|
@@ -8,6 +8,7 @@ import { ENV } from "src/utils/environment";
|
|
export interface VerifyInfo {
|
|
export interface VerifyInfo {
|
|
captchaSitekey: string;
|
|
captchaSitekey: string;
|
|
userVerified: boolean;
|
|
userVerified: boolean;
|
|
|
|
+ needsCaptcha: boolean;
|
|
}
|
|
}
|
|
|
|
|
|
export interface VerifyRequest {
|
|
export interface VerifyRequest {
|
|
@@ -40,20 +41,13 @@ export const get = async (req: ExpressRequest, res: ExpressResponse): GetResult
|
|
return res.json({
|
|
return res.json({
|
|
captchaSitekey: ENV.HCAPTCHA_SITEKEY,
|
|
captchaSitekey: ENV.HCAPTCHA_SITEKEY,
|
|
userVerified: verified,
|
|
userVerified: verified,
|
|
|
|
+ needsCaptcha: ENV.HCAPTCHA_ENABLED === "TRUE",
|
|
});
|
|
});
|
|
};
|
|
};
|
|
|
|
|
|
type PostResult = Promise<ExpressResponse<Option<unknown, { error: string }>>>;
|
|
type PostResult = Promise<ExpressResponse<Option<unknown, { error: string }>>>;
|
|
export const post = async (req: ExpressRequest, res: ExpressResponse): PostResult => {
|
|
export const post = async (req: ExpressRequest, res: ExpressResponse): PostResult => {
|
|
- const hasToken = (body: unknown):
|
|
|
|
- body is VerifyRequest => body instanceof Object
|
|
|
|
- && (body as VerifyRequest).captchaResponse !== undefined;
|
|
|
|
- if (!hasToken(req.body)) {
|
|
|
|
- return res.json({
|
|
|
|
- ok: false,
|
|
|
|
- error: "No user token provided, please try again",
|
|
|
|
- });
|
|
|
|
- }
|
|
|
|
|
|
+ const needVerify = ENV.HCAPTCHA_ENABLED === "TRUE";
|
|
|
|
|
|
if (!req.session?.userId) {
|
|
if (!req.session?.userId) {
|
|
return res.json({
|
|
return res.json({
|
|
@@ -62,32 +56,44 @@ export const post = async (req: ExpressRequest, res: ExpressResponse): PostResul
|
|
});
|
|
});
|
|
}
|
|
}
|
|
|
|
|
|
- const response = await tryDo(got<HCaptchaResponse>(VERIFY_URL, {
|
|
|
|
- method: "post",
|
|
|
|
- responseType: "json",
|
|
|
|
- form: {
|
|
|
|
- secret: ENV.HCAPTCHA_SECRET,
|
|
|
|
- response: req.body.captchaResponse,
|
|
|
|
- },
|
|
|
|
- }));
|
|
|
|
|
|
+ if (needVerify) {
|
|
|
|
+ const hasToken = (body: unknown):
|
|
|
|
+ body is VerifyRequest => body instanceof Object
|
|
|
|
+ && (body as VerifyRequest).captchaResponse !== undefined;
|
|
|
|
+ if (needVerify && !hasToken(req.body)) {
|
|
|
|
+ return res.json({
|
|
|
|
+ ok: false,
|
|
|
|
+ error: "No user token provided, please try again",
|
|
|
|
+ });
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ const response = await tryDo(got<HCaptchaResponse>(VERIFY_URL, {
|
|
|
|
+ method: "post",
|
|
|
|
+ responseType: "json",
|
|
|
|
+ form: {
|
|
|
|
+ secret: ENV.HCAPTCHA_SECRET,
|
|
|
|
+ response: req.body.captchaResponse,
|
|
|
|
+ },
|
|
|
|
+ }));
|
|
|
|
|
|
- if (!response.ok) {
|
|
|
|
- logger.error("Failed to hCaptcha user %s: %s", req.session.userId, response.error);
|
|
|
|
- return res.json({
|
|
|
|
- ok: false,
|
|
|
|
- error: "Failed to verify hCaptcha response. Please try again.",
|
|
|
|
- });
|
|
|
|
- }
|
|
|
|
|
|
+ if (!response.ok) {
|
|
|
|
+ logger.error("Failed to hCaptcha user %s: %s", req.session.userId, response.error);
|
|
|
|
+ return res.json({
|
|
|
|
+ ok: false,
|
|
|
|
+ error: "Failed to verify hCaptcha response. Please try again.",
|
|
|
|
+ });
|
|
|
|
+ }
|
|
|
|
|
|
- const captchaResponse = response.result.body;
|
|
|
|
|
|
+ const captchaResponse = response.result.body;
|
|
|
|
|
|
- if (!captchaResponse.success) {
|
|
|
|
- const errors = captchaResponse["error-codes"] ?? [];
|
|
|
|
- logger.error("Failed hCaptcha verify on user %s. Got errors: %s", req.session.userId, errors.join(";"));
|
|
|
|
- return res.json({
|
|
|
|
- ok: false,
|
|
|
|
- error: "Failed to verify hCaptcha response. Please try again.",
|
|
|
|
- });
|
|
|
|
|
|
+ if (!captchaResponse.success) {
|
|
|
|
+ const errors = captchaResponse["error-codes"] ?? [];
|
|
|
|
+ logger.error("Failed hCaptcha verify on user %s. Got errors: %s", req.session.userId, errors.join(";"));
|
|
|
|
+ return res.json({
|
|
|
|
+ ok: false,
|
|
|
|
+ error: "Failed to verify hCaptcha response. Please try again.",
|
|
|
|
+ });
|
|
|
|
+ }
|
|
}
|
|
}
|
|
|
|
|
|
const verifyResponse = await rpcClient.verifyUser({ userId: req.session.userId });
|
|
const verifyResponse = await rpcClient.verifyUser({ userId: req.session.userId });
|