feat(verification): captcha support

virtual-designer · web-flow · commit ffe7086f09a6 · 2024-06-13T18:49:34.000Z
diff --git a/src/main/typescript/api/controllers/VerificationController.ts b/src/main/typescript/api/controllers/VerificationController.ts
@@ -7,6 +7,7 @@ import { Inject } from "@framework/container/Inject";
 import { auth, oauth2 } from "@googleapis/oauth2";
 import type VerificationService from "@main/automod/VerificationService";
 import { env } from "@main/env/env";
+import type ConfigurationManager from "@main/services/ConfigurationManager";
 import { VerificationMethod } from "@prisma/client";
 import undici from "undici";
 import { z } from "zod";
@@ -15,6 +16,9 @@ class VerificationController extends Controller {
     @Inject("verificationService")
     private readonly verificationService!: VerificationService;
 
+    @Inject("configManager")
+    private readonly configManager!: ConfigurationManager;
+
     private readonly googleOauth2Client =
         env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET
             ? new auth.OAuth2({
@@ -44,16 +48,105 @@ class VerificationController extends Controller {
             return new Response({ status: 403, body: { error: "Guild not found." } });
         }
 
+        const config = this.configManager.get(guild.id)?.member_verification;
+
         return new Response({
             status: 200,
             body: {
                 guild: {
                     id: guild.id,
                     name: guild.name,
                     icon: guild.iconURL({ forceStatic: false }) ?? null
+                },
+                needs_captcha:
+                    !!config?.require_captcha &&
+                    !(entry.metadata as Record<string, boolean> | null)?.captcha_completed,
+                supported_methods: config?.allowed_methods ?? [
+                    "discord",
+                    "google",
+                    "github",
+                    "email"
+                ]
+            }
+        });
+    }
+
+    @Action("PUT", "/challenge/captcha")
+    @Validate(
+        z.object({
+            recaptchaResponse: z.string(),
+            token: z.string()
+        })
+    )
+    public async completeCaptcha(request: Request) {
+        if (!env.RECAPTCHA_SECRET_KEY) {
+            return new Response({ status: 403, body: { error: "Recaptcha is not supported." } });
+        }
+
+        const { recaptchaResponse, token } = request.parsedBody ?? {};
+        const entry = await this.verificationService.getVerificationEntry(token);
+
+        if (!entry) {
+            return new Response({ status: 403, body: { error: "Invalid token." } });
+        }
+
+        const guild = this.application.client.guilds.cache.get(entry.guildId);
+
+        if (!guild) {
+            return new Response({ status: 403, body: { error: "Guild not found." } });
+        }
+
+        const config = this.configManager.get(guild.id);
+
+        if (!config?.member_verification?.require_captcha) {
+            return new Response({ status: 403, body: { error: "Captcha is not required." } });
+        }
+
+        if ((entry.metadata as Record<string, boolean> | null)?.captcha_completed) {
+            return new Response({
+                status: 403,
+                body: { error: "Captcha has already been completed." }
+            });
+        }
+
+        const response = await undici.request("https://www.google.com/recaptcha/api/siteverify", {
+            method: "POST",
+            body: new URLSearchParams({
+                secret: env.RECAPTCHA_SECRET_KEY,
+                response: recaptchaResponse
+            }).toString(),
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded"
+            }
+        });
+
+        if (response.statusCode > 299 || response.statusCode < 200) {
+            return new Response({ status: 403, body: { error: "Failed to verify captcha." } });
+        }
+
+        const captchaData = (await response.body.json()) as {
+            success: boolean;
+            challenge_ts: number;
+            "error-codes"?: Array<unknown>;
+        };
+
+        if (!captchaData.success) {
+            return new Response({ status: 403, body: { error: "Failed to verify captcha." } });
+        }
+
+        await this.application.prisma.verificationEntry.update({
+            where: {
+                id: entry.id
+            },
+            data: {
+                metadata: {
+                    ...(entry.metadata as Record<string, string>),
+                    captcha_completed: true
                 }
             }
         });
+
+        return new Response({ status: 200, body: { message: "Captcha has been completed." } });
     }
 
     @Action("POST", "/challenge/discord")
diff --git a/src/main/typescript/automod/VerificationService.ts b/src/main/typescript/automod/VerificationService.ts
@@ -98,7 +98,10 @@ class VerificationService extends Service {
                 guildId: member.guild.id,
                 userId: member.id,
                 code,
-                expiresAt: new Date(Date.now() + (config.max_duration ?? 24 * 60 * 60) * 1000)
+                expiresAt: new Date(Date.now() + (config.max_duration ?? 24 * 60 * 60) * 1000),
+                metadata: {
+                    captcha_completed: false
+                }
             }
         });
 
@@ -231,6 +234,22 @@ class VerificationService extends Service {
             return null;
         }
 
+        if (
+            !!config?.require_captcha &&
+            !(entry.metadata as Record<string, boolean> | null)?.captcha_completed
+        ) {
+            return null;
+        }
+
+        if (
+            !config ||
+            !config.allowed_methods.includes(
+                payload.method.toLowerCase() as Lowercase<VerificationMethod>
+            )
+        ) {
+            return null;
+        }
+
         if (payload.method === VerificationMethod.EMAIL) {
             if (
                 typeof entry.metadata !== "object" ||
@@ -348,6 +367,7 @@ class VerificationService extends Service {
             },
             data: {
                 metadata: {
+                    ...(entry.metadata as Record<string, string>),
                     emailToken: token,
                     email
                 }
diff --git a/src/main/typescript/commands/settings/ConfigCommand.ts b/src/main/typescript/commands/settings/ConfigCommand.ts
@@ -10,10 +10,10 @@ import ConfigurationManager from "@main/services/ConfigurationManager";
 import PermissionManagerService from "@main/services/PermissionManagerService";
 import {
     ChatInputCommandInteraction,
-    codeBlock,
     EmbedBuilder,
-    escapeInlineCode,
     GuildMember,
+    codeBlock,
+    escapeInlineCode,
     inlineCode,
     type Interaction
 } from "discord.js";
@@ -405,7 +405,7 @@ class ConfigCommand extends Command {
                             {
                                 description: `### ${context.emoji(
                                     "error"
-                                )} Failed to parse the value as JSON\n\n${error.slice(0, 1800)}${
+                                )} Failed to parse the value as JSON\n\n${codeBlock(error.slice(0, 1800))}${
                                     error.length > 1800
                                         ? "\n... The error message is loo long."
                                         : ""
@@ -444,7 +444,7 @@ class ConfigCommand extends Command {
                 .setDescription(
                     `### ${context.emoji("error")} The configuration is invalid (${inlineCode(
                         error.type
-                    )})\n\nThe changes were not saved.\n\n${errorString.slice(0, 1800)}${
+                    )})\n\nThe changes were not saved.\n\n${codeBlock(errorString.slice(0, 1800))}${
                         errorString.length > 1800 ? "\n... The error description is loo long." : ""
                     }`
                 )
diff --git a/src/main/typescript/schemas/EnvironmentVariableSchema.ts b/src/main/typescript/schemas/EnvironmentVariableSchema.ts
@@ -41,7 +41,8 @@ export const EnvironmentVariableSchema = z.object({
     GITHUB_CLIENT_SECRET: z.string().optional(),
     GOOGLE_CLIENT_ID: z.string().optional(),
     GOOGLE_CLIENT_SECRET: z.string().optional(),
-    FRONTEND_KEY: z.string().optional()
+    FRONTEND_KEY: z.string().optional(),
+    RECAPTCHA_SECRET_KEY: z.string().optional()
 });
 
 export type EnvironmentVariableRecord = z.infer<typeof EnvironmentVariableSchema>;
diff --git a/src/main/typescript/schemas/GuildConfigSchema.ts b/src/main/typescript/schemas/GuildConfigSchema.ts
@@ -212,13 +212,17 @@ export const GuildConfigSchema = z.object({
             unverified_roles: z.array(zSnowflake).default([]),
             verified_roles: z.array(zSnowflake).default([]),
             expired_actions: z.array(ModerationActionSchema).default([]),
+            require_captcha: z.boolean().optional(),
             verification_message: z.string().optional(),
             success_message: z.string().optional(),
             max_duration: z
                 .number()
                 .describe("Max verification duration (in seconds)")
                 .int()
-                .optional()
+                .optional(),
+            allowed_methods: z
+                .array(z.enum(["discord", "google", "github", "email"]))
+                .default(["discord", "google", "github", "email"])
         })
         .optional(),
     quick_mute: z
