Implemented recaptcha

2025-10-29 18:00:23 +00:00 · 2018-01-29 12:59:02 +01:00
parent aaab4e2bbb
commit d5a2a75ddc
10 changed files with 2851 additions and 106 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ server/config/mailconfig.js
 server/config/api_key.js
 server/config/mongo_config.js
 server/config/cert_config.js
 server/config/recaptcha.js
 server/public/assets/dist/callback.min.js
 server/public/assets/dist/embed.min.js
 server/public/assets/dist/main.min.js
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ api_key.js
 mongo_config.js
 ```
-in ```/server/config```. There are ```*.example.js``` files for all the ones mentioned above. If you're going to deploy the server with a certificate, you also need to create the ```cert_config.js``` in ```/server/config/```. If you want the mailing to work, take a look at ```mailconfig.example.js```. You'll need ```mailconfig.js``` for this to work.
+in ```/server/config```. There are ```*.example.js``` files for all the ones mentioned above. If you're going to deploy the server with a certificate, you also need to create the ```cert_config.js``` in ```/server/config/```. If you want the mailing to work, take a look at ```mailconfig.example.js``` and ```recaptcha.example.js```. You'll need ```mailconfig.js``` and ```recaptcha.js``` for this to work.
 Use ```$ npm start``` to start the server.
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
    "emoji-strip": "^0.0.3",
    "express": "^4.15.2",
    "express-handlebars": "^3.0.0",
    "express-recaptcha": "^3.0.1",
    "express-subdomain": "^1.0.5",
    "gulp": "^3.9.1",
    "gulp-concat": "^2.6.1",
--- a/server/config/recaptcha.example.js
+++ b/server/config/recaptcha.example.js
@@ -0,0 +1,6 @@
 var recaptcha = {
    site: "xxxx",
    key: "xxxxx",
 }
 module.exports = recaptcha;
--- a/server/index.js
+++ b/server/index.js
@@ -123,6 +123,7 @@ app.use(function (req, res, next) {
 app.use('/service-worker.js', function(req, res) {
 	res.sendFile(publicPath + '/service-worker.js');
 });
 app.use('/', ico_router);
 app.use('/', api);
 app.use('/', router);
--- a/server/public/assets/js/helpers.js
+++ b/server/public/assets/js/helpers.js
@@ -229,10 +229,15 @@ var Helper = {
            $("#send-loader").removeClass("hide");
            $("#contact-form-from").attr("disabled", "true");
            $("#contact-form-message").attr("disabled", "true");
-
+            var captcha_response = grecaptcha.getResponse();
            console.log(captcha_response);
            $.ajax({
                type: "POST",
-                data: {from: from, message: message},
+                data: {
                    from: from,
                    message: message,
                    "g-recaptcha-response": captcha_response,
                },
                url: "/api/mail",
                success: function(data){
                    if(data == "success"){
--- a/server/public/partials/contact.handlebars
+++ b/server/public/partials/contact.handlebars
@@ -3,7 +3,7 @@
        <h4>Contact</h4>
        <div id="contact-container">
            <p>Found a bug, or just want to contact the team?</p>
-            <form id="contact-form" method="post" onsubmit="return false;">
+            <form id="contact-form" method="post">
                <div class="input-field">
                    <input id="contact-form-from" name="from" type="email" autocomplete="off" class="validate" />
                    <label for="contact-form-from" class="noselect">Email</label>
@@ -12,6 +12,7 @@
                    <input id="contact-form-message" name="message" type="text" autocomplete="off">
                    <label for="contact-form-message" class="noselect">Message</label>
                </div>
                {{{captcha}}}
                <div class="valign hide" id="send-loader">
                    <div class="preloader-wrapper small active">
                        {{> spinner}}
--- a/server/routing/api.js
+++ b/server/routing/api.js
@@ -3,125 +3,136 @@ var router = express.Router();
 var path = require('path');
 router.use(function(req, res, next) {
-   next(); // make sure we go to the next routes and don't stop here
+    next(); // make sure we go to the next routes and don't stop here
 });
 router.route('/api/frontpages').get(function(req, res) {
-   db.collection("frontpage_lists").find({frontpage: true, count: {$gt: 0}}, function(err, docs) {
+    db.collection("frontpage_lists").find({frontpage: true, count: {$gt: 0}}, function(err, docs) {
-      db.collection("connected_users").find({"_id": "total_users"}, function(err, tot) {
+        db.collection("connected_users").find({"_id": "total_users"}, function(err, tot) {
-         res.setHeader('Content-Type', 'application/json');
+            res.setHeader('Content-Type', 'application/json');
-         res.send(JSON.stringify({channels: docs, viewers: tot[0].total_users}));
+            res.send(JSON.stringify({channels: docs, viewers: tot[0].total_users}));
-      });
+        });
-   });
+    });
 });
 router.route('/api/list/:channel_name').get(function(req, res) {
-   res.header("Access-Control-Allow-Origin", "*");
+    res.header("Access-Control-Allow-Origin", "*");
-   res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
-   var channel_name = req.params.channel_name;
+    var channel_name = req.params.channel_name;
-   db.collection(channel_name).find({views: {$exists: false}}, {start: 1, end: 1, added: 1, id: 1, title: 1, votes: 1, duration: 1, type: 1, _id: 0}, function(err, docs) {
+    db.collection(channel_name).find({views: {$exists: false}}, {start: 1, end: 1, added: 1, id: 1, title: 1, votes: 1, duration: 1, type: 1, _id: 0}, function(err, docs) {
-      if(docs.length > 0) {
+        if(docs.length > 0) {
-         res.setHeader('Content-Type', 'application/json');
+            res.setHeader('Content-Type', 'application/json');
-         res.send(JSON.stringify(docs));
+            res.send(JSON.stringify(docs));
-      } else {
+        } else {
-         /*res.status(404);
+            /*res.status(404);
-         res.send(404);*/
+            res.send(404);*/
-         res.status(404).redirect("/404");
+            res.status(404).redirect("/404");
-      }
+        }
-   });
+    });
 });
 router.route('/api/conf/:channel_name').get(function(req, res) {
-   var channel_name = req.params.channel_name;
+    var channel_name = req.params.channel_name;
-   db.collection(channel_name).find({views: {$exists: true}}, {
+    db.collection(channel_name).find({views: {$exists: true}}, {
-      addsongs: 1,
+        addsongs: 1,
-      adminpass: 1,
+        adminpass: 1,
-      allvideos: 1,
+        allvideos: 1,
-      frontpage: 1,
+        frontpage: 1,
-      longsongs: 1,
+        longsongs: 1,
-      removeplay: 1,
+        removeplay: 1,
-      shuffle: 1,
+        shuffle: 1,
-      skip: 1,
+        skip: 1,
-      startTime: 1,
+        startTime: 1,
-      userpass: 1,
+        userpass: 1,
-      vote: 1,
+        vote: 1,
-      _id: 0
+        _id: 0
-   }, function(err, docs) {
+    }, function(err, docs) {
-      if(docs.length > 0) {
+        if(docs.length > 0) {
-         var conf = docs[0];
+            var conf = docs[0];
-         if(conf.adminpass != "") {
+            if(conf.adminpass != "") {
-            conf.adminpass = true;
+                conf.adminpass = true;
-         } else {
+            } else {
-            conf.adminpass = false;
+                conf.adminpass = false;
-         }
+            }
-         if(conf.userpass != "") {
+            if(conf.userpass != "") {
-            conf.userpass = true;
+                conf.userpass = true;
-         } else {
+            } else {
-            conf.userpass = false;
+                conf.userpass = false;
-         }
+            }
-         res.setHeader('Content-Type', 'application/json');
+            res.setHeader('Content-Type', 'application/json');
-         res.send(JSON.stringify(conf));
+            res.send(JSON.stringify(conf));
-      } else {
+        } else {
-         /*res.status(404);
+            /*res.status(404);
-         res.send(404);*/
+            res.send(404);*/
-         res.status(404).redirect("/404");
+            res.status(404).redirect("/404");
-      }
+        }
-   });
+    });
 });
 router.route('/api/imageblob').post(function(req, res) {
-   var Jimp = require("jimp");
+    var Jimp = require("jimp");
-   Jimp.read('https://img.youtube.com/vi/' + req.body.id + '/mqdefault.jpg', function (err, image) {
+    Jimp.read('https://img.youtube.com/vi/' + req.body.id + '/mqdefault.jpg', function (err, image) {
-      if (err) console.log(err);
+        if (err) console.log(err);
-      image.blur(50)
+        image.blur(50)
-      .write(path.join(pathThumbnails, '/public/assets/images/thumbnails/' + req.body.id + '.jpg'), function(e, r) {
+        .write(path.join(pathThumbnails, '/public/assets/images/thumbnails/' + req.body.id + '.jpg'), function(e, r) {
-         res.send(req.body.id + ".jpg");
+            res.send(req.body.id + ".jpg");
-      });
+        });
-   });
+    });
 });
 var nodemailer = require('nodemailer');
 try {
-   var mailconfig = require(path.join(__dirname, '../config/mailconfig.js'));
+    var mailconfig = require(path.join(__dirname, '../config/mailconfig.js'));
    var recaptcha_config = require(path.join(__dirname, '../config/recaptcha.js'));
    var Recaptcha = require('express-recaptcha');
    var RECAPTCHA_SITE_KEY = recaptcha_config.site;
    var RECAPTCHA_SECRET_KEY = recaptcha_config.key;
    var recaptcha = new Recaptcha(RECAPTCHA_SITE_KEY, RECAPTCHA_SECRET_KEY);
-   router.route('/api/mail').post(function(req, res) {
+    router.route('/api/mail').post(recaptcha.middleware.verify, function(req, res) {
-      let transporter = nodemailer.createTransport(mailconfig);
+        if(req.recaptcha.error == null) {
            let transporter = nodemailer.createTransport(mailconfig);
-      transporter.verify(function(error, success) {
+            transporter.verify(function(error, success) {
-         if (error) {
+                if (error) {
-            res.sendStatus(500);
+                    res.sendStatus(500);
-            return;
+                    return;
-         } else {
+                } else {
-            var from = req.body.from;
+                    var from = req.body.from;
-            var message = req.body.message;
+                    var message = req.body.message;
-            var msg = {
+                    var msg = {
-               from: 'no-reply@zoff.no',
+                        from: 'no-reply@zoff.no',
-               to: 'contact@zoff.no',
+                        to: 'contact@zoff.no',
-               subject: 'ZOFF: Contact form webpage',
+                        subject: 'ZOFF: Contact form webpage',
-               text: message,
+                        text: message,
-               html: message,
+                        html: message,
-               replyTo: from
+                        replyTo: from
-            }
+                    }
-            transporter.sendMail(msg, (error, info) => {
+                    transporter.sendMail(msg, (error, info) => {
-               if (error) {
+                        if (error) {
-                  res.send("failed");
+                            res.send("failed");
-                  return;
+                            transporter.close();
-               }
+                            return;
-               res.send("success");
+                        }
-               transporter.close();
+                        res.send("success");
                        transporter.close();
                    });
                }
            });
-         }
+        } else {
-      });
+            res.send("failed");
-   });
+            return;
        }
    });
 } catch(e) {
-   console.log("Mail not setup and wont work");
+    console.log("Mail is not configured and wont work");
-   console.log("Seems you forgot to create a mailconfig.js in /server/config/. Have a look at the mailconfig.example.js.");
+    console.log("Seems you forgot to create a mailconfig.js in /server/config/. Have a look at the mailconfig.example.js.");
-   router.route('/api/mail').post(function(req, res) {
+    router.route('/api/mail').post(function(req, res) {
-      console.log("Someone tried to send a mail, but the mailsystem hasn't been enabled..")
+        console.log("Someone tried to send a mail, but the mailsystem hasn't been enabled..")
-      res.send("failed");
+        res.send("failed");
-      return;
+        return;
-   });
+    });
 }
 module.exports = router;
--- a/server/routing/router.js
+++ b/server/routing/router.js
@@ -2,8 +2,30 @@ var express = require('express');
 var router = express.Router();
 var path = require('path');
 var year = new Date().getYear()+1900;
 var path = require('path');
-router.use(function(req, res, next) {
+try {
    var Recaptcha = require('express-recaptcha');
    var recaptcha_config = require(path.join(path.join(__dirname, '../config/'), 'recaptcha.js'));
    var RECAPTCHA_SITE_KEY = recaptcha_config.site;
    var RECAPTCHA_SECRET_KEY = recaptcha_config.key;
    var recaptcha = new Recaptcha(RECAPTCHA_SITE_KEY, RECAPTCHA_SECRET_KEY);
 } catch(e) {
    console.log("Error - missing file");
    console.log("Seems you forgot to create the file recaptcha.js in /server/config/. Have a look at recaptcha.example.js.");
    var recaptcha = {
        middleware: {
            render: (req, res, next) => {
                res.recaptcha = ""
                next()
            }
        }
    }
 }
 router.use(recaptcha.middleware.render, function(req, res, next) {
    next(); // make sure we go to the next routes and don't stop here
 });
@@ -19,6 +41,7 @@ router.route('/').post(function(req, res, next){
    root(req, res, next);
 });
 function root(req, res, next) {
    try{
        var url = req.headers['x-forwarded-host'] ? req.headers['x-forwarded-host'] : req.headers.host.split(":")[0];
@@ -30,7 +53,8 @@ function root(req, res, next) {
        if(subdomain[0] == "remote") {
            var data = {
                year: year,
-                javascript_file: "remote.min.js"
+                javascript_file: "remote.min.js",
                captcha: res.recaptcha
            }
            res.render('layouts/remote', data);
        } else if(subdomain[0] == "www") {
@@ -39,7 +63,9 @@ function root(req, res, next) {
            var data = {
                year: year,
                javascript_file: "main.min.js",
                captcha: res.recaptcha
            }
            console.log(data.recaptcha);
            res.render('layouts/frontpage', data);
        }
    } catch(e) {
@@ -59,7 +85,8 @@ function channel(req, res, next) {
        if(subdomain[0] == "remote") {
            var data = {
                year: year,
-                javascript_file: "remote.min.js"
+                javascript_file: "remote.min.js",
                captcha: res.recaptcha
            }
            res.render('layouts/remote', data);
        } else if(subdomain.length >= 2 && subdomain[0] == "www") {
@@ -74,8 +101,11 @@ function channel(req, res, next) {
                    title: "404: File Not Found",
                    list_name: capitalizeFirstLetter(req.params.channel_name),
                    year: year,
-                    javascript_file: "main.min.js"
+                    javascript_file: "main.min.js",
                    captcha: res.recaptcha,
                }
                if(req.params.channel_name == "404") {
                    res.status(404);
                }