Hcaptcha backend

2022-07-20 14:35:32 +10:00 · 2022-07-20 14:35:32 +10:00 · 8d9816879f
commit 8d9816879f
parent 3b9ffce42c
4 changed files with 49 additions and 8 deletions
--- a/api/src/routes/auth/login.ts
+++ b/api/src/routes/auth/login.ts
@ -1,5 +1,5 @@
 import { Request, Response, Router } from "express";
-import { route } from "@fosscord/api";
+import { route, getIpAdress, verifyHcaptcha } from "@fosscord/api";
 import bcrypt from "bcrypt";
 import { Config, User, generateToken, adjustEmail, FieldErrors } from "@fosscord/util";

@ -23,8 +23,8 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
 	const config = Config.get();

 	if (config.login.requireCaptcha && config.security.captcha.enabled) {
+		const { sitekey, service, secret } = config.security.captcha;
 		if (!captcha_key) {
-			const { sitekey, service } = config.security.captcha;
 			return res.status(400).json({
 				captcha_key: ["captcha-required"],
 				captcha_sitekey: sitekey,
@ -32,7 +32,15 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo
 			});
 		}

-		// TODO: check captcha
+		const ip = getIpAdress(req);
+		const verify = await verifyHcaptcha(captcha_key, ip);
+		if (!verify.success) {
+			return res.status(400).json({
+				captcha_key: verify["error-codes"],
+				captcha_sitekey: sitekey,
+				captcha_service: service
+			});
+		}
 	}

 	const user = await User.findOneOrFail({
--- a/api/src/routes/auth/register.ts
+++ b/api/src/routes/auth/register.ts
@ -1,6 +1,6 @@
 import { Request, Response, Router } from "express";
-import { Config, generateToken, Invite, FieldErrors, User, adjustEmail, trimSpecial } from "@fosscord/util";
-import { route, getIpAdress, IPAnalysis, isProxy } from "@fosscord/api";
+import { Config, generateToken, Invite, FieldErrors, User, adjustEmail } from "@fosscord/util";
+import { route, getIpAdress, IPAnalysis, isProxy, verifyHcaptcha } from "@fosscord/api";
 import "missing-native-js-functions";
 import bcrypt from "bcrypt";
 import { HTTPError } from "lambert-server";
@ -67,16 +67,23 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re
 	}

 	if (register.requireCaptcha && security.captcha.enabled) {
+		const { sitekey, service, secret } = security.captcha;
 		if (!body.captcha_key) {
-			const { sitekey, service } = security.captcha;
-			return res?.status(400).json({
+			return res.status(400).json({
 				captcha_key: ["captcha-required"],
 				captcha_sitekey: sitekey,
 				captcha_service: service
 			});
 		}

-		// TODO: check captcha
+		const verify = await verifyHcaptcha(body.captcha_key, ip);
+		if (!verify.success) {
+			return res.status(400).json({
+				captcha_key: verify["error-codes"],
+				captcha_sitekey: sitekey,
+				captcha_service: service
+			});
+		}
 	}

 	if (!register.allowMultipleAccounts) {
--- a/api/src/util/index.ts
+++ b/api/src/util/index.ts
@ -6,3 +6,4 @@ export * from "./utility/RandomInviteID";
 export * from "./handlers/route";
 export * from "./utility/String";
 export * from "./handlers/Voice";
+export * from "./utility/captcha";
--- a/api/src/util/utility/captcha.ts
+++ b/api/src/util/utility/captcha.ts
@ -0,0 +1,25 @@
+import { Config } from "@fosscord/util";
+import fetch from "node-fetch";
+
+export interface hcaptchaResponse {
+	success: boolean;
+	challenge_ts: string;
+	hostname: string;
+	credit: boolean;
+	"error-codes": string[];
+	score: number;	// enterprise only
+	score_reason: string[];	// enterprise only
+}
+
+export async function verifyHcaptcha(response: string, ip?: string) {
+	const { security } = Config.get();
+	const { secret, sitekey } = security.captcha;
+	
+	const res = await fetch("https://hcaptcha.com/siteverify", {
+		method: "POST",
+		body: `response=${response}&secret=${secret}&remoteip=${ip}&sitekey=${sitekey}`,
+	})
+
+	const json = await res.json() as hcaptchaResponse;
+	return json;
+}