From 1ca5292660efb32c406c724e0678071e7791060a Mon Sep 17 00:00:00 2001
From: fatchan <tom@69420.me>
Date: Wed, 24 Apr 2019 12:20:42 +0000
Subject: [PATCH] delete used captchas

---
 db/captchas.js           | 7 +++++++
 gulp/res/css/style.css   | 2 +-
 helpers/captchaverify.js | 5 +++--
 server.js                | 2 +-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/db/captchas.js b/db/captchas.js
index f5fb82b5..84fb8af2 100644
--- a/db/captchas.js
+++ b/db/captchas.js
@@ -18,6 +18,13 @@ module.exports = {
 		});
 	},
 
+	findOneAndDelete: (id, text) => {
+		return db.findOneAndDelete({
+			'_id': id,
+			'text': text
+		});
+	},
+
 	deleteAll: () => {
 		return db.deleteMany({});
 	},
diff --git a/gulp/res/css/style.css b/gulp/res/css/style.css
index f7847fae..45e956da 100644
--- a/gulp/res/css/style.css
+++ b/gulp/res/css/style.css
@@ -416,8 +416,8 @@ input[type="file"] {
 }
 
 .captcha {
-	margin: auto;
 	margin-bottom: 1px;
+	border: 1px solid #a9a9a9;
 }
 
 .postform-label {
diff --git a/helpers/captchaverify.js b/helpers/captchaverify.js
index ed190dec..ccf0dfb8 100644
--- a/helpers/captchaverify.js
+++ b/helpers/captchaverify.js
@@ -23,17 +23,18 @@ module.exports = async (req, res, next) => {
         });
 	}
 
+
 	// try to get the captcha from the DB
 	let captcha;
 	try {
 		const captchaMongoId = Mongo.ObjectId(captchaId);
-		captcha = await Captchas.findOne(captchaMongoId);
+		captcha = await Captchas.findOneAndDelete(captchaMongoId, input);
 	} catch (err) {
 		return next(err);
 	}
 
 	//check that it exists and matches captcha in DB
-	if (!captcha || captcha.text !== input) {
+	if (!captcha || !captcha.value || captcha.value.text !== input) {
 		return res.status(403).render('message', {
             'title': 'Forbidden',
             'message': 'Incorrect captcha'
diff --git a/server.js b/server.js
index e9e16ac8..1bc79799 100644
--- a/server.js
+++ b/server.js
@@ -53,7 +53,7 @@ const express  = require('express')
 	// use pug view engine
 	app.set('view engine', 'pug');
 	app.set('views', path.join(__dirname, 'views/pages'));
-//	app.enable('view cache');
+	app.enable('view cache');
 
 	// routes
 	app.use('/forms', require(__dirname+'/controllers/forms.js'))