Add reCAPTCHA support (closes Union-Chat#8)

cyyynthia · Oct 13, 2018 · 929ba5f · 929ba5f
1 parent 35b53c6
commit 929ba5f
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 1 deletion.
diff --git a/Configuration.json.example b/Configuration.json.example
@@ -13,6 +13,11 @@
     "rules": {
         "messageCharacterLimit": 1000,
         "usernameCharacterLimit": 15,
+        "serverCharacterLimit": 15,
         "maxServersPerUser": 5
+    },
+    "recaptcha (Remove this entirely if you don't want to setup it)": {
+        "key": "...",
+        "secret": "..."
     }
 }
diff --git a/package.json b/package.json
@@ -19,6 +19,7 @@
     "body-parser": "^1.18.3",
     "express": "^4.16.3",
     "flakeid": "git+https://github.com/Devoxin/FlakeId.git",
+    "node-fetch": "^2.2.0",
     "rethinkdbdash": "^2.3.31",
     "shortid": "^2.2.12",
     "ws": "^6.0.0"

diff --git a/src/api_v2/core.js b/src/api_v2/core.js
@@ -9,6 +9,10 @@ export function info (req, res) {
     apiVersion: 2,
     websocket: config.ws.port,
     voice: config.voicews.port,
-    appSettings: config.rules
+    appSettings: config.rules,
+    recaptcha: {
+      enabled: !!config.recaptcha,
+      key: config.recaptcha ? config.recaptcha.key : null
+    }
   })
 }
diff --git a/src/api_v2/users.js b/src/api_v2/users.js
@@ -1,9 +1,35 @@
 import config from '../../Configuration'
+
+import fetch from 'node-fetch'
 import { createUser } from '../DatabaseHandler'
 
 export async function create (req, res) {
   const { username, password } = req.body
 
+  if (config.recaptcha && process.env.NODE_ENV !== 'test') {
+    console.log(config.recaptcha)
+    const gRecaptchaResponse = req.body['g-recaptcha-response']
+    if (!gRecaptchaResponse) {
+      return res.status(400).json({ error: 'reCAPTCHA is missing' })
+    }
+
+    const response = await (await fetch('https://www.google.com/recaptcha/api/siteverify', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        secret: config.recaptcha.secret,
+        response: gRecaptchaResponse,
+        remoteip: req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'] || req.connection.remoteAddress
+      })
+    })).json()
+
+    if (!response.success) {
+      return res.status(400).json({ error: 'reCAPTCHA check failed' })
+    }
+  }
+
   // Validate data
   if (!username || username.trim().length === 0) {
     return res.status(400).json({ error: 'Username cannot be empty' })

diff --git a/yarn.lock b/yarn.lock
@@ -2890,6 +2890,11 @@ nise@^1.4.5:
     path-to-regexp "^1.7.0"
     text-encoding "^0.6.4"
 
+node-fetch@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.2.0.tgz#4ee79bde909262f9775f731e3656d0db55ced5b5"
+  integrity sha512-OayFWziIxiHY8bCUyLX6sTpDH8Jsbp4FfYd1j1f7vZyfgkcOnAyM4oQR16f8a0s7Gl/viMGRey8eScYk4V4EZA==
+
 node-mocks-http@^1.7.2:
   version "1.7.2"
   resolved "https://registry.yarnpkg.com/node-mocks-http/-/node-mocks-http-1.7.2.tgz#d4a22e61c29a1e8a0345f55f61e4b0ff94afc40b"