Dont allow caching captcha response (#4381)

Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
mods-see-likes
Nutomic 2024-01-19 16:41:05 +01:00 committed by GitHub
parent b58da11fb7
commit 516db012bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 7 deletions

View File

@ -1,5 +1,13 @@
use crate::captcha_as_wav_base64; use crate::captcha_as_wav_base64;
use actix_web::web::{Data, Json}; use actix_web::{
http::{
header::{CacheControl, CacheDirective},
StatusCode,
},
web::{Data, Json},
HttpResponse,
HttpResponseBuilder,
};
use captcha::{gen, Difficulty}; use captcha::{gen, Difficulty};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
@ -12,13 +20,13 @@ use lemmy_db_schema::source::{
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn get_captcha( pub async fn get_captcha(context: Data<LemmyContext>) -> Result<HttpResponse, LemmyError> {
context: Data<LemmyContext>,
) -> Result<Json<GetCaptchaResponse>, LemmyError> {
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let mut res = HttpResponseBuilder::new(StatusCode::OK);
res.insert_header(CacheControl(vec![CacheDirective::NoStore]));
if !local_site.captcha_enabled { if !local_site.captcha_enabled {
return Ok(Json(GetCaptchaResponse { ok: None })); return Ok(res.json(Json(GetCaptchaResponse { ok: None })));
} }
let captcha = gen(match local_site.captcha_difficulty.as_str() { let captcha = gen(match local_site.captcha_difficulty.as_str() {
@ -37,11 +45,12 @@ pub async fn get_captcha(
// Stores the captcha item in the db // Stores the captcha item in the db
let captcha = CaptchaAnswer::insert(&mut context.pool(), &captcha_form).await?; let captcha = CaptchaAnswer::insert(&mut context.pool(), &captcha_form).await?;
Ok(Json(GetCaptchaResponse { let json = Json(GetCaptchaResponse {
ok: Some(CaptchaResponse { ok: Some(CaptchaResponse {
png, png,
wav, wav,
uuid: captcha.uuid.to_string(), uuid: captcha.uuid.to_string(),
}), }),
})) });
Ok(res.json(json))
} }