Merge pull request #200 from ignapas/captcha-fix

Captcha validation for /tasks endpoint
nih-sparc · Mar 6, 2024 · 34c484a · 34c484a
2 parents 258b8b4 + e90a3c2
commit 34c484a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/app/config.py b/app/config.py
@@ -86,3 +86,5 @@ class Config(object):
     CTF_CMA_ACCESS_TOKEN = os.environ.get("CTF_CMA_ACCESS_TOKEN")
     CTF_SPACE_ID = os.environ.get("CTF_SPACE_ID")
     CTF_HOMEPAGE_ID = os.environ.get("CTF_HOMEPAGE_ID", '4qJ9WUWXg09FAUvCnbGxBY')
+    NUXT_TURNSTILE_SECRET_KEY = os.environ.get("NUXT_TURNSTILE_SECRET_KEY")
+    TURNSTILE_URL = os.environ.get("TURNSTILE_URL", "https://challenges.cloudflare.com/turnstile/v0/siteverify")
diff --git a/app/main.py b/app/main.py
@@ -1050,6 +1050,20 @@ def get_scaffold_state():
 @app.route("/tasks", methods=["POST"])
 def create_wrike_task():
     form = request.form
+    if "captcha_token" in form:
+        captchaReq = requests.post(
+            url=Config.TURNSTILE_URL,
+            json={
+                "secret": Config.NUXT_TURNSTILE_SECRET_KEY,
+                "response": form["captcha_token"]
+            }
+        )
+        captchaResp = captchaReq.json()
+        if "success" not in captchaResp or not captchaResp["success"]:
+            abort(409, description="Failed Captcha Validation")
+    # else:
+    #     abort(409, description="Missing Captcha Token")
+    # captcha all good
     if form and 'title' in form and 'description' in form:
         title = form["title"]
         description = form["description"]