feat: recaptcha

Author: psmyrdek

package-lock.json

@@ -51,6 +51,7 @@
     "@testing-library/dom": "10.4.0",
     "@testing-library/jest-dom": "6.6.3",
     "@testing-library/react": "16.2.0",
+    "@types/cloudflare-turnstile": "0.2.2",
     "@types/react": "18.3.18",
     "@typescript-eslint/eslint-plugin": "8.27.0",
     "@typescript-eslint/parser": "8.27.0",

package.json

@@ -1,5 +1,4 @@
 import React from 'react';
-
 interface AuthLayoutProps {
   children: React.ReactNode;
   title: string;
@@ -16,8 +15,10 @@ export const AuthLayout: React.FC<AuthLayoutProps> = ({ children, title, subtitl
         </div>
         <div className="mt-8 bg-gray-900/90 py-8 px-4 shadow-lg rounded-lg border border-gray-800">
           {children}
+          <div id="cf-captcha-container" className="hidden"></div>
         </div>
       </div>
+      <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script>
     </div>
   );
 };

src/components/auth/AuthLayout.tsx

@@ -6,13 +6,16 @@ import AuthInput from './AuthInput';
 import { loginSchema } from '../../types/auth';
 import type { LoginFormData } from '../../types/auth';
 import { useAuth } from '../../hooks/useAuth';
+import { useCaptcha } from '../../hooks/useCaptcha';
 
 interface LoginFormProps {
   cfCaptchaSiteKey: string;
 }
 
 export const LoginForm: React.FC<LoginFormProps> = ({ cfCaptchaSiteKey }) => {
-  const { login, error: apiError, isLoading } = useAuth(cfCaptchaSiteKey);
+  const { login, error: apiError, isLoading } = useAuth();
+  const { isCaptchaVerified } = useCaptcha(cfCaptchaSiteKey);
+
   const {
     register,
     handleSubmit,
@@ -23,6 +26,9 @@ export const LoginForm: React.FC<LoginFormProps> = ({ cfCaptchaSiteKey }) => {
 
   const onSubmit = async (data: LoginFormData) => {
     try {
+      if (!isCaptchaVerified) {
+        throw new Error('Captcha verification failed');
+      }
       await login(data);
       window.location.href = '/';
     } catch (error) {
@@ -58,10 +64,6 @@ export const LoginForm: React.FC<LoginFormProps> = ({ cfCaptchaSiteKey }) => {
         {...register('password')}
       />
 
-      <div className="flex flex-row justify-center">
-        <div className="cf-turnstile" data-sitekey={cfCaptchaSiteKey} data-size="normal"></div>
-      </div>
-
       <div className="flex items-center justify-between">
         <div className="text-sm">
           <a

src/components/auth/LoginForm.tsx

@@ -6,13 +6,15 @@ import AuthInput from './AuthInput';
 import { resetPasswordSchema } from '../../types/auth';
 import type { ResetPasswordFormData } from '../../types/auth';
 import { useAuth } from '../../hooks/useAuth';
+import { useCaptcha } from '../../hooks/useCaptcha';
 
 interface ResetPasswordFormProps {
   cfCaptchaSiteKey: string;
 }
 
 export const ResetPasswordForm: React.FC<ResetPasswordFormProps> = ({ cfCaptchaSiteKey }) => {
-  const { resetPassword, error: apiError, isLoading } = useAuth(cfCaptchaSiteKey);
+  const { resetPassword, error: apiError, isLoading } = useAuth();
+  const { isCaptchaVerified } = useCaptcha(cfCaptchaSiteKey);
   const [error, setError] = useState<string | null>(null);
   const {
     register,
@@ -33,6 +35,9 @@ export const ResetPasswordForm: React.FC<ResetPasswordFormProps> = ({ cfCaptchaS
 
   const onSubmit = async (data: ResetPasswordFormData) => {
     try {
+      if (!isCaptchaVerified) {
+        throw new Error('Captcha verification failed');
+      }
       await resetPassword(data);
     } catch (error) {
       console.error(error);
@@ -80,10 +85,6 @@ export const ResetPasswordForm: React.FC<ResetPasswordFormProps> = ({ cfCaptchaS
         {...register('email')}
       />
 
-      <div className="flex flex-row justify-center">
-        <div className="cf-turnstile" data-sitekey={cfCaptchaSiteKey} data-size="normal"></div>
-      </div>
-
       <button
         type="submit"
         disabled={isLoading}

src/components/auth/ResetPasswordForm.tsx

@@ -6,13 +6,15 @@ import AuthInput from './AuthInput';
 import { signupSchema } from '../../types/auth';
 import type { SignupFormData } from '../../types/auth';
 import { useAuth } from '../../hooks/useAuth';
+import { useCaptcha } from '../../hooks/useCaptcha';
 
 interface SignupFormProps {
   cfCaptchaSiteKey: string;
 }
 
 export const SignupForm: React.FC<SignupFormProps> = ({ cfCaptchaSiteKey }) => {
-  const { signup, error: apiError, isLoading } = useAuth(cfCaptchaSiteKey);
+  const { signup, error: apiError, isLoading } = useAuth();
+  const { isCaptchaVerified } = useCaptcha(cfCaptchaSiteKey);
   const {
     register,
     handleSubmit,
@@ -23,6 +25,9 @@ export const SignupForm: React.FC<SignupFormProps> = ({ cfCaptchaSiteKey }) => {
 
   const onSubmit = async (data: SignupFormData) => {
     try {
+      if (!isCaptchaVerified) {
+        throw new Error('Captcha verification failed');
+      }
       await signup(data);
     } catch (error) {
       console.error(error);
@@ -86,10 +91,6 @@ export const SignupForm: React.FC<SignupFormProps> = ({ cfCaptchaSiteKey }) => {
         {...register('confirmPassword')}
       />
 
-      <div className="flex flex-row justify-center">
-        <div className="cf-turnstile" data-sitekey={cfCaptchaSiteKey} data-size="normal"></div>
-      </div>
-
       <div className="space-y-2">
         <div className="flex items-start">
           <div className="flex items-center h-5">

src/components/auth/SignupForm.tsx

@@ -7,6 +7,7 @@ import { updatePasswordSchema } from '../../types/auth';
 import type { UpdatePasswordFormData } from '../../types/auth';
 import { useAuth } from '../../hooks/useAuth';
 import { useTokenHashVerification } from '../../hooks/useTokenHashVerification';
+import { useCaptcha } from '../../hooks/useCaptcha';
 
 interface UpdatePasswordResetFormProps {
   cfCaptchaSiteKey: string;
@@ -15,8 +16,9 @@ interface UpdatePasswordResetFormProps {
 export const UpdatePasswordResetForm: React.FC<UpdatePasswordResetFormProps> = ({
   cfCaptchaSiteKey,
 }) => {
-  const { updatePassword, error: apiError, isLoading } = useAuth(cfCaptchaSiteKey);
+  const { updatePassword, error: apiError, isLoading } = useAuth();
   const { verificationError, isVerified } = useTokenHashVerification();
+  const { isCaptchaVerified } = useCaptcha(cfCaptchaSiteKey);
 
   const {
     register,
@@ -28,6 +30,9 @@ export const UpdatePasswordResetForm: React.FC<UpdatePasswordResetFormProps> = (
 
   const onSubmit = async (data: UpdatePasswordFormData) => {
     try {
+      if (!isCaptchaVerified) {
+        throw new Error('Captcha verification failed');
+      }
       await updatePassword(data);
       window.location.href = '/auth/login?message=password-updated';
     } catch (error) {

src/components/auth/UpdatePasswordResetForm.tsx

@@ -5,6 +5,9 @@ import type { Database } from './db/database.types.ts';
 import type { Env } from './features/featureFlags';
 
 declare global {
+  interface Window {
+    onloadTurnstileCallback: () => void;
+  }
   namespace App {
     interface Locals {
       supabase: SupabaseClient<Database>;

src/env.d.ts

@@ -1,45 +1,22 @@
-import axios from 'axios';
-import { useEffect, useState } from 'react';
+import { useState } from 'react';
 import type {
   LoginFormData,
   SignupFormData,
   ResetPasswordFormData,
   UpdatePasswordFormData,
 } from '../types/auth';
 import { authService } from '../services/auth';
-import { type CaptchaResponse } from '../services/captcha';
 
 interface User {
   id: string;
   email: string | null;
 }
 
-export const useAuth = (cfCaptchaSiteKey: string) => {
+export const useAuth = () => {
   const [error, setError] = useState<string | null>(null);
   const [isLoading, setIsLoading] = useState(false);
-  const [isCaptchaVerified, setIsCaptchaVerified] = useState(false);
-
-  useEffect(() => {
-    const verifyCaptcha = async () => {
-      try {
-        const captchaResult = await axios.post<CaptchaResponse>('/api/captcha/verify', {
-          captchaToken: cfCaptchaSiteKey,
-        });
-        setIsCaptchaVerified(captchaResult.data.success);
-      } catch (error) {
-        console.error('Captcha verification error:', error);
-        setError('Captcha verification failed');
-      }
-    };
-
-    verifyCaptcha();
-  }, []);
 
   const handleAuthAction = async <T>(action: (data: T) => Promise<{ user: User }>, data: T) => {
-    if (!isCaptchaVerified) {
-      setError('Captcha verification failed');
-      return;
-    }
     try {
       setIsLoading(true);
       setError(null);

src/hooks/useAuth.ts

@@ -0,0 +1,29 @@
+import axios from 'axios';
+import type { CaptchaResponse } from '../services/captcha';
+import { useState, useEffect } from 'react';
+
+export const useCaptcha = (cfCaptchaSiteKey: string) => {
+  const [isCaptchaVerified, setIsCaptchaVerified] = useState(false);
+
+  useEffect(() => {
+    window.onloadTurnstileCallback = function () {
+      turnstile.render('#cf-captcha-container', {
+        theme: 'dark',
+        sitekey: cfCaptchaSiteKey,
+        callback: async function (captchaToken) {
+          try {
+            const captchaResult = await axios.post<CaptchaResponse>('/api/captcha/verify', {
+              captchaToken,
+            });
+            setIsCaptchaVerified(captchaResult.data.success);
+          } catch (error) {
+            console.error('Captcha verification error:', error);
+            setIsCaptchaVerified(false);
+          }
+        },
+      });
+    };
+  }, []);
+
+  return { isCaptchaVerified };
+};