Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new captcha: cloudflare turnstile #22369

Merged
merged 14 commits into from
Feb 5, 2023
Prev Previous commit
Next Next commit
Use ctx.RemoteAddr() to get the real ip instead of getting it from th…
…e http header

Signed-off-by: ByLCY <bylcy@bylcy.dev>
ByLCY committed Jan 19, 2023
commit 0821c09d4be89eb5e702e191c37028fbec15378d
1 change: 0 additions & 1 deletion custom/conf/app.example.ini
Original file line number Diff line number Diff line change
@@ -790,7 +790,6 @@ ROUTER = console
;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
;CF_TURNSTILE_SITEKEY =
;CF_TURNSTILE_SECRET =
;CF_REVERSE_PROXY_HEADER =
;;
;; Default value for KeepEmailPrivate
;; Each new user will get the value of this setting copied into their profile
1 change: 0 additions & 1 deletion docs/content/doc/advanced/config-cheat-sheet.en-us.md
Original file line number Diff line number Diff line change
@@ -655,7 +655,6 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
- `MCAPTCHA_URL` **https://demo.mcaptcha.org/**: Set the mCaptcha URL.
- `CF_TURNSTILE_SECRET` **""**: Go to https://dash.cloudflare.com/?to=/:account/turnstile to get a secret for cloudflare turnstile.
- `CF_TURNSTILE_SITEKEY` **""**: Go to https://dash.cloudflare.com/?to=/:account/turnstile to get a sitekey for cloudflare turnstile.
- `CF_REVERSE_PROXY_HEADER` **""**: The http header where the user's real ip is located. Otherwise it should be `""`.
- `DEFAULT_KEEP_EMAIL_PRIVATE`: **false**: By default set users to keep their email address private.
- `DEFAULT_ALLOW_CREATE_ORGANIZATION`: **true**: Allow new users to create organizations by default.
- `DEFAULT_USER_IS_RESTRICTED`: **false**: Give new users restricted permissions by default
1 change: 0 additions & 1 deletion docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
Original file line number Diff line number Diff line change
@@ -158,7 +158,6 @@ menu:
- `MCAPTCHA_URL` **https://demo.mcaptcha.org/**: 设置 remCaptchacaptcha 的 url 。
- `CF_TURNSTILE_SECRET` **""**: cloudlfare turnstile 服务的密钥,可在 https://dash.cloudflare.com/?to=/:account/turnstile 获取。
- `CF_TURNSTILE_SITEKEY` **""**: cloudlfare turnstile 服务的网站密钥 ,可在 https://www.google.com/recaptcha/admin 获取。
- `CF_REVERSE_PROXY_HEADER` **""**: http 的 header 字段,用于获取客户端的 ip 供 cloudflare turnstile 验证时使用。如果没有反向代理设置这里应设置为 `""` 。

### Service - Expore (`service.explore`)

8 changes: 4 additions & 4 deletions modules/context/captcha.go
Original file line number Diff line number Diff line change
@@ -5,6 +5,7 @@ package context

import (
"fmt"
"net"
"sync"

"code.gitea.io/gitea/modules/base"
@@ -78,10 +79,9 @@ func VerifyCaptcha(ctx *Context, tpl base.TplName, form interface{}) {
valid, err = mcaptcha.Verify(ctx, ctx.Req.Form.Get(mCaptchaResponseField))
case setting.CfTurnstile:
var ip string
if setting.Service.CfReverseProxyHeader == "" {
ip = ctx.RemoteAddr()
} else {
ip = ctx.Req.Header.Get(setting.Service.CfReverseProxyHeader)
ip, _, err = net.SplitHostPort(ctx.RemoteAddr())
if err != nil {
break
}
valid, err = turnstile.Verify(ctx, ctx.Req.Form.Get(cfTurnstileResponseField), ip)
default:
2 changes: 0 additions & 2 deletions modules/setting/service.go
Original file line number Diff line number Diff line change
@@ -48,7 +48,6 @@ var Service = struct {
RecaptchaURL string
CfTurnstileSecret string
CfTurnstileSitekey string
CfReverseProxyHeader string
HcaptchaSecret string
HcaptchaSitekey string
McaptchaSecret string
@@ -142,7 +141,6 @@ func newService() {
Service.RecaptchaURL = sec.Key("RECAPTCHA_URL").MustString("https://www.google.com/recaptcha/")
Service.CfTurnstileSecret = sec.Key("CF_TURNSTILE_SECRET").MustString("")
Service.CfTurnstileSitekey = sec.Key("CF_TURNSTILE_SITEKEY").MustString("")
Service.CfReverseProxyHeader = sec.Key("CF_REVERSE_PROXY_HEADER").MustString("")
Service.HcaptchaSecret = sec.Key("HCAPTCHA_SECRET").MustString("")
Service.HcaptchaSitekey = sec.Key("HCAPTCHA_SITEKEY").MustString("")
Service.McaptchaURL = sec.Key("MCAPTCHA_URL").MustString("https://demo.mcaptcha.org/")
4 changes: 2 additions & 2 deletions modules/turnstile/turnstile.go
Original file line number Diff line number Diff line change
@@ -52,10 +52,10 @@ func Verify(ctx context.Context, response, ip string) (bool, error) {
}

var jsonResponse Response
err = json.Unmarshal(body, &jsonResponse)
if err != nil {
if err := json.Unmarshal(body, &jsonResponse); err != nil {
return false, fmt.Errorf("Failed to parse CAPTCHA response: %s", err)
wolfogre marked this conversation as resolved.
Show resolved Hide resolved
}

var respErr error
if len(jsonResponse.ErrorCodes) > 0 {
respErr = jsonResponse.ErrorCodes[0]