Merge pull request #91 from ForFansubs/dev

ayberktandogan · web-flow · commit 9be5b0861650 · 2021-05-21T21:27:55.000+03:00
reCaptcha for login &amp; register
diff --git a/.env.example b/.env.example
@@ -19,6 +19,7 @@ SMTP_USERNAME=
 SMTP_PASSWORD=
 SMTP_HOST=
 SMTP_PORT=
+GOOGLE_RECAPTCHA_SECRET_KEY=
 PRERENDER_SERVICE_URL=
 USE_NEW_SEO_METHOD=
 REDIS_OPTIONS={}
diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,5 @@ ecosystem.config.js
 npm-debug\.log
 
 /config/sitemap.xml
+
+package-lock.json
diff --git a/routes/api/user.js b/routes/api/user.js
@@ -2,8 +2,10 @@ const sendMail = require("../../methods/mailer").sendMail;
 const SHA256 = require("crypto-js/sha256");
 const express = require("express");
 const router = express.Router();
+const axios = require("axios");
 const gravatar = require("gravatar");
 const bcrypt = require("bcryptjs");
+const qs = require("qs");
 const jwt = require("jsonwebtoken");
 const keys = require("../../config/keys");
 const error_messages = require("../../config/error_messages");
@@ -81,6 +83,19 @@ router.post(
                 d: "mm", // Default
             });
 
+            const recaptchaResponse = await axios.post(
+                "https://www.google.com/recaptcha/api/siteverify",
+                qs.stringify({
+                    secret: process.env.GOOGLE_RECAPTCHA_SECRET_KEY,
+                    response: req.body.recaptcha_response,
+                    remoteip: req.ip,
+                })
+            );
+    
+            if (!recaptchaResponse.data.success) {
+                return res.status(401).send("reCaptcha problem!");
+            }
+
             bcrypt.genSalt(10, (err, salt) => {
                 bcrypt.hash(password, salt, async (err, p_hash) => {
                     let user_result;
@@ -260,6 +275,19 @@ router.post(
             });
         }
 
+        const recaptchaResponse = await axios.post(
+            "https://www.google.com/recaptcha/api/siteverify",
+            qs.stringify({
+                secret: process.env.GOOGLE_RECAPTCHA_SECRET_KEY,
+                response: req.body.recaptcha_response,
+                remoteip: req.ip,
+            })
+        );
+
+        if (!recaptchaResponse.data.success) {
+            return res.status(401).send("reCaptcha problem!");
+        }
+
         // Check Password
         bcrypt.compare(password, user.password).then((isMatch) => {
             if (isMatch) {
diff --git a/validators/user.js b/validators/user.js
@@ -5,11 +5,13 @@ const registerUserSchema = Joi.object({
     email: Joi.string().email().required(),
     password: Joi.string().required().min(8).max(100),
     repeat_password: Joi.ref("password"),
+    recaptcha_response: Joi.string(),
 });
 
 const loginUserSchema = Joi.object({
     username: Joi.string().required(),
     password: Joi.string().required().min(8).max(100),
+    recaptcha_response: Joi.string(),
 });
 
 module.exports = { registerUserSchema, loginUserSchema };
