Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Score image captcha #1611

Open
wants to merge 52 commits into
base: staging
Choose a base branch
from
Open

Score image captcha #1611

wants to merge 52 commits into from
+24,816 −23,690

Conversation

forgetso
Copy link
Member

@forgetso forgetso commented Jan 12, 2025
edited
Loading

  • store session IDs for image captcha requests that come from frictionless
  • store frictionless token ID on pow commitments and image commitments
  • increase frictionless score when lScore, old timestamp, user access policy encountered
  • penalty increases configurable via env
  • header storing fixed on pending image commitment records
  • score passed back in verify response for Pro+
  • fix user access rule API
  • add tier to provider client records
  • fix tests to properly work with new, stricter captcha type policy
  • fix admin API auth
  • allow storing penalty scores on user access policies
Screencast.from.2025-01-19.22-53-27.mp4

TODO

  • merge pending image captcha records with main commitment record
  • store frictionless tokens externally

@forgetso forgetso marked this pull request as draft January 12, 2025 22:06
@forgetso forgetso marked this pull request as ready for review January 19, 2025 22:05
HughParry
HughParry requested changes Jan 23, 2025
View reviewed changes
packages/api-express-router/vite.test.config.ts Outdated Show resolved Hide resolved
packages/database/src/databases/provider.ts Show resolved Hide resolved
packages/database/src/databases/provider.ts Show resolved Hide resolved
packages/database/src/databases/provider.ts Show resolved Hide resolved
packages/database/src/databases/provider.ts Show resolved Hide resolved
packages/procaptcha-frictionless/src/ProcaptchaFrictionless.tsx Outdated Show resolved Hide resolved
packages/provider/src/api/captcha.ts Outdated
if (sessionId) {
const sessionRecord = await tasks.db.checkAndRemoveSession(sessionId);
if (
!sessionRecord ||
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clearer if this is a helper func (i.e. the comment isn't required if this is a call to the helper func isValidImgSession() or something)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created a base captchamanager class and a helper function called getFrictionlessTokenIdFromSession that's shared between image and frictionless managers.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added env logger to all managers

packages/provider/src/api/captcha.ts Outdated
);
} else if (
!(
clientSettings?.settings?.captchaType === CaptchaType.image ||
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

helper func with nice name > long if block

Copy link
Member Author

@forgetso forgetso Jan 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same helper now shared by image and pow

packages/provider/src/api/public.ts Outdated Show resolved Hide resolved
packages/provider/src/api/verify.ts Outdated
[ApiParams.verified]: approved,
status: req.t(verified ? "API.USER_VERIFIED" : "API.USER_NOT_VERIFIED"),
[ApiParams.verified]: verified,
...(score &&
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

const nicelyNamedCanClientSeeAScoreHelperFunc = () =>

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added to base CaptchaManager

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HughParry HughParry HughParry requested changes

@goastler goastler Awaiting requested review from goastler goastler is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@forgetso @HughParry