feat: captcha middleware now use header field

use of custom field g-recaptcha-response in header instead of body
okp4 · May 18, 2022 · db8ea4f · db8ea4f
1 parent 7fc399f
commit db8ea4f
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 28 deletions.
diff --git a/internal/server/captcha/middleware.go b/internal/server/captcha/middleware.go
@@ -1,35 +1,15 @@
 package captcha
 
 import (
-	"bytes"
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 )
 
 func VerificationMiddleware(secret string) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			// Get the Captcha response token from default request body field 'g-recaptcha-response'.
-			bodyBytes, err := ioutil.ReadAll(r.Body)
-			if err != nil {
-				http.Error(w, fmt.Sprintf("Unauthorized: %s", err.Error()), http.StatusUnauthorized)
-				return
-			}
-
-			// Unmarshal body into struct.
-			var body siteVerifyRequest
-			if err := json.Unmarshal(bodyBytes, &body); err != nil {
-				http.Error(w, fmt.Sprintf("Unauthorized: %s", err.Error()), http.StatusUnauthorized)
-				return
-			}
-
-			// Restore request body to read more than once.
-			r.Body = ioutil.NopCloser(bytes.NewBuffer(bodyBytes))
-
-			// Check and verify the Captcha response token.
-			if err := checkRecaptcha(secret, body.RecaptchaResponse); err != nil {
+			// Get the Captcha response token from header request field 'g-recaptcha-response'.
+			if err := checkRecaptcha(secret, r.Header.Get("g-recaptcha-response")); err != nil {
 				http.Error(w, fmt.Sprintf("Unauthorized: %s", err.Error()), http.StatusUnauthorized)
 				return
 			}

diff --git a/internal/server/captcha/verify.go b/internal/server/captcha/verify.go
@@ -21,10 +21,6 @@ type siteVerifyResponse struct {
 	ErrorCodes  []string  `json:"error-codes"`
 }
 
-type siteVerifyRequest struct {
-	RecaptchaResponse string `json:"g-recaptcha-response"`
-}
-
 func checkRecaptcha(secret, response string) error {
 	req, err := http.NewRequest(http.MethodPost, siteVerifyURL, nil)
 	if err != nil {

diff --git a/internal/server/router.go b/internal/server/router.go
@@ -3,6 +3,7 @@ package server
 import (
 	"okp4/cosmos-faucet/graph"
 	"okp4/cosmos-faucet/graph/generated"
+	"okp4/cosmos-faucet/internal/server/captcha"
 	"okp4/cosmos-faucet/internal/server/handlers"
 
 	graphql "github.com/99designs/gqlgen/graphql/handler"
@@ -15,8 +16,13 @@ func (s *httpServer) createRoutes(config Config) {
 		HandlerFunc(playground.Handler("GraphQL playground", "/graphql")).
 		Methods("GET")
 	s.router.Path("/graphql").
-		Handler(graphql.NewDefaultServer(generated.NewExecutableSchema(generated.
-			Config{Resolvers: &graph.Resolver{Faucet: config.Faucet}}))).
+		Handler(
+			captcha.VerificationMiddleware(config.CaptchaSecret)(
+				graphql.NewDefaultServer(
+					generated.NewExecutableSchema(generated.Config{Resolvers: &graph.Resolver{Faucet: config.Faucet}}),
+				),
+			),
+		).
 		Methods("GET", "POST", "OPTIONS")
 	if config.EnableHealth {
 		s.router.Path("/health").