switch from hcaptcha to turnstile

2022-11-11 20:34:06 +02:00 · 2022-11-11 20:34:06 +02:00 · 0796a17422
parent 4202187a83
commit 0796a17422
5 changed files with 15 additions and 16 deletions
--- a/4
+++ b/4
@ -7,8 +7,8 @@ export REDIS_URL="redis://localhost:6379"
 export PROXY_URL="http://localhost:18080"
 export GIPHY_KEY="blahblahblah"
 export DISCORD_BOT_TOKEN="blahblahblah"
-export HCAPTCHA_SITEKEY="blahblahblah"
-export HCAPTCHA_SECRET="blahblahblah"
+export TURNSTILE_SITEKEY="blahblahblah"
+export TURNSTILE_SECRET="blahblahblah"
 export YOUTUBE_KEY="blahblahblah"
 export PUSHER_ID="blahblahblah"
 export PUSHER_KEY="blahblahblah"
--- a/files/assets/js/hcaptcha.js
+++ b/files/assets/js/hcaptcha.js
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -12,8 +12,8 @@ SECRET_KEY = environ.get("SECRET_KEY").strip()
 PROXY_URL = environ.get("PROXY_URL").strip()
 GIPHY_KEY = environ.get('GIPHY_KEY').strip()
 DISCORD_BOT_TOKEN = environ.get("DISCORD_BOT_TOKEN").strip()
-HCAPTCHA_SITEKEY = environ.get("HCAPTCHA_SITEKEY").strip()
-HCAPTCHA_SECRET = environ.get("HCAPTCHA_SECRET").strip()
+TURNSTILE_SITEKEY = environ.get("TURNSTILE_SITEKEY").strip()
+TURNSTILE_SECRET = environ.get("TURNSTILE_SECRET").strip()
 YOUTUBE_KEY = environ.get("YOUTUBE_KEY").strip()
 PUSHER_ID = environ.get("PUSHER_ID").strip()
 PUSHER_KEY = environ.get("PUSHER_KEY").strip()
@ -48,7 +48,7 @@ KOFI_LINK = environ.get("KOFI_LINK", "").strip()
 PUSHER_ID_CSP = ""
 if PUSHER_ID != "blahblahblah":
 	PUSHER_ID_CSP = f" {PUSHER_ID}.pushnotifications.pusher.com"
-CONTENT_SECURITY_POLICY_DEFAULT = "script-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none';"
+CONTENT_SECURITY_POLICY_DEFAULT = "script-src 'self' 'unsafe-inline' challenges.cloudflare.com; connect-src 'self'; object-src 'none';"
 CONTENT_SECURITY_POLICY_HOME = f"script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io{PUSHER_ID_CSP}; object-src 'none';"

 CLOUDFLARE_COOKIE_VALUE = "yes."
--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -235,7 +235,7 @@ def sign_up_get(v):
 						formkey=formkey,
 						now=now,
 						ref_user=ref_user,
-						hcaptcha=HCAPTCHA_SITEKEY,
+						turnstile=TURNSTILE_SITEKEY,
 						error=error,
 						redirect=redir
 						)
@ -307,15 +307,15 @@ def sign_up_post(v):
 	if existing_account:
 		return signup_error("An account with that username already exists.")

-	if HCAPTCHA_SITEKEY != 'blahblahblah':
-		token = request.values.get("h-captcha-response")
+	if TURNSTILE_SITEKEY != 'blahblahblah':
+		token = request.values.get("cf-turnstile-response")
 		if not token:
 			return signup_error("Unable to verify captcha [1].")

-		data = {"secret": HCAPTCHA_SECRET,
+		data = {"secret": TURNSTILE_SECRET,
 				"response": token,
-				"sitekey": HCAPTCHA_SITEKEY}
-		url = "https://hcaptcha.com/siteverify"
+				"sitekey": TURNSTILE_SITEKEY}
+		url = "https://challenges.cloudflare.com/turnstile/v0/siteverify"

 		x = requests.post(url, data=data, timeout=5)

--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@ -100,8 +100,8 @@
 							<label class="custom-control-label terms" for="termsCheck">I accept the <a href="/sidebar">rules</a></label>
 						</div>

-						{% if hcaptcha != 'blahblahblah' %}
-							<div class="h-captcha" data-sitekey="{{hcaptcha}}" data-theme="dark"></div>
+						{% if turnstile != 'blahblahblah' %}
+							<div class="cf-turnstile" data-sitekey="{{turnstile}}"></div>
 						{% endif %}

 						<button type="submit" class="btn btn-primary login w-100 mt-3" id="register_button">Register</button>
@ -130,8 +130,8 @@

 <script defer src="{{'js/signup.js' | asset}}"></script>

-{% if hcaptcha != 'blahblahblah' %}
-	<script defer src="{{'js/hcaptcha.js' | asset}}"></script>
+{% if turnstile != 'blahblahblah' %}
+	<script defer src="https://challenges.cloudflare.com/turnstile/v0/api.js"></script>
 {% endif %}

 </body>