from "express"; +import fetch from "node-fetch"; let bcrypt: any; try { @@ -44,8 +45,9 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re } if (register.requireCaptcha && security.captcha.enabled) { + const { sitekey, secret, service } = security.captcha; + if (!body.captcha_key) { - const { sitekey, service } = security.captcha; return res?.status(400).json({ captcha_key: ["captcha-required"], captcha_sitekey: sitekey, @@ -53,7 +55,21 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re }); } - // TODO: check captcha + + let captchaUrl = ""; + if (service === "recaptcha") { + captchaUrl = `https://www.google.com/recaptcha/api/siteverify=${sitekey}?secret=${secret}&response=${body.captcha_key}&remoteip=${ip}`; + } else if (service === "hcaptcha") { + captchaUrl = `https://hcaptcha.com/siteverify?sitekey=${sitekey}&secret=${secret}&response=${body.captcha_key}&remoteip=${ip}`; + } + const response: { success: boolean; "error-codes": string[] } = await (await fetch(captchaUrl, { method: "POST" })).json(); + if (!response.success) { + return res.status(400).json({ + captcha_key: response["error-codes"], + captcha_sitekey: sitekey, + captcha_service: service + }); + } } if (!register.allowMultipleAccounts) { |