Skip to content

Commit

Permalink
implement auth checks for captcha and drop count limiting
Browse files Browse the repository at this point in the history
  • Loading branch information
@dallen4
dallen4 committed Oct 8, 2023
1 parent e0deb87 commit a410f35
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 7 deletions.
29 changes: 23 additions & 6 deletions web/molecules/steps/SecretInputCard.tsx
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import React, { useRef, useState } from 'react';
import React, { useEffect, useRef, useState } from 'react';
import {
Text,
PasswordInput,
Expand All @@ -7,13 +7,16 @@ import {
JsonInput,
SegmentedControl,
Group,
useMantineTheme,
Box,
} from '@mantine/core';
import StepCard from './StepCard';
import { useDropContext } from 'contexts/DropContext';
import type { PayloadInputMode } from '@shared/types/common';
import { Captcha } from 'atoms/Captcha';
import { ACCEPTED_FILE_TYPES, MAX_PAYLOAD_SIZE } from '@shared/config/files';
import { CONFIRM_PAYLOAD_BTN_ID } from 'lib/constants';
import { useUser } from '@auth0/nextjs-auth0/client';

export const SecretInputCard = () => {
const [mode, setMode] = useState<PayloadInputMode>('text');
Expand All @@ -22,12 +25,20 @@ export const SecretInputCard = () => {
const [canConfirm, setCanConfirm] = useState(
process.env.NODE_ENV === 'development',
);
const { user } = useUser();

const textRef = useRef<HTMLInputElement>(null);
const jsonRef = useRef<HTMLTextAreaElement>(null);

const theme = useMantineTheme();

const { setPayload } = useDropContext();

useEffect(() => {
if (user) setCanConfirm(true);
else setCanConfirm(false);
}, [user]);

const isValidJson = (input: string) => {
try {
JSON.parse(input);
Expand Down Expand Up @@ -62,7 +73,7 @@ export const SecretInputCard = () => {
};

return (
<StepCard title={'waiting for secrets'}>
<StepCard title={'add your secret'}>
<SegmentedControl
value={mode}
onChange={(newMode) => setMode(newMode as PayloadInputMode)}
Expand All @@ -80,6 +91,7 @@ export const SecretInputCard = () => {
value: 'file',
},
]}
style={{ marginTop: theme.spacing.sm, marginBottom: theme.spacing.sm }}
/>
{mode === 'text' ? (
<PasswordInput
Expand Down Expand Up @@ -118,14 +130,19 @@ export const SecretInputCard = () => {
) : (
<Text>Invalid Payload Mode</Text>
)}
<Captcha
onSuccess={() => setCanConfirm(true)}
onExpire={() => setCanConfirm(false)}
/>
{!false && (
<Box style={{ marginTop: theme.spacing.lg }}>
<Captcha
onSuccess={() => setCanConfirm(true)}
onExpire={() => setCanConfirm(false)}
/>
</Box>
)}
<Button
id={CONFIRM_PAYLOAD_BTN_ID}
onClick={confirmPayload}
disabled={!canConfirm || !isValid}
style={{ marginTop: theme.spacing.md }}
>
Confirm Payload
</Button>
Expand Down
5 changes: 4 additions & 1 deletion web/pages/api/drop.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,13 @@ import { createDrop } from 'api/drops';
import { DISABLE_CAPTCHA_COOKIE } from '@config/cookies';
import { cors } from 'api/middleware/cors';
import { runMiddleware } from 'api/middleware';
import { getSession } from '@auth0/nextjs-auth0';

export default async function drop(req: NextApiRequest, res: NextApiResponse) {
await runMiddleware(req, res, cors);

const session = await getSession(req, res);

if (!['POST', 'GET', 'DELETE'].includes(req.method!)) {
res.setHeader('Allow', 'POST,GET,DELETE');
res.status(405).end('Method Not Allowed');
Expand All @@ -36,7 +39,7 @@ export default async function drop(req: NextApiRequest, res: NextApiResponse) {
} else if (req.method === 'POST') {
const userIpAddr = getClientIp(req);

const canDrop = req.cookies[DISABLE_CAPTCHA_COOKIE]
const canDrop = req.cookies[DISABLE_CAPTCHA_COOKIE] || !!session
? true
: await checkAndIncrementDropCount(userIpAddr!);

Expand Down

0 comments on commit a410f35

Please sign in to comment.