Recaptcha

.env.example

@@ -50,3 +50,6 @@ PUSHER_APP_CLUSTER=mt1
 
 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+RECAPTCHA_SITE_KEY=
+RECAPTCHA_SECRET_KEY=

app/Actions/Fortify/CreateNewUser.php

@@ -3,6 +3,7 @@
 namespace App\Actions\Fortify;
 
 use App\Models\User;
+use App\Rules\Recaptcha;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
 use Laravel\Fortify\Contracts\CreatesNewUsers;
@@ -25,6 +26,7 @@ public function create(array $input)
             'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
             'password' => $this->passwordRules(),
             'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature() ? ['required', 'accepted'] : '',
+            'recaptcha_token' => ['required', new Recaptcha($input['recaptcha_token'])],
         ])->validate();
 
         return User::create([

app/Rules/Recaptcha.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Rules;
+
+use Illuminate\Support\Facades\Http;
+use Illuminate\Contracts\Validation\Rule;
+
+class Recaptcha implements Rule
+{
+    public function passes($attribute, $value)
+    {
+        $response = Http::asForm()->post("https://www.google.com/recaptcha/api/siteverify", [
+                'secret' => config('services.recaptcha.secret_key'),
+                'response' => $value,
+                'ip' => request()->ip(),
+        ]);
+
+        if ($response->successful() && $response->json('success') && $response->json('score') > config('services.recaptcha.min_score')) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public function message()
+    {
+        return 'Failed to validate ReCaptcha.';
+    }
+}

config/services.php

@@ -30,4 +30,10 @@
         'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
     ],
 
+    'recaptcha' => [
+        'site_key' => env('RECAPTCHA_SITE_KEY'),
+        'secret_key' => env('RECAPTCHA_SECRET_KEY'),
+        'min_score' => env('RECAPTCHA_MIN_SCORE', .5),
+    ],
+
 ];

resources/views/auth/register.blade.php

@@ -6,9 +6,11 @@
 
         <x-jet-validation-errors class="mb-4" />
 
-        <form method="POST" action="{{ route('register') }}">
+        <form method="POST" action="{{ route('register') }}" id="registerForm">
             @csrf
 
+            <input type="hidden" class="g-recaptcha" name="recaptcha_token" id="recaptcha_token">
+
             <div>
                 <x-jet-label for="name" value="{{ __('Name') }}" />
                 <x-jet-input id="name" class="block mt-1 w-full" type="text" name="name" :value="old('name')" required autofocus autocomplete="name" />
@@ -57,4 +59,19 @@
             </div>
         </form>
     </x-jet-authentication-card>
+
+    @push('scripts')
+        <script>
+            grecaptcha.ready(function () {
+                document.getElementById('registerForm').addEventListener("submit", function (event) {
+                    event.preventDefault();
+                    grecaptcha.execute('{{ config('services.recaptcha.site_key') }}', { action: 'register' })
+                        .then(function (token) {
+                            document.getElementById("recaptcha_token").value = token;
+                            document.getElementById('registerForm').submit();
+                        });
+                });
+            });
+        </script>
+    @endpush
 </x-guest-layout>

resources/views/layouts/guest.blade.php

@@ -15,10 +15,13 @@
 
         <!-- Scripts -->
         <script src="{{ mix('js/app.js') }}" defer></script>
+        <script src="https://www.google.com/recaptcha/api.js?render={{ config('services.recaptcha.site_key') }}"></script>
     </head>
     <body>
         <div class="font-sans text-gray-900 antialiased">
             {{ $slot }}
         </div>
+
+        @stack('scripts')
     </body>
 </html>