Add get-verify-code endpoint

2026-01-22 14:27:23 -07:00
parent 126a6421d8
commit e2545a0f10
8 changed files with 176 additions and 2 deletions
--- a/src/index.ts
+++ b/src/index.ts
@@ -4,6 +4,8 @@ import { jsonResponse } from './lib/util'
 import dotenv from 'dotenv'
 import swagger from '@elysiajs/swagger'

+import { handler as getVerifyCodeHandler } from './routes/get-verify-code'
+
 import { handler as canLoadClientHandler } from './routes/can-load-client'

 import { handler as launcherVersionsHandler } from './routes/launcher/versions'
@@ -67,6 +69,14 @@ const app = new Elysia({ prefix: '/api' })
    })
  )

+app.post('/get-verify-code', context => getVerifyCodeHandler(context), {
+  detail: {
+    hide: true //This endpoint can only be used by the website.
+  },
+  body: t.Object({
+    token: t.String()
+  })
+})
 app.get('/can-load-client', context => canLoadClientHandler(context))
 app.get('/launcher/versions', context => launcherVersionsHandler(context), {
  detail: {
--- a/src/lib/tables.ts
+++ b/src/lib/tables.ts
@@ -65,6 +65,14 @@ export const launcherVersionManifest = mysqlTable('launcherversionmanifest', {
  changelog: text('changelog')
 })

+export const verifyCodes = mysqlTable('verifycodes', {
+  id: int('id').primaryKey().autoincrement().notNull(),
+  code: varchar('code', { length: 16 }).notNull(),
+  ip: varchar('ip', { length: 255 }),
+  timestamp: int('timestamp').notNull(),
+  used: boolean('used').default(false).notNull()
+})
+
 // berrydashdatabase

 export const berryDashUserData = mysqlTable('userdata', {
--- a/src/lib/util.ts
+++ b/src/lib/util.ts
@@ -7,6 +7,8 @@ import {
  latestVersion
 } from '../info/general'
 import { Context } from 'elysia'
+import axios from 'axios'
+import FormData from 'form-data'

 export function jsonResponse (data: any, status = 200) {
  return new Response(JSON.stringify(data, null, 2), {
@@ -104,3 +106,20 @@ export const getClientIp = (context: Context) => {
    null
  )
 }
+
+export const validateTurnstile = async (token: string, remoteip: string) => {
+  const form = new FormData()
+  form.append('secret', process.env.TURNSTILE_SECRET_KEY!)
+  form.append('response', token)
+  form.append('remoteip', remoteip)
+
+  const response = await axios.post(
+    'https://challenges.cloudflare.com/turnstile/v0/siteverify',
+    form,
+    {
+      headers: form.getHeaders()
+    }
+  )
+
+  return response.data
+}
--- a/src/routes/get-verify-code.ts
+++ b/src/routes/get-verify-code.ts
@@ -0,0 +1,62 @@
+import axios from 'axios'
+import { Context } from 'elysia'
+import {
+  getClientIp,
+  getDatabaseConnection,
+  jsonResponse,
+  validateTurnstile
+} from '../lib/util'
+import { randomBytes } from 'crypto'
+import { verifyCodes } from '../lib/tables'
+
+type Body = {
+  token: string
+}
+
+export async function handler (context: Context) {
+  const body = context.body as Body
+  const ip = getClientIp(context)
+  const code = randomBytes(8).toString('hex')
+  const time = Math.floor(Date.now() / 1000)
+
+  if (!ip || !body.token)
+    return jsonResponse(
+      {
+        success: false,
+        message: 'Unable to verify captcha key',
+        data: null
+      },
+      400
+    )
+
+  const result = await validateTurnstile(body.token, ip)
+  if (!result.success)
+    return jsonResponse(
+      {
+        success: false,
+        message: 'Unable to verify captcha key',
+        data: null
+      },
+      400
+    )
+
+  const dbInfo0 = getDatabaseConnection(0)
+
+  if (!dbInfo0)
+    return jsonResponse(
+      { success: false, message: 'Failed to connect to database', data: null },
+      500
+    )
+  const { connection: connection0, db: db0 } = dbInfo0
+
+  await db0.insert(verifyCodes).values({ code, ip, timestamp: time })
+
+  return jsonResponse(
+    {
+      success: true,
+      message: null,
+      data: code
+    },
+    200
+  )
+}