klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add captcha-backed forum security hardening

Browse Source
This commit is contained in:
Gregor Klevže
2026-03-17 16:06:28 +01:00
parent 980a15f66e
commit b3fc889452
40 changed files with 2849 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/Services/Security/Captcha/CaptchaProviderInterface.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
namespace App\Services\Security\Captcha;
interface CaptchaProviderInterface
{
public function name(): string;
public function isEnabled(): bool;
public function siteKey(): string;
public function inputName(): string;
public function scriptUrl(): string;
public function verify(string $token, ?string $ip = null): bool;
}

69
app/Services/Security/Captcha/HcaptchaCaptchaProvider.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace App\Services\Security\Captcha;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class HcaptchaCaptchaProvider implements CaptchaProviderInterface
{
public function name(): string
{
return 'hcaptcha';
}
public function isEnabled(): bool
{
return (bool) config('services.hcaptcha.enabled', false)
&& $this->siteKey() !== ''
&& (string) config('services.hcaptcha.secret', '') !== '';
}
public function siteKey(): string
{
return (string) config('services.hcaptcha.site_key', '');
}
public function inputName(): string
{
return 'h-captcha-response';
}
public function scriptUrl(): string
{
return (string) config('services.hcaptcha.script_url', 'https://js.hcaptcha.com/1/api.js');
}
public function verify(string $token, ?string $ip = null): bool
{
if (! $this->isEnabled()) {
return true;
}
if (trim($token) === '') {
return false;
}
try {
$response = Http::asForm()
->timeout((int) config('services.hcaptcha.timeout', 5))
->post((string) config('services.hcaptcha.verify_url', 'https://hcaptcha.com/siteverify'), [
'secret' => (string) config('services.hcaptcha.secret', ''),
'response' => $token,
'remoteip' => $ip,
]);
if ($response->failed()) {
return false;
}
return (bool) data_get($response->json(), 'success', false);
} catch (\Throwable $exception) {
Log::warning('hcaptcha verification request failed', [
'message' => $exception->getMessage(),
]);
return false;
}
}
}

69
app/Services/Security/Captcha/RecaptchaCaptchaProvider.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace App\Services\Security\Captcha;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class RecaptchaCaptchaProvider implements CaptchaProviderInterface
{
public function name(): string
{
return 'recaptcha';
}
public function isEnabled(): bool
{
return (bool) config('services.recaptcha.enabled', false)
&& $this->siteKey() !== ''
&& (string) config('services.recaptcha.secret', '') !== '';
}
public function siteKey(): string
{
return (string) config('services.recaptcha.site_key', '');
}
public function inputName(): string
{
return 'g-recaptcha-response';
}
public function scriptUrl(): string
{
return (string) config('services.recaptcha.script_url', 'https://www.google.com/recaptcha/api.js');
}
public function verify(string $token, ?string $ip = null): bool
{
if (! $this->isEnabled()) {
return true;
}
if (trim($token) === '') {
return false;
}
try {
$response = Http::asForm()
->timeout((int) config('services.recaptcha.timeout', 5))
->post((string) config('services.recaptcha.verify_url', 'https://www.google.com/recaptcha/api/siteverify'), [
'secret' => (string) config('services.recaptcha.secret', ''),
'response' => $token,
'remoteip' => $ip,
]);
if ($response->failed()) {
return false;
}
return (bool) data_get($response->json(), 'success', false);
} catch (\Throwable $exception) {
Log::warning('recaptcha verification request failed', [
'message' => $exception->getMessage(),
]);
return false;
}
}
}

69
app/Services/Security/Captcha/TurnstileCaptchaProvider.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace App\Services\Security\Captcha;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class TurnstileCaptchaProvider implements CaptchaProviderInterface
{
public function name(): string
{
return 'turnstile';
}
public function isEnabled(): bool
{
return (bool) config('registration.enable_turnstile', true)
&& $this->siteKey() !== ''
&& (string) config('services.turnstile.secret_key', '') !== '';
}
public function siteKey(): string
{
return (string) config('services.turnstile.site_key', '');
}
public function inputName(): string
{
return 'cf-turnstile-response';
}
public function scriptUrl(): string
{
return (string) config('services.turnstile.script_url', 'https://challenges.cloudflare.com/turnstile/v0/api.js');
}
public function verify(string $token, ?string $ip = null): bool
{
if (! $this->isEnabled()) {
return true;
}
if (trim($token) === '') {
return false;
}
try {
$response = Http::asForm()
->timeout((int) config('services.turnstile.timeout', 5))
->post((string) config('services.turnstile.verify_url', 'https://challenges.cloudflare.com/turnstile/v0/siteverify'), [
'secret' => (string) config('services.turnstile.secret_key', ''),
'response' => $token,
'remoteip' => $ip,
]);
if ($response->failed()) {
return false;
}
return (bool) data_get($response->json(), 'success', false);
} catch (\Throwable $exception) {
Log::warning('turnstile verification request failed', [
'message' => $exception->getMessage(),
]);
return false;
}
}
}