-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
62 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# frozen_string_literal: true | ||
|
||
module TurnstileConcern | ||
extend ActiveSupport::Concern | ||
|
||
def turnstile_enabled? | ||
ENV['TURNSTILE_ENABLED'] == 'true' | ||
end | ||
|
||
def add_csp_for_turnstile | ||
return unless turnstile_enabled? | ||
|
||
policy = request.content_security_policy | ||
%w(script_src frame_src style_src connect_src).each do |directive| | ||
values = policy.send(directive) | ||
values << 'https://challenges.cloudflare.com' unless values.include?('https://hcaptcha.com') || values.include?('https:') | ||
policy.send(directive, *values) | ||
end | ||
end | ||
|
||
def check_turnstile | ||
unless is_success? | ||
self.resource = resource_class.new sign_up_params | ||
set_instance_presenter | ||
flash.now[:alert] = 'Cloudflare Turnstile reports malformed request' | ||
respond_with_navigational(resource) { render :new } | ||
end | ||
end | ||
|
||
private | ||
|
||
def is_success? | ||
cf_turnstile_response = params["cf-turnstile-response"] | ||
return false unless cf_turnstile_response.present? | ||
verify_by_turnstile cf_turnstile_response | ||
end | ||
|
||
def verify_by_turnstile(cf_turnstile_response) | ||
conn = Faraday.new(url: 'https://challenges.cloudflare.com') | ||
res = conn.post '/turnstile/v0/siteverify', { | ||
secret: ENV['TURNSTILE_SECRET_KEY'], | ||
response: cf_turnstile_response | ||
} | ||
j = JSON.parse(res.body) | ||
j['success'] | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
- if ENV['TURNSTILE_ENABLED'] == 'true' | ||
.turnstile | ||
%script(src='https://challenges.cloudflare.com/turnstile/v0/api.js') | ||
%div.cf-turnstile{ "data-sitekey": ENV['TURNSTILE_SITE_KEY'] } |