feat: hcaptcha

functions/api/avatars/index.js

@@ -1,50 +1,63 @@
 import { verifyJWT } from '../../middleware/auth';
 import { createErrorResponse, createSuccessResponse } from '../../utils';
 import { fileTypeFromBuffer } from 'file-type';
+import hCaptchaPlugin from "@cloudflare/pages-plugin-hcaptcha";
 
-export async function onRequestPut(context) {
-  try {
+export const onRequestPut = [
+  async (context) => {
+    return hCaptchaPlugin({
+      secret: context.env.hcaptcha_secret_key,
+      sitekey: context.env.hcaptcha_site_key,
+      onError: (context) => {
+        console.error("hCaptcha error:", context.error);
+        return createErrorResponse("hCaptcha verification failed", 403);
+      }
+    })(context);
+  },
+  async (context) => {
     const { request, env } = context;
 
-    // Verify the JWT token
-    const authResult = await verifyJWT(context);
-    if (authResult) {
-      return authResult; // Return the error response from the middleware
+    try {
+      // Verify the JWT token
+      const authResult = await verifyJWT(context);
+      if (authResult) {
+        return authResult; // Return the error response from the middleware
+      }
+
+      const formData = await request.formData();
+      const avatar = formData.get('avatar');
+
+      if (!avatar) {
+        return createErrorResponse("Missing avatar", 400);
+      }
+
+      if (avatar.size > 1 * 1024 * 1024) {
+        // Entity too large
+        return createErrorResponse("Avatar must be less than 1MB", 413);
+      }
+
+      const buffer = await avatar.arrayBuffer();
+      const fileTypeResult = await fileTypeFromBuffer(buffer);
+
+      if (!fileTypeResult) {
+        return createErrorResponse("Unsupported file type", 400);
+      }
+
+      if (fileTypeResult.mime !== 'image/jpeg' && fileTypeResult.mime !== 'image/png') {
+        return createErrorResponse("Avatar must be a JPG or PNG image", 400);
+      }
+
+      // Upload the avatar to R2
+      const objectName = `avatars/${context.user.userId}`;
+      await env.MY_BUCKET.put(objectName, buffer);
+
+      // Store the filename in D1
+      await env.DB.prepare("UPDATE users SET avatar = ? WHERE id = ?").bind(objectName, context.user.userId).run();
+
+      return createSuccessResponse({ message: "Avatar uploaded successfully" });
+    } catch (error) {
+      console.error("Avatar upload error:", error);
+      return createErrorResponse("Avatar upload failed", 500);
     }
-
-    const formData = await request.formData();
-    const avatar = formData.get('avatar');
-
-    if (!avatar) {
-      return createErrorResponse("Missing avatar", 400);
-    }
-
-    if (avatar.size > 1 * 1024 * 1024) {
-      // Entity too large
-      return createErrorResponse("Avatar must be less than 1MB", 413);
-    }
-
-    const buffer = await avatar.arrayBuffer();
-    const fileTypeResult = await fileTypeFromBuffer(buffer);
-
-    if (!fileTypeResult) {
-      return createErrorResponse("Unsupported file type", 400);
-    }
-
-    if (fileTypeResult.mime !== 'image/jpeg' && fileTypeResult.mime !== 'image/png') {
-      return createErrorResponse("Avatar must be a JPG or PNG image", 400);
-    }
-
-    // Upload the avatar to R2
-    const objectName = `avatars/${context.user.userId}`;
-    await env.MY_BUCKET.put(objectName, buffer);
-
-    // Store the filename in D1
-    await env.DB.prepare("UPDATE users SET avatar = ? WHERE id = ?").bind(objectName, context.user.userId).run();
-
-    return createSuccessResponse({ message: "Avatar uploaded successfully" });
-  } catch (error) {
-    console.error("Avatar upload error:", error);
-    return createErrorResponse("Avatar upload failed", 500);
-  }
-}
+  },
+];