radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): add Cloudflare Turnstile CAPTCHA to registration form

Browse Source 
- Add Turnstile widget rendering in RegisterPage on step 2
- Implement programmatic widget initialization with callbacks
- Add token validation before form submission
- Update AuthContext and API service to pass turnstileToken
- Add backend verification via Cloudflare API in register controller
- Include client IP in verification request
- Add validation rule for turnstileToken
- Reset widget on registration error
This commit is contained in:
Radosław Gierwiało
2025-12-05 18:20:26 +01:00
parent f3b8156557
commit d8085f828f
6 changed files with 112 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/routes/public.js
View File

@@ -79,8 +79,6 @@ router.post('/contact', [
const turnstileSecret = process.env.TURNSTILE_SECRET_KEY;
const turnstileVerifyUrl = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
console.log('[Turnstile] Verifying token, secret present:', !!turnstileSecret);
try {
const turnstileResponse = await fetch(turnstileVerifyUrl, {
method: 'POST',
@@ -93,7 +91,6 @@ router.post('/contact', [
});
const turnstileResult = await turnstileResponse.json();
console.log('[Turnstile] Verification result:', JSON.stringify(turnstileResult));
if (!turnstileResult.success) {
return res.status(400).json({