Add cookie to prevent captcha constantly

config/config.go

@@ -2,7 +2,7 @@ package config
 
 import "flag"
 
-var SSLPortNumber, PortNumber, Key, Cert, SessionsFile, PWDContainerName, PWDCName string
+var SSLPortNumber, PortNumber, Key, Cert, SessionsFile, PWDContainerName, PWDCName, HashKey string
 var MaxLoadAvg float64
 
 func ParseFlags() {
@@ -13,6 +13,7 @@ func ParseFlags() {
 	flag.StringVar(&SessionsFile, "save", "./pwd/sessions", "Tell where to store sessions file")
 	flag.StringVar(&PWDContainerName, "name", "pwd", "Container name used to run PWD (used to be able to connect it to the networks it creates)")
 	flag.StringVar(&PWDCName, "cname", "host1", "CNAME given to this host")
+	flag.StringVar(&HashKey, "hash_key", "salmonrosado", "Hash key to use for cookies")
 	flag.Float64Var(&MaxLoadAvg, "maxload", 100, "Maximum allowed load average before failing ping requests")
 	flag.Parse()
 }

handlers/new_session.go

@@ -17,10 +17,9 @@ type NewSessionResponse struct {
 
 func NewSession(rw http.ResponseWriter, req *http.Request) {
 	req.ParseForm()
-	if !services.IsHuman(req) {
+	if !services.IsHuman(req, rw) {
 		// User it not a human
-		rw.WriteHeader(http.StatusConflict)
-		rw.Write([]byte("Only humans are allowed!"))
+		http.Redirect(rw, req, "/", http.StatusFound)
 		return
 	}
 

services/recaptcha.go

@@ -2,11 +2,17 @@ package services
 
 import (
 	"encoding/json"
+	"fmt"
 	"log"
 	"net/http"
 	"net/url"
 	"os"
 	"strings"
+	"time"
+
+	"github.com/franela/play-with-docker/config"
+	"github.com/gorilla/securecookie"
+	"github.com/twinj/uuid"
 )
 
 func GetGoogleRecaptchaSiteKey() string {
@@ -31,10 +37,22 @@ type recaptchaResponse struct {
 	Success bool `json:"success"`
 }
 
-func IsHuman(req *http.Request) bool {
+var s = securecookie.New([]byte(config.HashKey), nil)
+
+func IsHuman(req *http.Request, rw http.ResponseWriter) bool {
 	if os.Getenv("GOOGLE_RECAPTCHA_DISABLED") != "" {
 		return true
 	}
+
+	if cookie, _ := req.Cookie("session_id"); cookie != nil {
+		fmt.Println(cookie)
+		var value string
+		if err := s.Decode("session_id", cookie.Value, &value); err != nil {
+			return false
+		}
+		return true
+	}
+
 	challenge := req.Form.Get("g-recaptcha-response")
 
 	// Of X-Forwarded-For exists, it means we are behind a loadbalancer and we should use the real IP address of the user
@@ -57,5 +75,16 @@ func IsHuman(req *http.Request) bool {
 	var r recaptchaResponse
 	json.NewDecoder(resp.Body).Decode(&r)
 
-	return r.Success
+	if !r.Success {
+		return false
+	}
+
+	encoded, _ := s.Encode("session_id", uuid.NewV4().String())
+	http.SetCookie(rw, &http.Cookie{
+		Name:    "session_id",
+		Value:   encoded,
+		Expires: time.Now().Add(10 * time.Second),
+	})
+
+	return true
 }

www/welcome.html

@@ -12,8 +12,9 @@
             <h1>Welcome!</h1>
             <h2>Before starting we need to verify you are a human</h2>
             <form id="welcomeForm" method="POST" action="/">
-                <div class="g-recaptcha" data-callback="iAmHuman" data-sitekey="{{.}}"></div>
+                <div id="recaptcha" class="g-recaptcha" data-callback="iAmHuman" data-sitekey="{{.}}"></div>
                 <input type="hidden" name="session-duration" value="4h"/>
+                <button id="create" style="display:none;">Create session</button>
             </form>
             <img src="/assets/large_h.png" />
         </div>
@@ -22,6 +23,10 @@
             function iAmHuman(resp) {
                 document.getElementById('welcomeForm').submit();
             }
+            if (document.cookie.indexOf('session_id') > -1) {
+                document.getElementById('create').style = "";
+                document.getElementById('recaptcha').style = "display:none;";
+            }
         </script>
     </body>
 </html>