feat: add ReCaptchaV2 & Turnstile

functions/api/avatars/index.js

@@ -1,19 +1,10 @@
 import { verifyJWT } from '../../middleware/auth';
+import { captchaPlugins } from '../../middleware/captcha';
 import { createErrorResponse, createSuccessResponse } from '../../utils';
 import { fileTypeFromBuffer } from 'file-type';
-import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
 
 export const onRequestPut = [
-  async (context) => {
-    return hCaptchaPlugin({
-      secret: context.env.hcaptcha_secret_key,
-      sitekey: context.env.hcaptcha_site_key,
-      onError: (context) => {
-        console.error("hCaptcha error:", context.error);
-        return createErrorResponse("hCaptcha verification failed", 403);
-      }
-    })(context);
-  },
+  ...captchaPlugins,
   async (context) => {
     const { request, env } = context;
 

functions/api/login.js

@@ -1,18 +1,9 @@
 import { SignJWT } from 'jose';
 import { createSuccessResponse, createErrorResponse } from "../utils";
-import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
+import { captchaPlugins } from '../middleware/captcha';
 
 export const onRequestPost = [
-  async (context) => {
-    return hCaptchaPlugin({
-      secret: context.env.hcaptcha_secret_key,
-      sitekey: context.env.hcaptcha_site_key,
-      onError: (context) => {
-        console.error("hCaptcha error:", context.error);
-        return createErrorResponse("hCaptcha verification failed", 403);
-      }
-    })(context);
-  },
+  ...captchaPlugins,
   async (context) => {
     try {
       const { request, env } = context;

functions/api/messages.js

@@ -1,6 +1,6 @@
 import { verifyJWT } from '../middleware/auth';
+import { captchaPlugins } from '../middleware/captcha';
 import { createErrorResponse, createSuccessResponse } from '../utils';
-import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
 
 export async function onRequestGet(context) {
   try {
@@ -17,16 +17,7 @@ export async function onRequestGet(context) {
 }
 
 export const onRequestPost = [
-  async (context) => {
-    return hCaptchaPlugin({
-      secret: context.env.hcaptcha_secret_key,
-      sitekey: context.env.hcaptcha_site_key,
-      onError: (context) => {
-        console.error("hCaptcha error:", context.error);
-        return createErrorResponse("hCaptcha verification failed", 403);
-      }
-    })(context);
-  },
+  ...captchaPlugins,
   async (context) => {
     try {
       const { request, env } = context;

functions/api/motto.js

@@ -1,18 +1,9 @@
 import { verifyJWT } from '../middleware/auth';
 import { createErrorResponse, createSuccessResponse } from '../utils';
-import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
+import { captchaPlugins } from '../middleware/captcha';
 
 export const onRequestPost = [
-  async (context) => {
-    return hCaptchaPlugin({
-      secret: context.env.hcaptcha_secret_key,
-      sitekey: context.env.hcaptcha_site_key,
-      onError: (context) => {
-        console.error("hCaptcha error:", context.error);
-        return createErrorResponse("hCaptcha verification failed", 403);
-      }
-    })(context);
-  },
+  ...captchaPlugins,
   async (context) => {
     try {
       // Verify the JWT token

functions/api/register.js

@@ -1,17 +1,8 @@
+import { captchaPlugins } from '../middleware/captcha';
 import { createErrorResponse, createSuccessResponse } from '../utils';
-import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
 
 export const onRequestPost = [
-  async (context) => {
-    return hCaptchaPlugin({
-      secret: context.env.hcaptcha_secret_key,
-      sitekey: context.env.hcaptcha_site_key,
-      onError: (context) => {
-        console.error("hCaptcha error:", context.error);
-        return createErrorResponse("hCaptcha verification failed", 403);
-      }
-    })(context);
-  },
+  ...captchaPlugins,
   async (context) => {
     try {
       const { request, env } = context;

functions/middleware/captcha.js

@@ -0,0 +1,58 @@
+import { createErrorResponse } from '../utils';
+
+import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
+import turnstilePlugin from "@cloudflare/pages-plugin-turnstile";
+
+export const captchaPlugins = [
+  async (context) => {
+    try {
+      return hCaptchaPlugin({
+        secret: context.env.hcaptcha_secret_key,
+        sitekey: context.env.hcaptcha_site_key,
+        onError: (context) => {
+          console.error("hCaptcha error:", context.error);
+          return createErrorResponse("hCaptcha verification failed", 403);
+        }
+      })(context);
+    } catch (e) {
+      console.error("hCaptcha error:", e);
+      return createErrorResponse("hCaptcha verification failed", 400);
+    }
+  },
+  async (context) => {
+    try {
+      const recaptchaResponse = (await context.request.clone().formData()).get("g-recaptcha-response").toString();
+      const formData = new FormData();
+      formData.append("secret", context.env.recaptcha_secret_key);
+      formData.append("response", recaptchaResponse);
+
+      const response = await fetch("https://www.google.com/recaptcha/api/siteverify", {
+        method: "POST",
+        body: formData
+      });
+      const data = await response.json();
+      if (!data.success) {
+        console.error("reCAPTCHA error:", data);
+        return createErrorResponse("reCAPTCHA verification failed", 403);
+      }
+    } catch (e) {
+      console.error("reCAPTCHA error:", e);
+      return createErrorResponse("reCAPTCHA verification failed", 400);
+    }
+    return context.next();
+  },
+  async (context) => {
+    try {
+      return turnstilePlugin({
+        secret: context.env.turnstile_secret_key,
+        onError: (context) => {
+          console.error("Turnstile error:", context.error);
+          return createErrorResponse("Turnstile verification failed", 403);
+        }
+      })(context)
+    } catch (e) {
+      console.error("Turnstile error:", e);
+      return createErrorResponse("Turnstile verification failed", 400);
+    }
+  }
+]