dkforest

A forum and chat platform (onion)
git clone https://git.dasho.dev/n0tr1v/dkforest.git
Log | Files | Refs | LICENSE
commit 92a99a4c93c2ffa9396ad592caf3d1b89407de00
parent b9ac2f4408e70cdc9633c17d3650c1d1de8938af
Author: n0tr1v <n0tr1v@protonmail.com>
Date:   Sun,  4 Dec 2022 07:26:26 -0500

global captcha bypass in dev mode

Diffstat:

Mpkg/web/handlers/handlers.go | 28+++++++++++-----------------


Mpkg/web/handlers/utils/utils.go | 4++++


2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -258,7 +258,7 @@ func loginHandler(c echo.Context) error {
 			captchaInput := c.Request().PostFormValue("captcha")
 			if captchaInput == "" {
 				return c.Render(http.StatusOK, "login", data)
-			} else if config.Development.IsFalse() || (config.Development.IsTrue() && captchaInput != "000000") {
+			} else {
 				if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
 					data.Error = "Invalid captcha"
 					return c.Render(http.StatusOK, "login", data)
@@ -842,12 +842,10 @@ func signupHandler(c echo.Context) error {
 		captchaInput := c.Request().PostFormValue("captcha")
 		captchaInputImg := c.Request().PostFormValue("captcha_img")
 		if !signupInfo.hasSolvedCaptcha {
-			if config.Development.IsFalse() || captchaInput != "" {
-				if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
-					data.ErrCaptcha = err.Error()
-					config.SignupFailed.Inc()
-					return c.Render(http.StatusOK, "signup", data)
-				}
+			if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
+				data.ErrCaptcha = err.Error()
+				config.SignupFailed.Inc()
+				return c.Render(http.StatusOK, "signup", data)
 			}
 		}
 		data.Captcha = captchaInput
@@ -967,11 +965,9 @@ func ForgotPasswordHandler(c echo.Context) error {
 		captchaID := c.Request().PostFormValue("captcha_id")
 		captchaInput := c.Request().PostFormValue("captcha")
 
-		if config.Development.IsFalse() || captchaInput != "" {
-			if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
-				data.ErrCaptcha = err.Error()
-				return c.Render(http.StatusOK, "forgot-password", data)
-			}
+		if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
+			data.ErrCaptcha = err.Error()
+			return c.Render(http.StatusOK, "forgot-password", data)
 		}
 		user, err := database.GetUserByUsername(data.Username)
 		if err != nil {
@@ -2389,11 +2385,9 @@ func ChatCreateRoomHandler(c echo.Context) error {
 		}
 		captchaID := c.Request().PostFormValue("captcha_id")
 		captchaInput := c.Request().PostFormValue("captcha")
-		if config.Development.IsFalse() {
-			if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
-				data.ErrCaptcha = err.Error()
-				return c.Render(http.StatusOK, "chat-create-room", data)
-			}
+		if err := hutils.CaptchaVerifyString(c, captchaID, captchaInput); err != nil {
+			data.ErrCaptcha = err.Error()
+			return c.Render(http.StatusOK, "chat-create-room", data)
 		}
 		passwordHash := ""
 		if data.Password != "" {
diff --git a/pkg/web/handlers/utils/utils.go b/pkg/web/handlers/utils/utils.go
@@ -88,6 +88,10 @@ func CreateAprilFoolCookie(c echo.Context, v int) {
 
 // CaptchaVerifyString ensure that all captcha across the website makes HB life miserable.
 func CaptchaVerifyString(c echo.Context, id, digits string) error {
+	// Can bypass captcha in dev mode
+	if config.Development.IsTrue() && digits == "000000" {
+		return nil
+	}
 	if err := captcha.VerifyString(id, digits); err != nil {
 		return errors.New("invalid answer")
 	}