mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	hCaptcha Support (#12594)
* Initial work on hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Use module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Format Signed-off-by: jolheiser <john.olheiser@gmail.com> * At least return and debug log a captcha error Signed-off-by: jolheiser <john.olheiser@gmail.com> * Pass context to hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * Finish hcaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update example config Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply error fix for recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Change recaptcha ChallengeTS to string Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
		| @@ -5,12 +5,13 @@ | ||||
| package recaptcha | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"encoding/json" | ||||
| 	"fmt" | ||||
| 	"io/ioutil" | ||||
| 	"net/http" | ||||
| 	"net/url" | ||||
| 	"time" | ||||
| 	"strings" | ||||
|  | ||||
| 	"code.gitea.io/gitea/modules/setting" | ||||
| 	"code.gitea.io/gitea/modules/util" | ||||
| @@ -18,18 +19,29 @@ import ( | ||||
|  | ||||
| // Response is the structure of JSON returned from API | ||||
| type Response struct { | ||||
| 	Success     bool      `json:"success"` | ||||
| 	ChallengeTS time.Time `json:"challenge_ts"` | ||||
| 	Hostname    string    `json:"hostname"` | ||||
| 	ErrorCodes  []string  `json:"error-codes"` | ||||
| 	Success     bool        `json:"success"` | ||||
| 	ChallengeTS string      `json:"challenge_ts"` | ||||
| 	Hostname    string      `json:"hostname"` | ||||
| 	ErrorCodes  []ErrorCode `json:"error-codes"` | ||||
| } | ||||
|  | ||||
| const apiURL = "api/siteverify" | ||||
|  | ||||
| // Verify calls Google Recaptcha API to verify token | ||||
| func Verify(response string) (bool, error) { | ||||
| 	resp, err := http.PostForm(util.URLJoin(setting.Service.RecaptchaURL, apiURL), | ||||
| 		url.Values{"secret": {setting.Service.RecaptchaSecret}, "response": {response}}) | ||||
| func Verify(ctx context.Context, response string) (bool, error) { | ||||
| 	post := url.Values{ | ||||
| 		"secret":   {setting.Service.RecaptchaSecret}, | ||||
| 		"response": {response}, | ||||
| 	} | ||||
| 	// Basically a copy of http.PostForm, but with a context | ||||
| 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, | ||||
| 		util.URLJoin(setting.Service.RecaptchaURL, apiURL), strings.NewReader(post.Encode())) | ||||
| 	if err != nil { | ||||
| 		return false, fmt.Errorf("Failed to create CAPTCHA request: %v", err) | ||||
| 	} | ||||
| 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded") | ||||
|  | ||||
| 	resp, err := http.DefaultClient.Do(req) | ||||
| 	if err != nil { | ||||
| 		return false, fmt.Errorf("Failed to send CAPTCHA response: %s", err) | ||||
| 	} | ||||
| @@ -43,6 +55,36 @@ func Verify(response string) (bool, error) { | ||||
| 	if err != nil { | ||||
| 		return false, fmt.Errorf("Failed to parse CAPTCHA response: %s", err) | ||||
| 	} | ||||
|  | ||||
| 	return jsonResponse.Success, nil | ||||
| 	var respErr error | ||||
| 	if len(jsonResponse.ErrorCodes) > 0 { | ||||
| 		respErr = jsonResponse.ErrorCodes[0] | ||||
| 	} | ||||
| 	return jsonResponse.Success, respErr | ||||
| } | ||||
|  | ||||
| // ErrorCode is a reCaptcha error | ||||
| type ErrorCode string | ||||
|  | ||||
| // String fulfills the Stringer interface | ||||
| func (e ErrorCode) String() string { | ||||
| 	switch e { | ||||
| 	case "missing-input-secret": | ||||
| 		return "The secret parameter is missing." | ||||
| 	case "invalid-input-secret": | ||||
| 		return "The secret parameter is invalid or malformed." | ||||
| 	case "missing-input-response": | ||||
| 		return "The response parameter is missing." | ||||
| 	case "invalid-input-response": | ||||
| 		return "The response parameter is invalid or malformed." | ||||
| 	case "bad-request": | ||||
| 		return "The request is invalid or malformed." | ||||
| 	case "timeout-or-duplicate": | ||||
| 		return "The response is no longer valid: either is too old or has been used previously." | ||||
| 	} | ||||
| 	return string(e) | ||||
| } | ||||
|  | ||||
| // Error fulfills the error interface | ||||
| func (e ErrorCode) Error() string { | ||||
| 	return e.String() | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user