Verify captcha via API

Author: paulsimonandrews

server/plugins/logging.js

@@ -17,7 +17,6 @@ export default {
       '/public/js/locationMap.js',
       '/public/js/site.min.js',
       '/public/js/site.compat.min.js',
-      '/public/js/locationMap.js',
       '/public/govuk-frontend.min.js',
       '/public/images/favicon.svg',
       '/public/images/favicon.ico',

server/routes/smell/find-address.js

@@ -1,10 +1,14 @@
 import constants from '../../utils/constants.js'
 import { getErrorSummary } from '../../utils/helpers.js'
 import config from '../../utils/config.js'
+import { post as postRequest } from '../../utils/util.js'
 
 const postcodeRegExp = /^([A-Za-z][A-Ha-hJ-Yj-y]?\d[A-Za-z0-9]? ?\d[A-Za-z]{2}|[Gg][Ii][Rr] ?0[Aa]{2})$/ // https://stackoverflow.com/a/51885364
 const captchaSiteKey = config.captchaSiteKey
 
+// Put these somewhere more sensible
+const captchaVerifyUrl = 'https://global.frcapi.com/api/v2/captcha/siteverify'
+
 const handlers = {
   get: async (request, h) => {
     const counterVal = request.yar.get(constants.redisKeys.COUNTER)
@@ -20,6 +24,37 @@ const handlers = {
     })
   },
   post: async (request, h) => {
+    console.log('---CAPTCHA---')
+    const captchaResponse = request.payload['frc-captcha-response']
+    let captchaSuccess = true // FIXME this needed as the else in the following if, find a nicer way
+
+    if (captchaResponse) {
+      console.log(`Captcha response: ${captchaResponse}`)
+      console.log('Verifying response with external API ...')
+
+      const captchaVerifyResponse = await postRequest(
+        captchaVerifyUrl,
+        {
+          headers: {
+            'X-API-Key': config.captchaApiKey,
+            'Content-Type': 'application/json',
+            Accept: 'application/json'
+          },
+          payload: {
+            response: captchaResponse,
+            sitekey: config.captchaSiteKey
+          },
+          json: true
+        }
+      )
+
+      captchaSuccess = captchaVerifyResponse.success
+      console.log(`Success: ${captchaVerifyResponse.success}`)
+    } else {
+      console.log('No response from Captcha, ignoring')
+    }
+    console.log('---END CAPTCHA---')
+
     let { buildingDetails, postcode } = request.payload
 
     // cleanse postcode for special characters https://design-system.service.gov.uk/patterns/addresses/#allow-different-postcode-formats
@@ -28,7 +63,7 @@ const handlers = {
     }
 
     // validate payload
-    const errorSummary = validatePayload(buildingDetails, postcode)
+    const errorSummary = validatePayload(buildingDetails, postcode, captchaSuccess)
     if (errorSummary.errorList.length > 0) {
       return h.view(constants.views.SMELL_FIND_ADDRESS, {
         errorSummary,
@@ -42,7 +77,9 @@ const handlers = {
     request.yar.set(constants.redisKeys.COUNTER, counterVal + 1)
 
     // handle redirects
-    if (counterVal > 10) {
+    const counterLimit = 100000 // FIXME: CORRECT THIS, for debugging
+
+    if (counterVal > counterLimit) {
       return h.redirect(constants.routes.SMELL_EXCEEDED_ATTEMPTS)
     } else {
       request.yar.set(constants.redisKeys.SMELL_FIND_ADDRESS, buildAnswers(buildingDetails, postcode))
@@ -61,8 +98,15 @@ const getContext = (request) => {
   }
 }
 
-const validatePayload = (buildingDetails, postcode) => {
+const validatePayload = (buildingDetails, postcode, captchaSuccess) => {
   const errorSummary = getErrorSummary()
+  if (!captchaSuccess) {
+    errorSummary.errorList.push({
+      text: 'Failed Captcha check',
+      href: '#' // FIXME: add this
+    })
+  }
+
   if (!buildingDetails) {
     errorSummary.errorList.push({
       text: 'Enter a building number or name',

server/views/smell/exceeded-attempts.html

@@ -10,7 +10,7 @@ <h1 class="govuk-heading-l">
       You have made too many searches
     </h1>
 
-    <p>You cannot search for more addresses right now.</p>
+    <p class="govuk-body">You cannot search for more addresses right now.</p>
     <p class="govuk-body">
       <a href="{{ enterAddress }}" class="govuk-link">Enter address manually</a>
     </p>