diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index 5923708c..68b2656a 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -1,7 +1,7 @@
-import { route } from "@fosscord/api";
-import { adjustEmail, Config, FieldErrors, generateToken, LoginSchema, User } from "@fosscord/util";
-import crypto from "crypto";
import { Request, Response, Router } from "express";
+import { route, getIpAdress, verifyCaptcha } from "@fosscord/api";
+import { Config, User, generateToken, adjustEmail, FieldErrors, LoginSchema } from "@fosscord/util";
+import crypto from "crypto";
let bcrypt: any;
try {
@@ -17,12 +17,13 @@ export default router;
router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Response) => {
const { login, password, captcha_key, undelete } = req.body as LoginSchema;
const email = adjustEmail(login);
+ const ip = getIpAdress(req);
const config = Config.get();
if (config.login.requireCaptcha && config.security.captcha.enabled) {
+ const { sitekey, service } = config.security.captcha;
if (!captcha_key) {
- const { sitekey, service } = config.security.captcha;
return res.status(400).json({
captcha_key: ["captcha-required"],
captcha_sitekey: sitekey,
@@ -30,7 +31,15 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
});
}
- // TODO: check captcha
+ const ip = getIpAdress(req);
+ const verify = await verifyCaptcha(captcha_key, ip);
+ if (!verify.success) {
+ return res.status(400).json({
+ captcha_key: verify["error-codes"],
+ captcha_sitekey: sitekey,
+ captcha_service: service
+ })
+ }
}
const user = await User.findOneOrFail({
diff --git a/src/api/routes/auth/register.ts b/src/api/routes/auth/register.ts
index 7d0f5f57..d3b5a59c 100644
--- a/src/api/routes/auth/register.ts
+++ b/src/api/routes/auth/register.ts
@@ -1,6 +1,6 @@
-import { getIpAdress, IPAnalysis, isProxy, route } from "@fosscord/api";
-import { adjustEmail, Config, FieldErrors, generateToken, HTTPError, Invite, RegisterSchema, User } from "@fosscord/util";
import { Request, Response, Router } from "express";
+import { Config, generateToken, Invite, FieldErrors, User, adjustEmail, RegisterSchema } from "@fosscord/util";
+import { route, getIpAdress, IPAnalysis, isProxy, verifyCaptcha } from "@fosscord/api";
let bcrypt: any;
try {
@@ -9,6 +9,7 @@ try {
bcrypt = require("bcryptjs");
console.log("Warning: using bcryptjs because bcrypt is not installed! Performance will be affected.");
}
+import { HTTPError } from "@fosscord/util";
const router: Router = Router();
@@ -44,8 +45,8 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
}
if (register.requireCaptcha && security.captcha.enabled) {
+ const { sitekey, service } = security.captcha;
if (!body.captcha_key) {
- const { sitekey, service } = security.captcha;
return res?.status(400).json({
captcha_key: ["captcha-required"],
captcha_sitekey: sitekey,
@@ -53,7 +54,14 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
});
}
- // TODO: check captcha
+ const verify = await verifyCaptcha(body.captcha_key, ip);
+ if (!verify.success) {
+ return res.status(400).json({
+ captcha_key: verify["error-codes"],
+ captcha_sitekey: sitekey,
+ captcha_service: service
+ })
+ }
}
if (!register.allowMultipleAccounts) {
|
