Add captcha requirement for registering

2019-11-03 19:20:44 -04:00 · 2019-11-03 19:20:44 -04:00 · 262ba2c2af
commit 262ba2c2af
parent 0ef21394e3
3 changed files with 41 additions and 5 deletions
--- a/packages/common/src/APIDef.ts
+++ b/packages/common/src/APIDef.ts
@ -2,6 +2,12 @@ import { UserProfile, NewUser } from './user'
 import { Credentials } from './auth'

 export interface APIDef {
+  '/auth/captcha.svg': {
+    'get': {}
+  }
+  '/auth/captcha.wav': {
+    'get': {}
+  }
  '/auth/register': {
    'post': {
      body: NewUser
--- a/packages/server/src/routes/configureAuthRoutes.ts
+++ b/packages/server/src/routes/configureAuthRoutes.ts
@ -1,13 +1,24 @@
 import { APIDef, AuthService } from '@rondo.dev/common'
 import { Authenticator, ensureLoggedInApi } from '../middleware'
 import { AsyncRouter } from '../router'
+import { espeak, image, audio, validateCaptcha } from '@rondo.dev/captcha'

 export function configureAuthRoutes(
  authService: AuthService,
  authenticator: Authenticator,
  t: AsyncRouter<APIDef>,
 ) {
-  t.post('/auth/register', async (req, res) => {
+
+  t.get('/auth/captcha.svg', image({
+    size: 6,
+  }) as any)
+
+  t.get('/auth/captcha.wav', audio({
+    commands: [espeak({})],
+    size: 6,
+  }))
+
+  t.post('/auth/register', [validateCaptcha()], async (req, res) => {
    const user = await authService.createUser({
      username: req.body.username,
      email: req.body.email,
--- a/packages/server/src/test-utils/TestUtils.ts
+++ b/packages/server/src/test-utils/TestUtils.ts
@ -114,24 +114,37 @@ export class TestUtils<T extends Routes> {

  async registerAccount(username?: string) {
    const {context} = this
-    const {cookie, token} = await this.getCsrf()
+    const {cookie: csrfCookie, token} = await this.getCsrf()
+
+    process.env.CAPTCHA = '1234'
+    const captcha = await supertest(this.app)
+    .get(`${context}/api/auth/captcha.svg`)
+    .expect(200)
+
+    const sessionCookie = [
+      csrfCookie,
+      this.getCookies(captcha.header['set-cookie']),
+    ].join('; ')

    const response = await supertest(this.app)
    .post(`${context}/api/auth/register`)
-    .set('cookie', cookie)
+    .set('cookie', sessionCookie)
    .send({
      firstName: 'test',
      lastName: 'test',
+      captcha: process.env.CAPTCHA,
      email: username || this.username,
      ...this.getLoginBody(token, username),
    })
    .expect(200)

+    console.log('registered?')
+
    const cookies = this.getCookies(response.header['set-cookie'])

    return {
      headers: {
-        'cookie': [cookies, cookie].join('; '),
+        'cookie': [cookies, sessionCookie].filter(c => !!c).join('; '),
        'x-csrf-token': token,
      },
      userId: response.body.id,
@ -197,7 +210,13 @@ export class TestUtils<T extends Routes> {
    return service as RPCClient<S>
  }

-  private getCookies(setCookiesString: string[]): string {
+  private getCookies(setCookiesString: string | string[]): string {
+    if (!setCookiesString) {
+      return ''
+    }
+    if (typeof setCookiesString === 'string') {
+      setCookiesString = [setCookiesString]
+    }
    return setCookiesString.map(c => c.split('; ')[0]).join('; ')
  }