diff --git a/api/src/routes/auth/login.ts b/api/src/routes/auth/login.ts
index f5a76393..4b18e67d 100644
--- a/api/src/routes/auth/login.ts
+++ b/api/src/routes/auth/login.ts
@@ -1,5 +1,5 @@
import { Request, Response, Router } from "express";
-import { route, getIpAdress, verifyHcaptcha } from "@fosscord/api";
+import { route, getIpAdress, verifyCaptcha } from "@fosscord/api";
import bcrypt from "bcrypt";
import { Config, User, generateToken, adjustEmail, FieldErrors } from "@fosscord/util";
@@ -23,7 +23,7 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
const config = Config.get();
if (config.login.requireCaptcha && config.security.captcha.enabled) {
- const { sitekey, service, secret } = config.security.captcha;
+ const { sitekey, service } = config.security.captcha;
if (!captcha_key) {
return res.status(400).json({
captcha_key: ["captcha-required"],
@@ -33,7 +33,7 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
}
const ip = getIpAdress(req);
- const verify = await verifyHcaptcha(captcha_key, ip);
+ const verify = await verifyCaptcha(captcha_key, ip);
if (!verify.success) {
return res.status(400).json({
captcha_key: verify["error-codes"],
diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts
index dd5aae84..f74d0d63 100644
--- a/api/src/routes/auth/register.ts
+++ b/api/src/routes/auth/register.ts
@@ -1,6 +1,6 @@
import { Request, Response, Router } from "express";
import { Config, generateToken, Invite, FieldErrors, User, adjustEmail } from "@fosscord/util";
-import { route, getIpAdress, IPAnalysis, isProxy, verifyHcaptcha } from "@fosscord/api";
+import { route, getIpAdress, IPAnalysis, isProxy, verifyCaptcha } from "@fosscord/api";
import "missing-native-js-functions";
import bcrypt from "bcrypt";
import { HTTPError } from "lambert-server";
@@ -67,16 +67,16 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
}
if (register.requireCaptcha && security.captcha.enabled) {
- const { sitekey, service, secret } = security.captcha;
+ const { sitekey, service } = security.captcha;
if (!body.captcha_key) {
- return res.status(400).json({
+ return res?.status(400).json({
captcha_key: ["captcha-required"],
captcha_sitekey: sitekey,
captcha_service: service
});
}
- const verify = await verifyHcaptcha(body.captcha_key, ip);
+ const verify = await verifyCaptcha(body.captcha_key, ip);
if (!verify.success) {
return res.status(400).json({
captcha_key: verify["error-codes"],
diff --git a/api/src/util/utility/captcha.ts b/api/src/util/utility/captcha.ts
index ba380d7a..016861fa 100644
--- a/api/src/util/utility/captcha.ts
+++ b/api/src/util/utility/captcha.ts
@@ -11,18 +11,36 @@ export interface hcaptchaResponse {
score_reason: string[]; // enterprise only
}
-export async function verifyHcaptcha(response: string, ip?: string) {
+export interface recaptchaResponse {
+ success: boolean;
+ score: number; // between 0 - 1
+ action: string;
+ challenge_ts: string;
+ hostname: string;
+ "error-codes"?: string[];
+}
+
+const verifyEndpoints = {
+ hcaptcha: "https://hcaptcha.com/siteverify",
+ recaptcha: "https://www.google.com/recaptcha/api/siteverify",
+}
+
+export async function verifyCaptcha(response: string, ip?: string) {
const { security } = Config.get();
- const { secret, sitekey } = security.captcha;
-
- const res = await fetch("https://hcaptcha.com/siteverify", {
+ const { service, secret, sitekey } = security.captcha;
+
+ if (!service) throw new Error("Cannot verify captcha without service");
+
+ const res = await fetch(verifyEndpoints[service], {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
- body: `response=${response}&secret=${secret}&remoteip=${ip}&sitekey=${sitekey}`,
+ body: `response=${encodeURIComponent(response)}`
+ + `&secret=${encodeURIComponent(secret!)}`
+ + `&sitekey=${encodeURIComponent(sitekey!)}`
+ + ip ? `&remoteip=${encodeURIComponent(ip!)}` : "",
})
- const json = await res.json() as hcaptchaResponse;
- return json;
+ return await res.json() as hcaptchaResponse | recaptchaResponse;
}
\ No newline at end of file
|
