mirror of
https://github.com/bingohuang/docker-labs.git
synced 2025-07-13 17:42:53 +08:00
91 lines
2.2 KiB
Go
91 lines
2.2 KiB
Go
package services
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/gorilla/securecookie"
|
|
"github.com/play-with-docker/play-with-docker/config"
|
|
"github.com/twinj/uuid"
|
|
)
|
|
|
|
func GetGoogleRecaptchaSiteKey() string {
|
|
key := os.Getenv("GOOGLE_RECAPTCHA_SITE_KEY")
|
|
if key == "" {
|
|
// This is a development default. The environment variable should always be set in production.
|
|
key = "6LeY_QsUAAAAAOlpVw4MhoLEr50h-dM80oz6M2AX"
|
|
}
|
|
return key
|
|
}
|
|
func GetGoogleRecaptchaSiteSecret() string {
|
|
key := os.Getenv("GOOGLE_RECAPTCHA_SITE_SECRET")
|
|
if key == "" {
|
|
// This is a development default. The environment variable should always be set in production.
|
|
key = "6LeY_QsUAAAAAHIALCtm0GKfk-UhtXoyJKarnRV8"
|
|
}
|
|
|
|
return key
|
|
}
|
|
|
|
type recaptchaResponse struct {
|
|
Success bool `json:"success"`
|
|
}
|
|
|
|
var s = securecookie.New([]byte(config.HashKey), nil).MaxAge(int((1 * time.Hour).Seconds()))
|
|
|
|
func IsHuman(req *http.Request, rw http.ResponseWriter) bool {
|
|
if os.Getenv("GOOGLE_RECAPTCHA_DISABLED") != "" {
|
|
return true
|
|
}
|
|
|
|
if cookie, _ := req.Cookie("session_id"); cookie != nil {
|
|
var value string
|
|
if err := s.Decode("session_id", cookie.Value, &value); err != nil {
|
|
fmt.Println(err)
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
challenge := req.Form.Get("g-recaptcha-response")
|
|
|
|
// Of X-Forwarded-For exists, it means we are behind a loadbalancer and we should use the real IP address of the user
|
|
ip := req.Header.Get("X-Forwarded-For")
|
|
if ip == "" {
|
|
// Use the standard remote IP address of the request
|
|
|
|
ip = req.RemoteAddr
|
|
}
|
|
|
|
parts := strings.Split(ip, ":")
|
|
|
|
resp, postErr := http.PostForm("https://www.google.com/recaptcha/api/siteverify", url.Values{"secret": {GetGoogleRecaptchaSiteSecret()}, "response": {challenge}, "remoteip": {parts[0]}})
|
|
if postErr != nil {
|
|
log.Println(postErr)
|
|
// If there is a problem to connect to google, assume the user is a human so we don't block real users because of technical issues
|
|
return true
|
|
}
|
|
|
|
var r recaptchaResponse
|
|
json.NewDecoder(resp.Body).Decode(&r)
|
|
|
|
if !r.Success {
|
|
return false
|
|
}
|
|
|
|
encoded, _ := s.Encode("session_id", uuid.NewV4().String())
|
|
http.SetCookie(rw, &http.Cookie{
|
|
Name: "session_id",
|
|
Value: encoded,
|
|
Expires: time.Now().Add(1 * time.Hour),
|
|
})
|
|
|
|
return true
|
|
}
|