diff options
| author | simponic <simponic@hatecomputers.club> | 2024-04-06 15:43:18 -0400 |
|---|---|---|
| committer | simponic <simponic@hatecomputers.club> | 2024-04-06 15:43:18 -0400 |
| commit | 83cc6267fd5ce2f61200314424c5f400f65ff2ba (patch) | |
| tree | eafb35310236a15572cbb6e16ff8d6f181bfe240 /api/hcaptcha/hcaptcha.go | |
| parent | 569d2788ebfb90774faf361f62bfe7968e091465 (diff) | |
| parent | cad8e2c4ed5e3bab61ff243f8677f8a46eaeafb0 (diff) | |
| download | hatecomputers.club-83cc6267fd5ce2f61200314424c5f400f65ff2ba.tar.gz hatecomputers.club-83cc6267fd5ce2f61200314424c5f400f65ff2ba.zip | |
Merge pull request 'testing | dont be recursive for external domains | finalize oauth' (#5) from dont-be-authoritative into main
Reviewed-on: https://git.hatecomputers.club/hatecomputers/hatecomputers.club/pulls/5
Diffstat (limited to 'api/hcaptcha/hcaptcha.go')
| -rw-r--r-- | api/hcaptcha/hcaptcha.go | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/api/hcaptcha/hcaptcha.go b/api/hcaptcha/hcaptcha.go new file mode 100644 index 0000000..007190d --- /dev/null +++ b/api/hcaptcha/hcaptcha.go @@ -0,0 +1,75 @@ +package hcaptcha + +import ( + "encoding/json" + "fmt" + "net/http" + "strings" + + "git.hatecomputers.club/hatecomputers/hatecomputers.club/api/types" +) + +type HcaptchaArgs struct { + SiteKey string +} + +func verifyCaptcha(secret, response string) error { + verifyURL := "https://hcaptcha.com/siteverify" + body := strings.NewReader("secret=" + secret + "&response=" + response) + + req, err := http.NewRequest("POST", verifyURL, body) + if err != nil { + return err + } + + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + + jsonResponse := struct { + Success bool `json:"success"` + }{} + err = json.NewDecoder(resp.Body).Decode(&jsonResponse) + if err != nil { + return err + } + + if !jsonResponse.Success { + return fmt.Errorf("hcaptcha verification failed") + } + + defer resp.Body.Close() + return nil +} + +func CaptchaArgsContinuation(context *types.RequestContext, req *http.Request, resp http.ResponseWriter) types.ContinuationChain { + return func(success types.Continuation, failure types.Continuation) types.ContinuationChain { + (*context.TemplateData)["HcaptchaArgs"] = HcaptchaArgs{ + SiteKey: context.Args.HcaptchaSiteKey, + } + return success(context, req, resp) + } +} + +func CaptchaVerificationContinuation(context *types.RequestContext, req *http.Request, resp http.ResponseWriter) types.ContinuationChain { + return func(success types.Continuation, failure types.Continuation) types.ContinuationChain { + hCaptchaResponse := req.FormValue("h-captcha-response") + secretKey := context.Args.HcaptchaSecret + + err := verifyCaptcha(secretKey, hCaptchaResponse) + if err != nil { + (*context.TemplateData)["FormError"] = types.FormError{ + Errors: []string{"hCaptcha verification failed"}, + } + resp.WriteHeader(http.StatusBadRequest) + + return failure(context, req, resp) + } + + return success(context, req, resp) + } +} |