logikonline
12f4ea03a8
Some checks failed
Build and Release / Create Release (push) Successful in 0s
Trigger Vault Plugin Rebuild / Trigger Vault Rebuild (push) Successful in 0s
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 2m48s
Build and Release / Lint (push) Failing after 5m2s
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, darwin, linux-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Build and Release / Build Binaries (arm64, darwin, linux-latest) (push) Has been skipped
Build and Release / Build Binaries (arm64, linux, linux-latest) (push) Has been skipped
Build and Release / Unit Tests (push) Successful in 5m37s
Go's semantic import versioning requires v2+ modules to include the major version in the module path. This enables using proper version tags (v3.x.x) instead of pseudo-versions. Updated module path: code.gitcaddy.com/server/v3
91 lines
2.5 KiB
Go
91 lines
2.5 KiB
Go
// Copyright 2018 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package recaptcha
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"code.gitcaddy.com/server/v3/modules/json"
|
|
"code.gitcaddy.com/server/v3/modules/setting"
|
|
"code.gitcaddy.com/server/v3/modules/util"
|
|
)
|
|
|
|
// Response is the structure of JSON returned from API
|
|
type Response struct {
|
|
Success bool `json:"success"`
|
|
ChallengeTS string `json:"challenge_ts"`
|
|
Hostname string `json:"hostname"`
|
|
ErrorCodes []ErrorCode `json:"error-codes"`
|
|
}
|
|
|
|
const apiURL = "api/siteverify"
|
|
|
|
// Verify calls Google Recaptcha API to verify token
|
|
func Verify(ctx context.Context, response string) (bool, error) {
|
|
post := url.Values{
|
|
"secret": {setting.Service.RecaptchaSecret},
|
|
"response": {response},
|
|
}
|
|
// Basically a copy of http.PostForm, but with a context
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost,
|
|
util.URLJoin(setting.Service.RecaptchaURL, apiURL), strings.NewReader(post.Encode()))
|
|
if err != nil {
|
|
return false, fmt.Errorf("Failed to create CAPTCHA request: %w", err)
|
|
}
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
|
if err != nil {
|
|
return false, fmt.Errorf("Failed to send CAPTCHA response: %s", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
body, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return false, fmt.Errorf("Failed to read CAPTCHA response: %s", err)
|
|
}
|
|
|
|
var jsonResponse Response
|
|
err = json.Unmarshal(body, &jsonResponse)
|
|
if err != nil {
|
|
return false, fmt.Errorf("Failed to parse CAPTCHA response: %s", err)
|
|
}
|
|
var respErr error
|
|
if len(jsonResponse.ErrorCodes) > 0 {
|
|
respErr = jsonResponse.ErrorCodes[0]
|
|
}
|
|
return jsonResponse.Success, respErr
|
|
}
|
|
|
|
// ErrorCode is a reCaptcha error
|
|
type ErrorCode string
|
|
|
|
// String fulfills the Stringer interface
|
|
func (e ErrorCode) String() string {
|
|
switch e {
|
|
case "missing-input-secret":
|
|
return "The secret parameter is missing."
|
|
case "invalid-input-secret":
|
|
return "The secret parameter is invalid or malformed."
|
|
case "missing-input-response":
|
|
return "The response parameter is missing."
|
|
case "invalid-input-response":
|
|
return "The response parameter is invalid or malformed."
|
|
case "bad-request":
|
|
return "The request is invalid or malformed."
|
|
case "timeout-or-duplicate":
|
|
return "The response is no longer valid: either is too old or has been used previously."
|
|
}
|
|
return string(e)
|
|
}
|
|
|
|
// Error fulfills the error interface
|
|
func (e ErrorCode) Error() string {
|
|
return e.String()
|
|
}
|