From a2399c1c7c17ee1c8e85ae0b6095405c7cb9f6f1 Mon Sep 17 00:00:00 2001 From: Ekaterina Vaartis Date: Sat, 15 Dec 2018 01:31:19 +0300 Subject: [PATCH] Add base CAPTCHA support (currently only kocaptcha) --- config/config.exs | 7 ++ lib/pleroma/application.ex | 1 + lib/pleroma/captcha.ex | 68 +++++++++++++++++++ lib/pleroma/web/router.ex | 1 + .../controllers/util_controller.ex | 4 ++ lib/pleroma/web/twitter_api/twitter_api.ex | 47 +++++++------ 6 files changed, 109 insertions(+), 19 deletions(-) create mode 100644 lib/pleroma/captcha.ex diff --git a/config/config.exs b/config/config.exs index 1401b0a3d..df4c618a7 100644 --- a/config/config.exs +++ b/config/config.exs @@ -10,6 +10,13 @@ config :pleroma, Pleroma.Repo, types: Pleroma.PostgresTypes +config :pleroma, Pleroma.Captcha, + method: Pleroma.Captcha.Kocaptcha + +# Kocaptcha is a very simple captcha service, the source code is here: https://github.com/koto-bank/kocaptcha +config :pleroma, Pleroma.Captcha.Kocaptcha, + endpoint: "http://localhost:9093" + # Upload configuration config :pleroma, Pleroma.Upload, uploader: Pleroma.Uploaders.Local, diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 8705395a4..e15991957 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -24,6 +24,7 @@ def start(_type, _args) do # Start the Ecto repository supervisor(Pleroma.Repo, []), worker(Pleroma.Emoji, []), + worker(Pleroma.Captcha, []), worker( Cachex, [ diff --git a/lib/pleroma/captcha.ex b/lib/pleroma/captcha.ex new file mode 100644 index 000000000..31f3bc797 --- /dev/null +++ b/lib/pleroma/captcha.ex @@ -0,0 +1,68 @@ +defmodule Pleroma.Captcha do + use GenServer + + @ets __MODULE__.Ets + @ets_options [:ordered_set, :private, :named_table, {:read_concurrency, true}] + + + @doc false + def start_link() do + GenServer.start_link(__MODULE__, [], name: __MODULE__) + end + + + @doc false + def init(_) do + @ets = :ets.new(@ets, @ets_options) + + {:ok, nil} + end + + def new() do + GenServer.call(__MODULE__, :new) + end + + def validate(token, captcha) do + GenServer.call(__MODULE__, {:validate, token, captcha}) + end + + @doc false + def handle_call(:new, _from, state) do + method = Pleroma.Config.get!([__MODULE__, :method]) + + case method do + __MODULE__.Kocaptcha -> + endpoint = Pleroma.Config.get!([method, :endpoint]) + case HTTPoison.get(endpoint <> "/new") do + {:error, _} -> + %{error: "Kocaptcha service unavailable"} + {:ok, res} -> + json_resp = Poison.decode!(res.body) + + token = json_resp["token"] + + true = :ets.insert(@ets, {token, json_resp["md5"]}) + + { + :reply, + %{type: :kocaptcha, token: token, url: endpoint <> json_resp["url"]}, + state + } + end + end + end + + @doc false + def handle_call({:validate, token, captcha}, _from, state) do + with false <- is_nil(captcha), + [{^token, saved_md5}] <- :ets.lookup(@ets, token), + true <- (:crypto.hash(:md5, captcha) |> Base.encode16) == String.upcase(saved_md5) do + # Clear the saved value + :ets.delete(@ets, token) + + {:reply, true, state} + else + e -> IO.inspect(e); {:reply, false, state} + end + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index daff3362c..60342cfb4 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -99,6 +99,7 @@ defmodule Pleroma.Web.Router do get("/password_reset/:token", UtilController, :show_password_reset) post("/password_reset", UtilController, :password_reset) get("/emoji", UtilController, :emoji) + get("/captcha", UtilController, :captcha) end scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 2f2b69623..38653f0b8 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -284,4 +284,8 @@ def delete_account(%{assigns: %{user: user}} = conn, params) do json(conn, %{error: msg}) end end + + def captcha(conn, _params) do + json(conn, Pleroma.Captcha.new()) + end end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 1e764f24a..c9e8fbcbb 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -132,38 +132,47 @@ def register_user(params) do bio: User.parse_bio(params["bio"]), email: params["email"], password: params["password"], - password_confirmation: params["confirm"] + password_confirmation: params["confirm"], + captcha_solution: params["captcha_solution"], + captcha_token: params["captcha_token"] } - registrations_open = Pleroma.Config.get([:instance, :registrations_open]) + # Captcha invalid + if not Pleroma.Captcha.validate(params[:captcha_token], params[:captcha_solution]) do + # I have no idea how this error handling works + {:error, %{error: Jason.encode!(%{captcha: ["Invalid CAPTCHA"]})}} + else + registrations_open = Pleroma.Config.get([:instance, :registrations_open]) - # no need to query DB if registration is open - token = - unless registrations_open || is_nil(tokenString) do + # no need to query DB if registration is open + token = + unless registrations_open || is_nil(tokenString) do Repo.get_by(UserInviteToken, %{token: tokenString}) end - cond do - registrations_open || (!is_nil(token) && !token.used) -> - changeset = User.register_changeset(%User{info: %{}}, params) + cond do + registrations_open || (!is_nil(token) && !token.used) -> + changeset = User.register_changeset(%User{info: %{}}, params) - with {:ok, user} <- Repo.insert(changeset) do - !registrations_open && UserInviteToken.mark_as_used(token.token) - {:ok, user} - else - {:error, changeset} -> - errors = + with {:ok, user} <- Repo.insert(changeset) do + !registrations_open && UserInviteToken.mark_as_used(token.token) + {:ok, user} + else + {:error, changeset} -> + errors = Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end) |> Jason.encode!() {:error, %{error: errors}} - end + end - !registrations_open && is_nil(token) -> - {:error, "Invalid token"} - !registrations_open && token.used -> - {:error, "Expired token"} + !registrations_open && is_nil(token) -> + {:error, "Invalid token"} + + !registrations_open && token.used -> + {:error, "Expired token"} + end end end