Switch to a system where you can use either a verifyCode or a captcha token for any endpoint with one or the other

This commit is contained in:
2026-02-01 16:09:35 -07:00
parent 3f3d6325d6
commit b4309294e6
8 changed files with 130 additions and 177 deletions

View File

@@ -4,18 +4,17 @@ import {
getDatabaseConnection,
hash,
jsonResponse,
validateTurnstile
verifyTurstileOrVerifyCode
} from '../../../../lib/util'
import { checkAuthorization } from '../../../../lib/auth'
import { berryDashMarketplaceIcons, verifyCodes } from '../../../../lib/tables'
import { and, desc, eq, sql } from 'drizzle-orm'
import { berryDashMarketplaceIcons } from '../../../../lib/tables'
import { Buffer } from 'buffer'
import sizeOf from 'image-size'
import { Connection } from 'mysql2/typings/mysql/lib/Connection'
type Body = {
verifyCode: string
token: string
token: string | null
verifyCode: string | null
price: string
name: string
fileContent: string
@@ -136,55 +135,17 @@ export async function handler (context: Context) {
)
const time = Math.floor(Date.now() / 1000)
if (body.verifyCode) {
const codeExists = await db0
.select({ id: verifyCodes.id })
.from(verifyCodes)
.where(
and(
eq(verifyCodes.ip, ip),
eq(verifyCodes.usedTimestamp, 0),
eq(verifyCodes.code, body.verifyCode),
sql`${verifyCodes.timestamp} >= UNIX_TIMESTAMP() - 600`
)
)
.orderBy(desc(verifyCodes.id))
.limit(1)
.execute()
if (codeExists[0]) {
await db0
.update(verifyCodes)
.set({ usedTimestamp: time })
.where(
and(
eq(verifyCodes.id, codeExists[0].id),
eq(verifyCodes.ip, ip),
eq(verifyCodes.usedTimestamp, 0),
eq(verifyCodes.code, body.verifyCode)
)
)
.execute()
} else
return jsonResponse(
{
success: false,
message: 'Invalid verify code (codes can only be used once)'
},
400
)
} else {
const result = await validateTurnstile(body.token, ip)
if (!result.success) {
connection0.end()
return jsonResponse(
{
success: false,
message: 'Unable to verify captcha key'
},
400
)
}
}
if (!(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0)))
return jsonResponse(
{
success: false,
message:
body.token != null
? 'Invalid captcha token'
: 'Invalid verify code (codes can only be used once)'
},
400
)
const hashResult = hash(atob(body.fileContent), 'sha512')
const id = crypto.randomUUID()