api: add support for cloudflare turnstile

2024-11-15 12:50:01 +00:00 · 2024-08-16 00:10:17 +06:00 · 2024-08-16 00:10:17 +06:00 · 4283774c6c
commit 4283774c6c
parent 384c6deced
3 changed files with 40 additions and 1 deletions
--- a/api/src/config.js
+++ b/api/src/config.js
@ -32,6 +32,8 @@ const env = {
        && parseInt(process.env.PROCESSING_PRIORITY),

    externalProxy: process.env.API_EXTERNAL_PROXY,
+
+    turnstileSecret: process.env.TURNSTILE_SECRET,
 }

 export {
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@ -12,7 +12,8 @@ import { languageCode } from "../misc/utils.js";

 import { createResponse, normalizeRequest, getIP } from "../processing/request.js";
 import { verifyStream, getInternalStream } from "../stream/manage.js";
-import { randomizeCiphers } from '../misc/randomize-ciphers.js';
+import { randomizeCiphers } from "../misc/randomize-ciphers.js";
+import { verifyTurnstileToken } from "../misc/turnstile.js";
 import { extract } from "../processing/url.js";
 import match from "../processing/match.js";
 import stream from "../stream/stream.js";
@ -134,6 +135,23 @@ export function runAPI(express, app, __dirname) {
            return fail('ErrorNoLink');
        }

+        if (env.turnstileSecret) {
+            const turnstileResponse = req.header("cf-turnstile-response");
+
+            if (!turnstileResponse) {
+                return fail("error.api.authentication");
+            }
+
+            const turnstileResult = await verifyTurnstileToken(
+                turnstileResponse,
+                req.ip
+            );
+
+            if (!turnstileResult) {
+                return fail("error.api.authentication");
+            }
+        }
+
        if (request.youtubeDubBrowserLang) {
            request.youtubeDubLang = lang;
        }
--- a/api/src/misc/turnstile.js
+++ b/api/src/misc/turnstile.js
@ -0,0 +1,19 @@
+import { env } from "../config.js";
+
+export const verifyTurnstileToken = async (turnstileResponse, ip) => {
+    const result = await fetch("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+            secret: env.turnstileSecret,
+            response: turnstileResponse,
+            remoteip: ip,
+        }),
+    })
+    .then(r => r.json())
+    .catch(() => {});
+
+    return !!result?.success;
+}