Added reCaptcha

.gitignore

@@ -1,2 +1,3 @@
 node_modules/
 .env
+.DS_Store

package.json

@@ -23,6 +23,7 @@
     "express": "^4.17.1",
     "express-session": "^1.17.1",
     "mongodb": "^3.6.5",
+    "request": "^2.88.2",
     "uuid4": "^2.0.2"
   },
   "devDependencies": {

public/auth.html

@@ -12,6 +12,7 @@
   <form action="http://localhost:3000/register" method="POST">
     <span class="input_row">Username: <input name="login" type="text"></span>
     <span class="input_row">Password: <input name="pass" type="password"></span>
+    <input type="hidden" class="g-recaptcha-response" name="g-recaptcha-response">
     <input type="submit" value="Register">
   </form>
 
@@ -19,7 +20,19 @@
   <form action="http://localhost:3000/login" method="POST">
     <span class="input_row">Username: <input name="login" type="text"></span>
     <span class="input_row">Password: <input name="pass" type="password"></span>
+    <input type="hidden" class="g-recaptcha-response" name="g-recaptcha-response">
     <input type="submit" value="Login">
   </form>
+
+  <script src="https://www.google.com/recaptcha/api.js?render=6LcTXIsaAAAAAGWE4913KuaqU1tTT9uyqmvPADcn"></script>
+  <script>
+    grecaptcha.ready(function () {
+      grecaptcha.execute('6LcTXIsaAAAAAGWE4913KuaqU1tTT9uyqmvPADcn', { action: 'demo' })
+        .then(function (token) {
+          document.getElementsByClassName('g-recaptcha-response')[0].value = token;
+          document.getElementsByClassName('g-recaptcha-response')[1].value = token;
+        });
+    });
+  </script>
 </body>
 </html>

server.js

@@ -6,7 +6,9 @@ const MongoStore = require('connect-mongo')
 const bcrypt = require('bcrypt')
 require('dotenv').config()
 
-app.use(express.static("public"))
+const {verifyCaptcha} = require('./verify-captcha')
+
+app.use(express.static(__dirname + '/public'))
 app.use(express.json())
 app.use(express.urlencoded({ extended: true }))
 
@@ -28,8 +30,9 @@ client.connect()
 app.get('/', (req, res) => {
   if (req.session.loggedIn) {
     res.sendFile(__dirname+'/public/personal.html')
-  } else
+  } else {
     res.sendFile(__dirname+'/public/auth.html')
+  }
 })
 
 app.get('/get-users', async (_, res) => {
@@ -43,6 +46,7 @@ app.get('/get-users', async (_, res) => {
 })
 
 app.post('/register', async (req, res) => {
+  verifyCaptcha(req, res, async () => {
     const hashedPass = await bcrypt.hash(req.body.pass, 10)
     try {
       await client.db('reg_example').collection('users').insertOne({
@@ -55,9 +59,11 @@ app.post('/register', async (req, res) => {
       console.log("Error: " + e)
       res.status(500).send()
     }
+  })
 })
 
 app.post('/login', async (req, res) => {
+  verifyCaptcha(req, res, async () => {
     try {
       const user = await client.db('reg_example').collection('users').findOne({
         login: req.body.login
@@ -72,6 +78,7 @@ app.post('/login', async (req, res) => {
       console.log("Error: " + e)
       res.status(500).send()
     }
+  })
 })
 
 app.get('/logout', (req, res) => {
@@ -81,4 +88,4 @@ app.get('/logout', (req, res) => {
   res.redirect('/')
 })
 
-app.listen(3000)
+app.listen(process.env.PORT)

verify-captcha.js

@@ -0,0 +1,21 @@
+const request = require('request')
+
+module.exports = {
+  verifyCaptcha: function (req, res, cb) {
+    if (!req.body['g-recaptcha-response']) {
+      return res.status(401).send("Invalid captcha")
+    }
+
+    const verificationURL = "https://www.google.com/recaptcha/api/siteverify?secret=" + process.env.SECRET_KEY + "&response=" + req.body['g-recaptcha-response'] + "&remoteip=" + req.socket.remoteAddress
+
+    request(verificationURL, async function(_, _, body) {
+      body = JSON.parse(body)
+
+      if (body.success !== undefined && !body.success) {
+        return res.status(401).send("Invalid captcha")
+      }
+
+      cb()
+    })
+  }
+}