initial commit
This commit is contained in:
Hampus Kraft
83
fluxer_api/src/infrastructure/CaptchaService.ts
Normal file
83
fluxer_api/src/infrastructure/CaptchaService.ts
Normal file
@@ -0,0 +1,83 @@
|
||||
/*
|
||||
* Copyright (C) 2026 Fluxer Contributors
|
||||
*
|
||||
* This file is part of Fluxer.
|
||||
*
|
||||
* Fluxer is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Fluxer is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import {Config} from '~/Config';
|
||||
import {FLUXER_USER_AGENT} from '~/Constants';
|
||||
import type {ICaptchaService, VerifyCaptchaParams} from '~/infrastructure/ICaptchaService';
|
||||
import {Logger} from '~/Logger';
|
||||
|
||||
interface HCaptchaVerifyResponse {
|
||||
success: boolean;
|
||||
challenge_ts?: string;
|
||||
hostname?: string;
|
||||
credit?: boolean;
|
||||
'error-codes'?: Array<string>;
|
||||
score?: number;
|
||||
score_reason?: Array<string>;
|
||||
}
|
||||
|
||||
export class CaptchaService implements ICaptchaService {
|
||||
private readonly secretKey: string;
|
||||
private readonly verifyUrl = 'https://api.hcaptcha.com/siteverify';
|
||||
|
||||
constructor() {
|
||||
if (!Config.captcha.hcaptcha?.secretKey) {
|
||||
throw new Error('HCAPTCHA_SECRET_KEY is required when CAPTCHA_ENABLED is true');
|
||||
}
|
||||
this.secretKey = Config.captcha.hcaptcha.secretKey;
|
||||
}
|
||||
|
||||
async verify({token, remoteIp}: VerifyCaptchaParams): Promise<boolean> {
|
||||
try {
|
||||
const params = new URLSearchParams();
|
||||
params.append('secret', this.secretKey);
|
||||
params.append('response', token);
|
||||
if (remoteIp) {
|
||||
params.append('remoteip', remoteIp);
|
||||
}
|
||||
|
||||
const response = await fetch(this.verifyUrl, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'User-Agent': FLUXER_USER_AGENT,
|
||||
},
|
||||
body: params.toString(),
|
||||
});
|
||||
|
||||
if (!response.ok) {
|
||||
Logger.error({status: response.status}, 'hCaptcha verify request failed');
|
||||
return false;
|
||||
}
|
||||
|
||||
const data = (await response.json()) as HCaptchaVerifyResponse;
|
||||
|
||||
if (!data.success) {
|
||||
Logger.warn({errorCodes: data['error-codes']}, 'hCaptcha verification failed');
|
||||
return false;
|
||||
}
|
||||
|
||||
Logger.debug({hostname: data.hostname}, 'hCaptcha verification successful');
|
||||
return true;
|
||||
} catch (error) {
|
||||
Logger.error({error}, 'Error verifying hCaptcha token');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user