Backend.Google recaptcha (#26)

* 1-dh-google-recaptcha-back - Changes for google recaptcha auth * 1-dh-google-recaptcha-back - fix whitespace * 1-dh-google-recaptcha-back - fix whitespaces and add comment * 1-dh-google-recaptcha-back - fix whitespaces * 1-dh-google-recaptcha-back - fix whitespaces * 1-dh-google-recaptcha-back - add env file * 1-dh-google-recaptcha-back - add comments --------- Co-authored-by: Сергей Коноплицкий <[email protected]>
pl1tz · Jan 9, 2025 · dbdd443 · dbdd443
1 parent 87c9207
commit dbdd443
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 28 deletions.
diff --git a/.env.example b/.env.example
@@ -0,0 +1,2 @@
+RECAPTCHA_SITE_KEY=
+RECAPTCHA_SECRET_KEY=
diff --git a/.gitignore b/.gitignore
@@ -8,7 +8,7 @@
 /.bundle
 
 # Ignore all environment files (except templates).
-/.env*
+.env
 !/.env*.erb
 
 # Ignore all logfiles and tempfiles.

diff --git a/Gemfile b/Gemfile
@@ -21,6 +21,9 @@ gem "jbuilder"
 
 gem 'rack-cors', require: 'rack/cors'
 
+# For google captcha
+gem 'recaptcha'
+
 # Изображения
 gem 'image_processing', '~> 1.2'
 # Загрузка изображений альтернативно
@@ -113,3 +116,5 @@ gem 'savon'
 gem 'rest-client'
 
 gem 'lru_redux'
+
+gem 'dotenv-rails'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -126,6 +126,10 @@ GEM
       reline (>= 0.3.8)
     diff-lcs (1.5.1)
     domain_name (0.6.20240107)
+    dotenv (3.1.7)
+    dotenv-rails (3.1.7)
+      dotenv (= 3.1.7)
+      railties (>= 6.1)
     drb (2.2.1)
     error_highlight (0.7.0)
     erubi (1.13.0)
@@ -144,9 +148,7 @@ GEM
       logger
     faraday-net_http (3.4.0)
       net-http (>= 0.5.0)
-    ffi (1.17.0-arm64-darwin)
-    ffi (1.17.0-x86_64-darwin)
-    ffi (1.17.0-x86_64-linux-gnu)
+    ffi (1.17.0)
     globalid (1.2.1)
       activesupport (>= 6.1)
     gyoku (1.4.0)
@@ -323,6 +325,7 @@ GEM
       i18n
     rdoc (6.8.1)
       psych (>= 4.0.0)
+    recaptcha (5.18.0)
     regexp_parser (2.9.3)
     reline (0.5.12)
       io-console (~> 0.5)
@@ -468,6 +471,7 @@ DEPENDENCIES
   capybara
   carrierwave (~> 2.0)
   debug
+  dotenv-rails
   error_highlight (>= 0.4.0)
   factory_bot_rails
   faker
@@ -491,6 +495,7 @@ DEPENDENCIES
   rails (~> 7.2.1, >= 7.2.1.1)
   rails-i18n
   ransack
+  recaptcha
   rest-client
   rspec-rails
   rswag-api

diff --git a/app/controllers/captcha_controller.rb b/app/controllers/captcha_controller.rb
@@ -1,24 +1,24 @@
-# require 'net/http'
+# Controller for google captcha
+class CaptchaController < ApplicationController
+  skip_before_action :verify_authenticity_token
 
-# class CaptchaController < ApplicationController
-#   def verify
-#     Rails.logger.info("Received captcha verification request with token: #{params[:token]}")
+  # Verifies Google reCAPTCHA token
+  #
+  # @param [String] captcha_token Token received from Google reCAPTCHA widget
+  #
+  # @return [JSON] Returns success status or error message
+  #
+  # @example verify(captcha_token: "03AGdBq24PBgMsJ-...")
+  #
+  # @example_return
+  #   { success: true }
+  #   { error: 'Invalid captcha' }
+  def verify
+    unless verify_recaptcha(response: params[:captcha_token])
+      render json: { error: 'Invalid captcha' }, status: :unprocessable_entity
+      return
+    end
 
-#     token = params[:token]
-#     secret_key = '6LdAFqMqAAAAAMm1WqbP92_q_Ef-xxO6md7dK-TW'
-
-#     uri = URI('https://www.google.com/recaptcha/api/siteverify')
-#     response = Net::HTTP.post_form(uri, {
-#       'secret' => secret_key,
-#       'response' => token
-#     })
-
-#     result = JSON.parse(response.body)
-
-#     if result['success']
-#       render json: { success: true }
-#     else
-#       render json: { success: false, errors: result['error-codes'] }
-#     end
-#   end
-# end
+    render json: { success: true }, status: :ok
+  end
+end
diff --git a/config/initializers/recaptcha.rb b/config/initializers/recaptcha.rb
@@ -0,0 +1,9 @@
+# This initializer configures Google reCAPTCHA integration for the application
+# It sets up the necessary API keys required for reCAPTCHA functionality
+# The keys are stored in environment variables for security:
+# - RECAPTCHA_SITE_KEY: Public key used in frontend
+# - RECAPTCHA_SECRET_KEY: Private key used for server-side verification
+Recaptcha.configure do |config|
+  config.site_key = ENV['RECAPTCHA_SITE_KEY']
+  config.secret_key = ENV['RECAPTCHA_SECRET_KEY']
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -83,10 +83,11 @@
   resources :call_requests
   resources :admin, only: [:index]
   resources :reports, only: [:show]
-  #Маршруты для клиентов
 
-  post 'verify-captcha' => 'captcha#verify'
+  # Маршрут для гугл капчи
+  post 'verify_captcha', to: 'captcha#verify'
 
+  #Маршруты для клиентов
   get 'cars' => 'cars#index'#Список автомобилей
   get 'last_cars' => 'cars#last_cars'#Последние 20 автомобилей
   get 'cars_count' => 'cars#cars_count'#Количество автомобилей