Hcaptcha backend

1 files changed, 12 insertions, 5 deletions

diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts
index 126f3dbc..dd5aae84 100644
--- a/api/src/routes/auth/register.ts
+++ b/api/src/routes/auth/register.ts
@@ -1,6 +1,6 @@
 import { Request, Response, Router } from "express";
-import { Config, generateToken, Invite, FieldErrors, User, adjustEmail, trimSpecial } from "@fosscord/util";
-import { route, getIpAdress, IPAnalysis, isProxy } from "@fosscord/api";
+import { Config, generateToken, Invite, FieldErrors, User, adjustEmail } from "@fosscord/util";
+import { route, getIpAdress, IPAnalysis, isProxy, verifyHcaptcha } from "@fosscord/api";
 import "missing-native-js-functions";
 import bcrypt from "bcrypt";
 import { HTTPError } from "lambert-server";
@@ -67,16 +67,23 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
 	}
 
 	if (register.requireCaptcha && security.captcha.enabled) {
+		const { sitekey, service, secret } = security.captcha;
 		if (!body.captcha_key) {
-			const { sitekey, service } = security.captcha;
-			return res?.status(400).json({
+			return res.status(400).json({
 				captcha_key: ["captcha-required"],
 				captcha_sitekey: sitekey,
 				captcha_service: service
 			});
 		}
 
-		// TODO: check captcha
+		const verify = await verifyHcaptcha(body.captcha_key, ip);
+		if (!verify.success) {
+			return res.status(400).json({
+				captcha_key: verify["error-codes"],
+				captcha_sitekey: sitekey,
+				captcha_service: service
+			});
+		}
 	}
 
 	if (!register.allowMultipleAccounts) {