admin/parts_website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat: Update CAPTCHA service to ALTCHA self-hosted.

Browse Source
This commit is contained in:
Teddy Middleton-Smith
2025-03-15 17:47:36 +00:00
parent b843849af9
commit bade1f11dd
10 changed files with 3823 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
controllers/core.py
View File

@@ -14,6 +14,7 @@ Initializes the Flask application, sets the configuration based on the environme
# internal
from datastores.datastore_base import DataStore_Base
from forms.contact import Form_Contact
from helpers.helper_app import Helper_App
from models.model_view_contact import Model_View_Contact
from models.model_view_home import Model_View_Home
import lib.argument_validation as av
@@ -29,6 +30,8 @@ import json
import base64
import hmac
import hashlib
import datetime
from altcha import ChallengeOptions, create_challenge, verify_solution
routes_core = Blueprint('routes_core', __name__)
@@ -56,60 +59,51 @@ def contact():
def contact_post():
try:
form = Form_Contact()
Helper_App.console_log(f"Form submitted: {request.form}")
Helper_App.console_log(f"ALTCHA data in request: {request.form.get('altcha')}")
if form.validate_on_submit():
altcha_payload = form.altcha.data
if not altcha_payload:
flash('Please complete the ALTCHA challenge', 'danger')
return "Invalid. ALTCHA challenge failed."
# Decode and verify the ALTCHA payload
try:
decoded_payload = json.loads(base64.b64decode(altcha_payload))
# Verify the signature
if verify_altcha_signature(decoded_payload):
# Parse the verification data
verification_data = urllib.parse.parse_qs(decoded_payload['verificationData'])
# Check if the verification was successful
if verification_data.get('verified', ['false'])[0] == 'true':
# If spam filter is enabled, check the classification
if 'classification' in verification_data:
classification = verification_data.get('classification', [''])[0]
score = float(verification_data.get('score', ['0'])[0])
# If the classification is BAD and score is high, reject the submission
if classification == 'BAD' and score > 5:
flash('Your submission was flagged as potential spam', 'error')
return render_template('contact.html', form=form)
# Process the form submission
email = form.email.data
CC = form.CC.data # not in use
contact_name = form.contact_name.data
company_name = form.company_name.data
message = form.message.data
receive_marketing = form.receive_marketing.data
receive_marketing_text = "I would like to receive marketing emails." if receive_marketing else ""
# send email
mailItem = Message("PARTS Website Contact Us Message", recipients=[current_app.config['MAIL_CONTACT_PUBLIC']])
mailItem.body = f"Dear Lord Edward Middleton-Smith,\n\n{message}\n{receive_marketing_text}\nKind regards,\n{contact_name}\n{company_name}\n{email}"
mail.send(mailItem)
flash('Thank you for your message. We will get back to you soon!', 'success')
return "Submitted."
else:
flash('CAPTCHA verification failed', 'error')
else:
flash('Invalid verification signature', 'error')
email = form.email.data
# CC = form.CC.data # not in use
contact_name = form.contact_name.data
company_name = form.company_name.data
message = form.message.data
receive_marketing = form.receive_marketing.data
receive_marketing_text = "I would like to receive marketing emails." if receive_marketing else ""
# send email
mailItem = Message("PARTS Website Contact Us Message", recipients=[current_app.config['MAIL_CONTACT_PUBLIC']])
mailItem.body = f"Dear Lord Edward Middleton-Smith,\n\n{message}\n{receive_marketing_text}\nKind regards,\n{contact_name}\n{company_name}\n{email}"
mail.send(mailItem)
flash('Thank you for your message. We will get back to you soon!', 'success')
return "Submitted."
except Exception as e:
flash(f'Error verifying CAPTCHA: {str(e)}', 'error')
return f"Error: {e}"
print(f"Form validation errors: {form.errors}")
return "Invalid. Failed to submit."
# html_body = render_template('pages/core/_contact.html', model = model)
except Exception as e:
return jsonify(error=str(e)), 403
@routes_core.route(Model_View_Contact.HASH_ALTCHA_CREATE_CHALLENGE, methods=['GET'])
def create_altcha_challenge():
options = ChallengeOptions(
expires = datetime.datetime.now() + datetime.timedelta(hours=1),
max_number = 100000, # The maximum random number
hmac_key = current_app.config["ALTCHA_SECRET_KEY"],
)
challenge = create_challenge(options)
print("Challenge created:", challenge)
# return jsonify({"challenge": challenge})
return jsonify({
"algorithm": challenge.algorithm,
"challenge": challenge.challenge,
"salt": challenge.salt,
"signature": challenge.signature,
})
"""
def verify_altcha_signature(payload):
"""Verify the ALTCHA signature"""
"" "Verify the ALTCHA signature"" "
if 'algorithm' not in payload or 'signature' not in payload or 'verificationData' not in payload:
return False
@@ -135,4 +129,30 @@ def verify_altcha_signature(payload):
).hexdigest()
# Compare the calculated signature with the provided signature
return hmac.compare_digest(calculated_signature, signature)
return hmac.compare_digest(calculated_signature, signature)
def create_altcha_dummy_signature(challenge):
# Example payload to verify
payload = {
"algorithm": challenge.algorithm,
"challenge": challenge.challenge,
"number": 12345, # Example number
"salt": challenge.salt,
"signature": challenge.signature,
}
return payload
@routes_core.route(Model_View_Contact.HASH_ALTCHA_VERIFY_SOLUTION, methods=['POST'])
def verify_altcha_challenge():
payload = request.json
ok, err = verify_solution(payload, current_app.config["ALTCHA_SECRET_KEY"], check_expires=True)
if err:
return jsonify({"error": err}), 400
elif ok:
return jsonify({"verified": True})
else:
return jsonify({"verified": False}), 403
"""