Added reCaptcha

2026-03-26 12:55:25 +00:00 · 2021-03-23 17:31:34 +03:00
parent bb1e02b41a
commit c75520014f
6 changed files with 748 additions and 33 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 node_modules/
 .env
+.DS_Store
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -23,6 +23,7 @@
    "express": "^4.17.1",
    "express-session": "^1.17.1",
    "mongodb": "^3.6.5",
+    "request": "^2.88.2",
    "uuid4": "^2.0.2"
  },
  "devDependencies": {
--- a/public/auth.html
+++ b/public/auth.html
@@ -12,6 +12,7 @@
  <form action="http://localhost:3000/register" method="POST">
    <span class="input_row">Username: <input name="login" type="text"></span>
    <span class="input_row">Password: <input name="pass" type="password"></span>
+    <input type="hidden" class="g-recaptcha-response" name="g-recaptcha-response">
    <input type="submit" value="Register">
  </form>

@@ -19,7 +20,19 @@
  <form action="http://localhost:3000/login" method="POST">
    <span class="input_row">Username: <input name="login" type="text"></span>
    <span class="input_row">Password: <input name="pass" type="password"></span>
+    <input type="hidden" class="g-recaptcha-response" name="g-recaptcha-response">
    <input type="submit" value="Login">
  </form>
+
+  <script src="https://www.google.com/recaptcha/api.js?render=6LcTXIsaAAAAAGWE4913KuaqU1tTT9uyqmvPADcn"></script>
+  <script>
+    grecaptcha.ready(function () {
+      grecaptcha.execute('6LcTXIsaAAAAAGWE4913KuaqU1tTT9uyqmvPADcn', { action: 'demo' })
+        .then(function (token) {
+          document.getElementsByClassName('g-recaptcha-response')[0].value = token;
+          document.getElementsByClassName('g-recaptcha-response')[1].value = token;
+        });
+    });
+  </script>
 </body>
 </html>
--- a/server.js
+++ b/server.js
@@ -6,7 +6,9 @@ const MongoStore = require('connect-mongo')
 const bcrypt = require('bcrypt')
 require('dotenv').config()

-app.use(express.static("public"))
+const {verifyCaptcha} = require('./verify-captcha')
+
+app.use(express.static(__dirname + '/public'))
 app.use(express.json())
 app.use(express.urlencoded({ extended: true }))

@@ -28,8 +30,9 @@ client.connect()
 app.get('/', (req, res) => {
  if (req.session.loggedIn) {
    res.sendFile(__dirname+'/public/personal.html')
-  } else
+  } else {
    res.sendFile(__dirname+'/public/auth.html')
+  }
 })

 app.get('/get-users', async (_, res) => {
@@ -43,35 +46,39 @@ app.get('/get-users', async (_, res) => {
 })

 app.post('/register', async (req, res) => {
-  const hashedPass = await bcrypt.hash(req.body.pass, 10)
-  try {
-    await client.db('reg_example').collection('users').insertOne({
-      login: req.body.login,
-      pass: hashedPass
-    })
-    req.session.loggedIn = true
-    res.status(201).redirect('/')
-  } catch (e) {
-    console.log("Error: " + e)
-    res.status(500).send()
-  }
+  verifyCaptcha(req, res, async () => {
+    const hashedPass = await bcrypt.hash(req.body.pass, 10)
+    try {
+      await client.db('reg_example').collection('users').insertOne({
+        login: req.body.login,
+        pass: hashedPass
+      })
+      req.session.loggedIn = true
+      res.status(201).redirect('/')
+    } catch (e) {
+      console.log("Error: " + e)
+      res.status(500).send()
+    }
+  })
 })

 app.post('/login', async (req, res) => {
-  try {
-    const user = await client.db('reg_example').collection('users').findOne({
-      login: req.body.login
-    })
-    if (user && bcrypt.compareSync(req.body.pass, user.pass)) {
-      req.session.loggedIn = true
-      res.status(200).redirect('/')
-    } else {
-      res.status(401).send("Invalid login credentials")
+  verifyCaptcha(req, res, async () => {
+    try {
+      const user = await client.db('reg_example').collection('users').findOne({
+        login: req.body.login
+      })
+      if (user && bcrypt.compareSync(req.body.pass, user.pass)) {
+        req.session.loggedIn = true
+        res.status(200).redirect('/')
+      } else {
+        res.status(401).send("Invalid login credentials")
+      }
+    } catch (e) {
+      console.log("Error: " + e)
+      res.status(500).send()
    }
-  } catch (e) {
-    console.log("Error: " + e)
-    res.status(500).send()
-  }
+  })
 })

 app.get('/logout', (req, res) => {
@@ -81,4 +88,4 @@ app.get('/logout', (req, res) => {
  res.redirect('/')
 })

-app.listen(3000)
+app.listen(process.env.PORT)
--- a/verify-captcha.js
+++ b/verify-captcha.js
@@ -0,0 +1,21 @@
+const request = require('request')
+
+module.exports = {
+  verifyCaptcha: function (req, res, cb) {
+    if (!req.body['g-recaptcha-response']) {
+      return res.status(401).send("Invalid captcha")
+    }
+
+    const verificationURL = "https://www.google.com/recaptcha/api/siteverify?secret=" + process.env.SECRET_KEY + "&response=" + req.body['g-recaptcha-response'] + "&remoteip=" + req.socket.remoteAddress
+
+    request(verificationURL, async function(_, _, body) {
+      body = JSON.parse(body)
+
+      if (body.success !== undefined && !body.success) {
+        return res.status(401).send("Invalid captcha")
+      }
+
+      cb()
+    })
+  }
+}