Merge branch 'feat/captchaVerify' into slowcord

4 files changed, 37 insertions, 19 deletions

diff --git a/api/package.json b/api/package.json
index 29fa82a1..1bb49261 100644
--- a/api/package.json
+++ b/api/package.json
@@ -5,14 +5,14 @@
 	"main": "dist/index.js",
 	"types": "src/index.ts",
 	"scripts": {
-		"test:only": "jest --coverage --verbose --forceExit ./tests",
-		"test:routes": "jest --coverage --verbose --forceExit ./routes.test.ts",
+		"test:only": "npx jest --coverage --verbose --forceExit ./tests",
+		"test:routes": "npx jest --coverage --verbose --forceExit ./routes.test.ts",
 		"test": "npm run build && npm run test:only",
-		"test:watch": "jest --watch",
+		"test:watch": "npx jest --watch",
 		"start": "npm run build && node dist/start",
 		"build": "npx tsc -p .",
-		"dev": "tsnd --respawn src/start.ts",
-		"patch": "ts-patch install -s && npx patch-package",
+		"dev": "npx tsnd --respawn src/start.ts",
+		"patch": "npx ts-patch install -s && npx patch-package",
 		"postinstall": "npm run patch",
 		"generate:docs": "node scripts/generate_openapi",
 		"generate:schema": "node scripts/generate_schema"
diff --git a/api/src/routes/auth/login.ts b/api/src/routes/auth/login.ts
index f5a76393..4b18e67d 100644
--- a/api/src/routes/auth/login.ts
+++ b/api/src/routes/auth/login.ts
@@ -1,5 +1,5 @@
 import { Request, Response, Router } from "express";
-import { route, getIpAdress, verifyHcaptcha } from "@fosscord/api";
+import { route, getIpAdress, verifyCaptcha } from "@fosscord/api";
 import bcrypt from "bcrypt";
 import { Config, User, generateToken, adjustEmail, FieldErrors } from "@fosscord/util";
 
@@ -23,7 +23,7 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
 	const config = Config.get();
 
 	if (config.login.requireCaptcha && config.security.captcha.enabled) {
-		const { sitekey, service, secret } = config.security.captcha;
+		const { sitekey, service } = config.security.captcha;
 		if (!captcha_key) {
 			return res.status(400).json({
 				captcha_key: ["captcha-required"],
@@ -33,7 +33,7 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
 		}
 
 		const ip = getIpAdress(req);
-		const verify = await verifyHcaptcha(captcha_key, ip);
+		const verify = await verifyCaptcha(captcha_key, ip);
 		if (!verify.success) {
 			return res.status(400).json({
 				captcha_key: verify["error-codes"],
diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts
index dd5aae84..f74d0d63 100644
--- a/api/src/routes/auth/register.ts
+++ b/api/src/routes/auth/register.ts
@@ -1,6 +1,6 @@
 import { Request, Response, Router } from "express";
 import { Config, generateToken, Invite, FieldErrors, User, adjustEmail } from "@fosscord/util";
-import { route, getIpAdress, IPAnalysis, isProxy, verifyHcaptcha } from "@fosscord/api";
+import { route, getIpAdress, IPAnalysis, isProxy, verifyCaptcha } from "@fosscord/api";
 import "missing-native-js-functions";
 import bcrypt from "bcrypt";
 import { HTTPError } from "lambert-server";
@@ -67,16 +67,16 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
 	}
 
 	if (register.requireCaptcha && security.captcha.enabled) {
-		const { sitekey, service, secret } = security.captcha;
+		const { sitekey, service } = security.captcha;
 		if (!body.captcha_key) {
-			return res.status(400).json({
+			return res?.status(400).json({
 				captcha_key: ["captcha-required"],
 				captcha_sitekey: sitekey,
 				captcha_service: service
 			});
 		}
 
-		const verify = await verifyHcaptcha(body.captcha_key, ip);
+		const verify = await verifyCaptcha(body.captcha_key, ip);
 		if (!verify.success) {
 			return res.status(400).json({
 				captcha_key: verify["error-codes"],
diff --git a/api/src/util/utility/captcha.ts b/api/src/util/utility/captcha.ts
index ba380d7a..016861fa 100644
--- a/api/src/util/utility/captcha.ts
+++ b/api/src/util/utility/captcha.ts
@@ -11,18 +11,36 @@ export interface hcaptchaResponse {
 	score_reason: string[];	// enterprise only
 }
 
-export async function verifyHcaptcha(response: string, ip?: string) {
+export interface recaptchaResponse {
+	success: boolean;
+	score: number; // between 0 - 1
+	action: string;
+	challenge_ts: string;
+	hostname: string;
+	"error-codes"?: string[];
+}
+
+const verifyEndpoints = {
+	hcaptcha: "https://hcaptcha.com/siteverify",
+	recaptcha: "https://www.google.com/recaptcha/api/siteverify",
+}
+
+export async function verifyCaptcha(response: string, ip?: string) {
 	const { security } = Config.get();
-	const { secret, sitekey } = security.captcha;
-	
-	const res = await fetch("https://hcaptcha.com/siteverify", {
+	const { service, secret, sitekey } = security.captcha;
+
+	if (!service) throw new Error("Cannot verify captcha without service");
+
+	const res = await fetch(verifyEndpoints[service], {
 		method: "POST",
 		headers: {
 			"Content-Type": "application/x-www-form-urlencoded",
 		},
-		body: `response=${response}&secret=${secret}&remoteip=${ip}&sitekey=${sitekey}`,
+		body: `response=${encodeURIComponent(response)}`
+			+ `&secret=${encodeURIComponent(secret!)}`
+			+ `&sitekey=${encodeURIComponent(sitekey!)}`
+			+ ip ? `&remoteip=${encodeURIComponent(ip!)}` : "",
 	})
 
-	const json = await res.json() as hcaptchaResponse;
-	return json;
+	return await res.json() as hcaptchaResponse | recaptchaResponse;
 }
\ No newline at end of file