Major updates before switching to axios

Author: stefanbobrowski

backend/helpers/verifyRecaptcha.js

@@ -0,0 +1,17 @@
+const fetch = require('node-fetch');
+
+const RECAPTCHA_SECRET_KEY = process.env.RECAPTCHA_SECRET_KEY;
+
+if (!RECAPTCHA_SECRET_KEY) throw new Error('Missing reCAPTCHA secret key.');
+
+async function verifyRecaptcha(token) {
+    const res = await fetch('https://www.google.com/recaptcha/api/siteverify', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: `secret=${RECAPTCHA_SECRET_KEY}&response=${token}`,
+    });
+
+    return res.json();
+}
+
+module.exports = { verifyRecaptcha };

backend/routes/analyze-image.js

@@ -3,56 +3,54 @@ const multer = require('multer');
 const fs = require('fs');
 const fetch = require('node-fetch');
 const vision = require('@google-cloud/vision');
-const router = express.Router();
+const { verifyRecaptcha } = require('../helpers/verifyRecaptcha');
 
+const router = express.Router();
 const upload = multer({ dest: 'uploads/' });
 
 const GEMINI_API_KEY = process.env.GEMINI_API_KEY;
 const RECAPTCHA_SECRET_KEY = process.env.RECAPTCHA_SECRET_KEY;
 
-if (!GEMINI_API_KEY) throw new Error('Gemini API key is required');
-if (!RECAPTCHA_SECRET_KEY) throw new Error('reCAPTCHA secret key is required');
+if (!GEMINI_API_KEY) throw new Error('Gemini API key is required.');
+if (!RECAPTCHA_SECRET_KEY) throw new Error('reCAPTCHA secret key is required.');
 
 const visionClient = new vision.ImageAnnotatorClient();
 
-async function verifyRecaptcha(token) {
-  const res = await fetch('https://www.google.com/recaptcha/api/siteverify', {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    body: `secret=${RECAPTCHA_SECRET_KEY}&response=${token}`,
-  });
-  return res.json();
-}
-
 router.post('/', upload.single('image'), async (req, res) => {
   const prompt = req.body.prompt || 'Describe this image';
   const cleanPrompt = prompt.trim().replace(/[^a-zA-Z0-9 ?.,!"()\-]/g, '');
   const recaptchaToken = req.body.recaptchaToken;
 
   if (!recaptchaToken) {
-    return res.status(400).json({ error: 'Missing reCAPTCHA token' });
+    return res.status(400).json({ error: 'Missing reCAPTCHA token.' });
+  }
+
+  if (!req.file) {
+    return res.status(400).json({ error: 'Image file is required.' });
   }
 
+  if (!cleanPrompt || cleanPrompt.length > 300) {
+    return res.status(400).json({ error: 'Prompt must be 1–300 characters.' });
+  }
+
+  // ✅ reCAPTCHA verification
   try {
     const recaptchaResult = await verifyRecaptcha(recaptchaToken);
-    if (!recaptchaResult.success || recaptchaResult.score < 0.5) {
-      console.warn('⚠️ reCAPTCHA fail', {
+
+    const score = recaptchaResult.score ?? 0;
+    const success = recaptchaResult.success === true;
+
+    if (!success || score < 0.5) {
+      console.warn('⚠️ reCAPTCHA verification failed', {
         ip: req.ip,
-        score: recaptchaResult.score,
+        score,
+        success,
       });
-      return res.status(403).json({ error: 'reCAPTCHA verification failed' });
+      return res.status(403).json({ error: 'reCAPTCHA verification failed.' });
     }
   } catch (err) {
     console.error('Error verifying reCAPTCHA:', err);
-    return res.status(500).json({ error: 'Failed to verify reCAPTCHA' });
-  }
-
-  if (!req.file) {
-    return res.status(400).json({ error: 'Image file is required' });
-  }
-
-  if (!cleanPrompt || cleanPrompt.length > 300) {
-    return res.status(400).json({ error: 'Prompt must be 1–300 characters' });
+    return res.status(500).json({ error: 'Failed to verify reCAPTCHA.' });
   }
 
   const imagePath = req.file.path;
@@ -61,6 +59,7 @@ router.post('/', upload.single('image'), async (req, res) => {
     // NSFW filtering using Cloud Vision SafeSearch
     const [result] = await visionClient.safeSearchDetection(imagePath);
     const safe = result.safeSearchAnnotation;
+
     if (
       safe.adult === 'LIKELY' ||
       safe.adult === 'VERY_LIKELY' ||
@@ -69,9 +68,7 @@ router.post('/', upload.single('image'), async (req, res) => {
       safe.racy === 'VERY_LIKELY'
     ) {
       console.warn('Blocked NSFW image:', safe);
-      return res
-        .status(403)
-        .json({ error: 'Image flagged as unsafe by content filter.' });
+      return res.status(403).json({ error: 'Image flagged as unsafe by content filter.' });
     }
 
     const imageBuffer = fs.readFileSync(imagePath);
@@ -105,26 +102,25 @@ router.post('/', upload.single('image'), async (req, res) => {
     if (!geminiRes.ok) {
       const errorData = await geminiRes.json();
       console.error('Gemini API error:', errorData);
-      return res
-        .status(geminiRes.status)
-        .json({ error: errorData.error || 'Unknown error from Gemini API' });
+      return res.status(geminiRes.status).json({
+        error: errorData.error?.message || 'Unknown error from Gemini API.',
+      });
     }
 
     const data = await geminiRes.json();
     console.log('Gemini API response:', JSON.stringify(data, null, 2));
 
     const responseText = data.candidates?.length
-      ? data.candidates[0].content?.parts?.[0]?.text ||
-      'Response format unexpected'
-      : 'No candidates returned from Gemini';
+      ? data.candidates[0].content?.parts?.[0]?.text || 'Response format unexpected.'
+      : 'No candidates returned from Gemini.';
 
     res.json({ response: responseText });
   } catch (err) {
-    console.error(err);
-    res.status(500).json({ error: 'Error analyzing image' });
+    console.error('Error analyzing image:', err);
+    res.status(500).json({ error: 'Error analyzing image.' });
   } finally {
     if (fs.existsSync(imagePath)) {
-      fs.unlinkSync(imagePath); // cleanup
+      fs.unlinkSync(imagePath); // Cleanup temp file
     }
   }
 });

backend/routes/analyze-text.js

@@ -1,29 +1,54 @@
 const express = require('express');
 const { Storage } = require('@google-cloud/storage');
 const { GoogleGenerativeAI } = require('@google/generative-ai');
+const { verifyRecaptcha } = require('../helpers/verifyRecaptcha');
 
 const router = express.Router();
 const storage = new Storage();
 const genAI = new GoogleGenerativeAI(process.env.GEMINI_API_KEY);
 
-// Change this to your actual bucket name
 const bucketName = 'upload-center-bucket';
 
 router.post('/', async (req, res) => {
     const { gcsUrl } = req.body;
+    const recaptchaToken = req.headers['x-recaptcha-token'];
 
     if (!gcsUrl) {
-        return res.status(400).json({ error: 'Missing GCS URL' });
+        return res.status(400).json({ error: 'Missing GCS URL.' });
+    }
+
+    if (!recaptchaToken) {
+        return res.status(400).json({ error: 'Missing reCAPTCHA token.' });
+    }
+
+    // ✅ reCAPTCHA verification
+    try {
+        const recaptchaResult = await verifyRecaptcha(recaptchaToken);
+
+        const score = recaptchaResult.score ?? 0;
+        const success = recaptchaResult.success === true;
+
+        if (!success || score < 0.5) {
+            console.warn('⚠️ reCAPTCHA verification failed', {
+                ip: req.ip,
+                score,
+                success,
+            });
+            return res.status(403).json({ error: 'reCAPTCHA verification failed.' });
+        }
+    } catch (err) {
+        console.error('Error verifying reCAPTCHA:', err);
+        return res.status(500).json({ error: 'Failed to verify reCAPTCHA.' });
     }
 
     try {
-        // Extract file path from URL
+        // Extract file contents
         const filename = decodeURIComponent(gcsUrl.split('/').pop());
         const file = storage.bucket(bucketName).file(`uploads/text-files/${filename}`);
         const [contents] = await file.download();
         const text = contents.toString('utf8');
 
-        // Use Gemini 1.5 to analyze the text
+        // Analyze with Gemini
         const model = genAI.getGenerativeModel({ model: 'gemini-1.5-pro-latest' });
 
         const result = await model.generateContent({
@@ -35,7 +60,7 @@ router.post('/', async (req, res) => {
         res.json({ result: responseText });
     } catch (err) {
         console.error('Vertex AI analysis failed:', err);
-        res.status(500).json({ error: 'Vertex AI analysis failed' });
+        res.status(500).json({ error: 'Vertex AI analysis failed.' });
     }
 });
 

backend/routes/sentiment.js

@@ -1,16 +1,13 @@
 const express = require('express');
 const axios = require('axios');
 const { GoogleGenerativeAI } = require('@google/generative-ai');
+const { verifyRecaptcha } = require('../helpers/verifyRecaptcha');
 
 const router = express.Router();
 const genAI = new GoogleGenerativeAI(process.env.GEMINI_API_KEY);
 
 router.post('/', async (req, res) => {
-  console.log(
-    `[SENTIMENT] IP: ${req.ip}, UA: ${req.get(
-      'user-agent'
-    )}, Time: ${new Date().toISOString()}`
-  );
+  console.log(`[SENTIMENT] IP: ${req.ip}, UA: ${req.get('user-agent')}, Time: ${new Date().toISOString()}`);
 
   const { text } = req.body;
   const recaptchaToken = req.headers['x-recaptcha-token'];
@@ -20,38 +17,39 @@ router.post('/', async (req, res) => {
   }
 
   if (!recaptchaToken) {
-    return res.status(400).json({ error: 'Missing reCAPTCHA token' });
+    return res.status(400).json({ error: 'Missing reCAPTCHA token.' });
   }
 
+  // ✅ reCAPTCHA verification
   try {
-    // ✅ Verify reCAPTCHA v3
-    const verifyRes = await axios.post(
-      `https://www.google.com/recaptcha/api/siteverify`,
-      null,
-      {
-        params: {
-          secret: process.env.RECAPTCHA_SECRET_KEY,
-          response: recaptchaToken,
-        },
-      }
-    );
-
-    const { success, score } = verifyRes.data;
-    console.log(`[reCAPTCHA] Score: ${score}, Success: ${success}`);
+    const recaptchaResult = await verifyRecaptcha(recaptchaToken);
+
+    const score = recaptchaResult.score ?? 0;
+    const success = recaptchaResult.success === true;
 
     if (!success || score < 0.5) {
-      return res.status(403).json({ error: 'Failed reCAPTCHA verification' });
+      console.warn('⚠️ reCAPTCHA verification failed', {
+        ip: req.ip,
+        score,
+        success,
+      });
+      return res.status(403).json({ error: 'reCAPTCHA verification failed.' });
     }
+  } catch (err) {
+    console.error('Error verifying reCAPTCHA:', err);
+    return res.status(500).json({ error: 'Failed to verify reCAPTCHA.' });
+  }
 
-    // ✅ Analyze with Gemini
+  // ✅ Analyze with Gemini
+  try {
     const model = genAI.getGenerativeModel({ model: 'gemini-1.5-pro-latest' });
 
     const prompt = `
-Analyze the sentiment of the following text and return only this JSON format:
-{ "sentiment": "positive", "score": 0.92 }
+      Analyze the sentiment of the following text and return only this JSON format:
+      { "sentiment": "positive", "score": 0.92 }
 
-Text: "${text}"
-`;
+      Text: "${text}"
+      `;
 
     const result = await model.generateContent({
       contents: [{ role: 'user', parts: [{ text: prompt }] }],
@@ -64,8 +62,9 @@ Text: "${text}"
     res.json({ sentiment: parsed });
   } catch (err) {
     console.error('Gemini Sentiment Error:', err);
+
     if (!res.headersSent) {
-      res.status(500).json({ error: 'Sentiment analysis failed' });
+      res.status(500).json({ error: 'Sentiment analysis failed.' });
     }
   }
 });

backend/routes/upload-json-bigquery.js

@@ -3,6 +3,7 @@ const express = require('express');
 const { BigQuery } = require('@google-cloud/bigquery');
 const { Storage } = require('@google-cloud/storage');
 const rateLimit = require('express-rate-limit');
+const { verifyRecaptcha } = require('../helpers/verifyRecaptcha');
 
 const router = express.Router();
 const bigquery = new BigQuery();
@@ -23,13 +24,38 @@ const bigQueryLimiter = rateLimit({
 
 router.post('/', bigQueryLimiter, async (req, res) => {
     const { gcsUrl } = req.body;
+    const recaptchaToken = req.headers['x-recaptcha-token'];
 
     if (!gcsUrl) {
         return res.status(400).json({ error: 'Missing GCS URL' });
     }
 
+    if (!recaptchaToken) {
+        return res.status(400).json({ error: 'Missing reCAPTCHA token.' });
+    }
+
     console.log(`BigQuery load attempt from IP: ${req.ip}`);
 
+    // ✅ reCAPTCHA verification
+    try {
+        const recaptchaResult = await verifyRecaptcha(recaptchaToken);
+
+        const score = recaptchaResult.score ?? 0;
+        const success = recaptchaResult.success === true;
+
+        if (!success || score < 0.5) {
+            console.warn('⚠️ reCAPTCHA verification failed', {
+                ip: req.ip,
+                score,
+                success,
+            });
+            return res.status(403).json({ error: 'reCAPTCHA verification failed.' });
+        }
+    } catch (err) {
+        console.error('Error verifying reCAPTCHA:', err);
+        return res.status(500).json({ error: 'Failed to verify reCAPTCHA.' });
+    }
+
     try {
         const filename = decodeURIComponent(gcsUrl.split('/').pop());
         const file = storage.bucket(BUCKET_NAME).file(`uploads/json/${filename}`);