From 43516755e2d96940cf0a4d454d2d914e738a3cc2 Mon Sep 17 00:00:00 2001 From: Benjamin Okkema Date: Sun, 6 Oct 2024 21:55:38 -0500 Subject: [PATCH] feat: verify captcha --- metadata.md | 65 ------------------------------------------ src/env.d.ts | 2 ++ src/pages/message.ts | 27 ++++++++++++++++-- terraform/main.tf | 1 + terraform/variables.tf | 3 ++ 5 files changed, 30 insertions(+), 68 deletions(-) delete mode 100644 metadata.md diff --git a/metadata.md b/metadata.md deleted file mode 100644 index 7093fd5..0000000 --- a/metadata.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -author: - name: Benjamin Okkema - email: ben@okkma.org - username: cptchloroplast -description: Benjamin Okkema's Homepage -repo: https://github.com/cptchloroplast/blog -navigation: -- text: Posts - href: /posts -- text: Tags - href: /tags -- text: The Bike Shed - href: /bikes -- text: Projects - children: - - text: Rayün Handmade - href: https://rayunhandmade.com - external: true - - text: Crank Tools - href: https://crank.tools - exernal: true - - text: Notebooks - href: https://public.notes.okkema.org - exernal: true -- text: Contact - href: /contact -- text: RSS - href: /rss.xml - icon: rss -profile: - bio: - - icon: lab - text: Console Cowboy @ - link: - href: https://okkema.org - text: Okkema Labs - - icon: wrench - text: Guerrilla Bicycle Mechanic - - icon: leaf - text: Amateur Botanist - - icon: space - text: Astronomy Enthusiast - - icon: family - text: Husband and Father - contact: - - title: "@cptchloroplast" - icon: github - href: https://github.com/cptchloroplast - - title: Benjamin Okkema - icon: linkedin - href: https://www.linkedin.com/in/benokkema - - title: "@cptchloroplast" - icon: twitter - href: https://twitter.com/cptchloroplast - - title: Benjamin Okkema - icon: strava - href: https://www.strava.com/athletes/8782282 - - title: ben@okkema.org - icon: mail - href: mailto:ben@okkema.org - - title: "@me@ben.okkema.org" - icon: activitypub - href: https://ben.okkema.org/activity ---- \ No newline at end of file diff --git a/src/env.d.ts b/src/env.d.ts index 5808ce2..739677b 100644 --- a/src/env.d.ts +++ b/src/env.d.ts @@ -19,6 +19,8 @@ export type Environment = { OAUTH_TENANT: string EMAIL_OAUTH_AUDIENCE: string EMAIL_OAUTH_SCOPE: string + HCAPTCHA_SECRET: string + HCAPTCHA_SITEKEY: string } type Runtime = import("@astrojs/cloudflare").Runtime diff --git a/src/pages/message.ts b/src/pages/message.ts index ad3d06c..45e7655 100644 --- a/src/pages/message.ts +++ b/src/pages/message.ts @@ -3,12 +3,33 @@ import { json } from "@utils" export async function POST(context: APIContext) { const data = await context.request.json() - if (!data["h-captcha-response"]) return json({ + const token = data["h-captcha-response"] + if (!token) return json({ ok: false, - message: "No robots allowed!" + message: "You skipped the captcha..." }) - // Do h-captcha verification + const response = await fetch("https://api.hcaptcha.com/siteverify", { + method: "POST", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + }, + body: new URLSearchParams({ + response: token, + secret: context.locals.runtime.env.HCAPTCHA_SECRET, + sitekey: context.locals.runtime.env.HCAPTCHA_SITEKEY, + }) + }) + const body = await response.json<{ + success: boolean + challenge_ts: string + hostname: string + "error-codes": string[] + }>() + if (!body.success) return json({ + ok: false, + message: "No robots allowed!" + }) return json({ ok: true, diff --git a/terraform/main.tf b/terraform/main.tf index 5857372..b47d011 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -46,6 +46,7 @@ module "page" { production_secrets = { RSA_PRIVATE_KEY = var.RSA_PRIVATE_KEY OAUTH_CLIENT_SECRET = module.client.client_secret + HCAPTCHA_SECRET = var.HCAPTCHA_SECRET } production_buckets = { diff --git a/terraform/variables.tf b/terraform/variables.tf index 68fb3d4..b28d70c 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -6,6 +6,9 @@ variable "pages_hostname" {} # Environment Variables variable "HCAPTCHA_SITEKEY" {} +variable "HCAPTCHA_SECRET" { + sensitive = true +} variable "RSA_PUBLIC_KEY" {} variable "RSA_PRIVATE_KEY" { sensitive = true