fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
jschan - Anonymous imageboard software. Classic look, modern features and feel. Works without JavaScript and supports Tor, I2P, Lokinet, etc.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2837 Commits
5 Branches
69 Tags
54 MiB
 
 
 
 
 
Tag: Branch: Tree: ad0c83c4be
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ad0c83c4be'
${ noResults }
jschan/lib/captcha/captcha.js

108 lines
3.0 KiB
Raw Blame History

'use strict';
const { Captchas } = require(__dirname+'/../../db/')
, { ObjectId } = require(__dirname+'/../../db/db.js')
, config = require(__dirname+'/../misc/config.js')
, { hcaptcha, google } = require(__dirname+'/../../configs/secrets.js')
, FormData = require('form-data')
, fetch = require('node-fetch')
, { timingSafeEqual } = require('crypto');
module.exports = async (captchaInput, captchaId) => {
if (process.env.NO_CAPTCHA) {
return true;
}
const { captchaOptions } = config.get;
//check if captcha field in form is valid
if (!captchaInput
|| (captchaInput.length !== 6 && !captchaOptions.type === 'text')) {
throw 'Incorrect captcha answer';
}
//make sure they have captcha cookie and its 24 chars
if ((captchaOptions.type !== 'google' && captchaOptions.type !== 'hcaptcha')
&& (!captchaId || captchaId.length !== 24)) {
throw 'Captcha expired';
}
captchaInput = Array.isArray(captchaInput) ? captchaInput : [captchaInput];
switch (captchaOptions.type) {
case 'grid':
case 'grid2': { //grid captcha
const gridCaptchaMongoId = ObjectId(captchaId);
const normalisedAnswer = new Array(captchaOptions.grid.size**2).fill(false);
captchaInput.forEach(num => {
normalisedAnswer[+num] = true;
});
let gridCaptcha = await Captchas.findOneAndDelete(gridCaptchaMongoId, normalisedAnswer);
if (!gridCaptcha || !gridCaptcha.value
|| !timingSafeEqual(
Buffer.from(gridCaptcha.value.answer.join(',')),
Buffer.from(normalisedAnswer.join(','))
)
) {
throw 'Incorrect captcha answer';
}
break;
}
case 'text': { //text captcha
const textCaptchaMongoId = ObjectId(captchaId);
let textCaptcha = await Captchas.findOneAndDelete(textCaptchaMongoId, captchaInput[0]);
if (!textCaptcha || !textCaptcha.value
|| !timingSafeEqual(
Buffer.from(textCaptcha.value.answer),
Buffer.from(captchaInput[0])
)
) {
throw 'Incorrect captcha answer';
}
break;
}
case 'google': { //google captcha
let recaptchaResponse;
try {
const form = new FormData();
form.append('secret', google.secretKey);
form.append('response', captchaInput[0]);
recaptchaResponse = await fetch('https://www.google.com/recaptcha/api/siteverify', {
method: 'POST',
body: form,
}).then(res => res.json());
} catch (e) {
throw 'Captcha error occurred';
}
if (!recaptchaResponse || !recaptchaResponse.success) {
throw 'Incorrect captcha answer';
}
break;
}
case 'hcaptcha': {
let hcaptchaResponse;
try {
const form = new FormData();
form.append('secret', hcaptcha.secretKey);
form.append('sitekey', hcaptcha.siteKey);
form.append('response', captchaInput[0]);
hcaptchaResponse = await fetch('https://hcaptcha.com/siteverify', {
method: 'POST',
body: form,
}).then(res => res.json());
} catch (e) {
throw 'Captcha error occurred';
}
if (!hcaptchaResponse || !hcaptchaResponse.success) {
throw 'Incorrect captcha answer';
}
break;
}
default:
throw 'Captcha config error';
}
return true;
};