replace recaptcha with self-hosted captcha

config.go

@@ -20,29 +20,27 @@ import (
 )
 
 const (
-	defaultBaseURL          = "http://127.0.0.1:8000"
-	defaultClosePoolMsg     = "The voting service is temporarily closed to new signups."
-	defaultConfigFilename   = "dcrstakepool.conf"
-	defaultDataDirname      = "data"
-	defaultLogLevel         = "info"
-	defaultLogDirname       = "logs"
-	defaultLogFilename      = "dcrstakepool.log"
-	defaultCookieSecure     = false
-	defaultDBHost           = "localhost"
-	defaultDBName           = "stakepool"
-	defaultDBPort           = "3306"
-	defaultDBUser           = "stakepool"
-	defaultListen           = ":8000"
-	defaultPoolEmail        = "admin@example.com"
-	defaultPoolFees         = 7.5
-	defaultPoolLink         = "https://forum.decred.org/threads/rfp-6-setup-and-operate-10-stake-pools.1361/"
-	defaultPublicPath       = "public"
-	defaultTemplatePath     = "views"
-	defaultRecaptchaSecret  = "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
-	defaultRecaptchaSitekey = "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
-	defaultSMTPHost         = ""
-	defaultMinServers       = 2
-	defaultMaxVotedAge      = 8640
+	defaultBaseURL        = "http://127.0.0.1:8000"
+	defaultClosePoolMsg   = "The voting service is temporarily closed to new signups."
+	defaultConfigFilename = "dcrstakepool.conf"
+	defaultDataDirname    = "data"
+	defaultLogLevel       = "info"
+	defaultLogDirname     = "logs"
+	defaultLogFilename    = "dcrstakepool.log"
+	defaultCookieSecure   = false
+	defaultDBHost         = "localhost"
+	defaultDBName         = "stakepool"
+	defaultDBPort         = "3306"
+	defaultDBUser         = "stakepool"
+	defaultListen         = ":8000"
+	defaultPoolEmail      = "admin@example.com"
+	defaultPoolFees       = 7.5
+	defaultPoolLink       = "https://forum.decred.org/threads/rfp-6-setup-and-operate-10-stake-pools.1361/"
+	defaultPublicPath     = "public"
+	defaultTemplatePath   = "views"
+	defaultSMTPHost       = ""
+	defaultMinServers     = 2
+	defaultMaxVotedAge    = 8640
 )
 
 var (
@@ -85,8 +83,6 @@ type config struct {
 	DBName             string   `long:"dbname" description:"Name of database"`
 	PublicPath         string   `long:"publicpath" description:"Path to the public folder which contains css/fonts/images/javascript."`
 	TemplatePath       string   `long:"templatepath" description:"Path to the views folder which contains html files."`
-	RecaptchaSecret    string   `long:"recaptchasecret" description:"Recaptcha Secret"`
-	RecaptchaSitekey   string   `long:"recaptchasitekey" description:"Recaptcha Sitekey"`
 	PoolEmail          string   `long:"poolemail" description:"Email address to for support inquiries"`
 	PoolFees           float64  `long:"poolfees" description:"The per-ticket fees the user must send to the pool with their tickets"`
 	PoolLink           string   `long:"poollink" description:"URL for support inquiries such as forum, IRC, etc"`
@@ -282,30 +278,28 @@ func newConfigParser(cfg *config, so *serviceOptions, options flags.Options) *fl
 func loadConfig() (*config, []string, error) {
 	// Default config.
 	cfg := config{
-		BaseURL:          defaultBaseURL,
-		ClosePool:        false,
-		ClosePoolMsg:     defaultClosePoolMsg,
-		ConfigFile:       defaultConfigFile,
-		DebugLevel:       defaultLogLevel,
-		DataDir:          defaultDataDir,
-		LogDir:           defaultLogDir,
-		CookieSecure:     defaultCookieSecure,
-		DBHost:           defaultDBHost,
-		DBName:           defaultDBName,
-		DBPort:           defaultDBPort,
-		DBUser:           defaultDBUser,
-		Listen:           defaultListen,
-		PoolEmail:        defaultPoolEmail,
-		PoolFees:         defaultPoolFees,
-		PoolLink:         defaultPoolLink,
-		PublicPath:       defaultPublicPath,
-		TemplatePath:     defaultTemplatePath,
-		RecaptchaSecret:  defaultRecaptchaSecret,
-		RecaptchaSitekey: defaultRecaptchaSitekey,
-		SMTPHost:         defaultSMTPHost,
-		Version:          version(),
-		MinServers:       defaultMinServers,
-		MaxVotedAge:      defaultMaxVotedAge,
+		BaseURL:      defaultBaseURL,
+		ClosePool:    false,
+		ClosePoolMsg: defaultClosePoolMsg,
+		ConfigFile:   defaultConfigFile,
+		DebugLevel:   defaultLogLevel,
+		DataDir:      defaultDataDir,
+		LogDir:       defaultLogDir,
+		CookieSecure: defaultCookieSecure,
+		DBHost:       defaultDBHost,
+		DBName:       defaultDBName,
+		DBPort:       defaultDBPort,
+		DBUser:       defaultDBUser,
+		Listen:       defaultListen,
+		PoolEmail:    defaultPoolEmail,
+		PoolFees:     defaultPoolFees,
+		PoolLink:     defaultPoolLink,
+		PublicPath:   defaultPublicPath,
+		TemplatePath: defaultTemplatePath,
+		SMTPHost:     defaultSMTPHost,
+		Version:      version(),
+		MinServers:   defaultMinServers,
+		MaxVotedAge:  defaultMaxVotedAge,
 	}
 
 	// Service options which are only added on Windows.

controllers/captcha.go

@@ -0,0 +1,76 @@
+package controllers
+
+import (
+	"bytes"
+	"net/http"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/dchest/captcha"
+	"github.com/zenazn/goji/web"
+)
+
+type CaptchaHandler struct {
+	ImgWidth  int
+	ImgHeight int
+}
+
+func (controller *MainController) CaptchaServe(c web.C, w http.ResponseWriter, r *http.Request) {
+	// Get the captcha id by stripping the file extension.
+	_, file := path.Split(r.URL.Path)
+	ext := path.Ext(file)
+	id := strings.TrimSuffix(file, ext)
+	if ext != ".png" || id == "" {
+		http.NotFound(w, r)
+		return
+	}
+
+	h := controller.captchaHandler
+
+	if r.FormValue("reload") != "" {
+		captcha.Reload(id)
+	}
+
+	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+	w.Header().Set("Pragma", "no-cache")
+	w.Header().Set("Expires", "0")
+
+	var content bytes.Buffer
+	w.Header().Set("Content-Type", "image/png")
+	err := captcha.WriteImage(&content, id, h.ImgWidth, h.ImgHeight)
+	if err != nil {
+		http.Error(w, "failed to generate captcha image", http.StatusInternalServerError)
+	}
+
+	http.ServeContent(w, r, id+ext, time.Time{}, bytes.NewReader(content.Bytes()))
+}
+
+func (controller *MainController) CaptchaVerify(c web.C, w http.ResponseWriter, r *http.Request) {
+	id, solution := r.FormValue("captchaId"), r.FormValue("captchaSolution")
+	if id == "" {
+		http.Error(w, "invalid captcha id", http.StatusBadRequest)
+		return
+	}
+
+	session := controller.GetSession(c)
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	if captcha.VerifyString(id, solution) {
+		session.Values["CaptchaDone"] = true
+	} else {
+		session.Values["CaptchaDone"] = false
+		session.AddFlash("Captcha verification failed. Please try again.",
+			"captchaFailed")
+	}
+
+	if err := session.Save(r, w); err != nil {
+		log.Criticalf("session.Save() failed: %v", err)
+		http.Error(w, "failed to save session", http.StatusInternalServerError)
+	}
+
+	ref := r.Referer()
+	if ref == "" {
+		ref = "/"
+	}
+	http.Redirect(w, r, ref, http.StatusFound)
+}