Skip to content

Commit

Permalink
chore(refactor): use retrieveRequestParams in captcha middleware
Browse files Browse the repository at this point in the history
  • Loading branch information
kangmingtay committed Oct 28, 2024
1 parent 373735c commit 956d933
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 18 deletions.
2 changes: 2 additions & 0 deletions internal/api/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/pkg/errors"
"github.com/supabase/auth/internal/conf"
"github.com/supabase/auth/internal/models"
"github.com/supabase/auth/internal/security"
"github.com/supabase/auth/internal/utilities"
)

Expand Down Expand Up @@ -78,6 +79,7 @@ type RequestParams interface {
VerifyParams |
adminUserUpdateFactorParams |
adminUserDeleteParams |
security.GotrueRequest |
ChallengeFactorParams |
struct {
Email string `json:"email"`
Expand Down
12 changes: 7 additions & 5 deletions internal/api/middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"github.com/supabase/auth/internal/models"
"github.com/supabase/auth/internal/observability"
"github.com/supabase/auth/internal/security"
"github.com/supabase/auth/internal/utilities"

"github.com/didip/tollbooth/v5"
"github.com/didip/tollbooth/v5/limiter"
Expand Down Expand Up @@ -116,12 +117,13 @@ func (a *API) verifyCaptcha(w http.ResponseWriter, req *http.Request) (context.C
return ctx, nil
}

verificationResult, err := security.VerifyRequest(req, strings.TrimSpace(config.Security.Captcha.Secret), config.Security.Captcha.Provider)
if err != nil {
if strings.Contains(err.Error(), "request body was not JSON") {
return nil, badRequestError(ErrorCodeValidationFailed, "Request body for CAPTCHA verification was not a valid JSON object")
}
var body *security.GotrueRequest
if err := retrieveRequestParams(req, body); err != nil {
return nil, err
}

verificationResult, err := security.VerifyRequest(body, utilities.GetIPAddress(req), strings.TrimSpace(config.Security.Captcha.Secret), config.Security.Captcha.Provider)
if err != nil {
return nil, internalServerError("captcha verification process failed").WithInternalError(err)
}

Expand Down
15 changes: 2 additions & 13 deletions internal/security/captcha.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"time"

"fmt"

"github.com/pkg/errors"
"github.com/supabase/auth/internal/utilities"
)
Expand Down Expand Up @@ -45,25 +46,13 @@ func init() {
Client = &http.Client{Timeout: defaultTimeout}
}

func VerifyRequest(r *http.Request, secretKey, captchaProvider string) (VerificationResponse, error) {
bodyBytes, err := utilities.GetBodyBytes(r)
if err != nil {
return VerificationResponse{}, err
}

var requestBody GotrueRequest

if err := json.Unmarshal(bodyBytes, &requestBody); err != nil {
return VerificationResponse{}, errors.Wrap(err, "request body was not JSON")
}

func VerifyRequest(requestBody *GotrueRequest, clientIP, secretKey, captchaProvider string) (VerificationResponse, error) {
captchaResponse := strings.TrimSpace(requestBody.Security.Token)

if captchaResponse == "" {
return VerificationResponse{}, errors.New("no captcha response (captcha_token) found in request")
}

clientIP := utilities.GetIPAddress(r)
captchaURL, err := GetCaptchaURL(captchaProvider)
if err != nil {
return VerificationResponse{}, err
Expand Down

0 comments on commit 956d933

Please sign in to comment.