forked from NdoleStudio/httpsms
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathturnstile_token_validator.go
More file actions
91 lines (78 loc) · 2.73 KB
/
turnstile_token_validator.go
File metadata and controls
91 lines (78 loc) · 2.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package validators
import (
"bytes"
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"time"
"github.com/NdoleStudio/httpsms/pkg/telemetry"
"github.com/palantir/stacktrace"
)
// TurnstileTokenValidator validates the token used to validate captchas from cloudflare
type TurnstileTokenValidator struct {
logger telemetry.Logger
tracer telemetry.Tracer
secretKey string
httpClient *http.Client
}
type turnstileVerifyResponse struct {
Success bool `json:"success"`
ChallengeTs time.Time `json:"challenge_ts"`
Hostname string `json:"hostname"`
ErrorCodes []any `json:"error-codes"`
Action string `json:"action"`
Cdata string `json:"cdata"`
Metadata struct {
EphemeralID string `json:"ephemeral_id"`
} `json:"metadata"`
}
// NewTurnstileTokenValidator creates a new TurnstileTokenValidator
func NewTurnstileTokenValidator(logger telemetry.Logger, tracer telemetry.Tracer, secretKey string, httpClient *http.Client) *TurnstileTokenValidator {
return &TurnstileTokenValidator{
logger.WithService(fmt.Sprintf("%T", &TurnstileTokenValidator{})),
tracer,
secretKey,
httpClient,
}
}
// ValidateToken validates the cloudflare turnstile token
// https://developers.cloudflare.com/turnstile/get-started/server-side-validation/
func (v *TurnstileTokenValidator) ValidateToken(ctx context.Context, ipAddress, token string) bool {
ctx, span, ctxLogger := v.tracer.StartWithLogger(ctx, v.logger)
defer span.End()
payload, err := json.Marshal(map[string]string{
"secret": v.secretKey,
"response": token,
"remoteip": ipAddress,
})
if err != nil {
ctxLogger.Error(stacktrace.Propagate(err, "failed to marshal payload"))
return false
}
request, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://challenges.cloudflare.com/turnstile/v0/siteverify", bytes.NewBuffer(payload))
if err != nil {
ctxLogger.Error(stacktrace.Propagate(err, "failed to create http request request"))
return false
}
request.Header.Set("Content-Type", "application/json")
response, err := v.httpClient.Do(request)
if err != nil {
ctxLogger.Error(stacktrace.Propagate(err, fmt.Sprintf("failed to send http request to [%s]", request.URL.String())))
return false
}
defer response.Body.Close()
body, err := io.ReadAll(response.Body)
if err != nil {
ctxLogger.Error(stacktrace.Propagate(err, "failed to read response body from cloudflare turnstile"))
return false
}
ctxLogger.Info(fmt.Sprintf("successfully validated token with cloudflare with response [%s]", body))
data := new(turnstileVerifyResponse)
if err = json.Unmarshal(body, data); err != nil {
ctxLogger.Error(stacktrace.Propagate(err, "failed to unmarshal response from cloudflare turnstile"))
return false
}
return data.Success
}