klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add captcha-backed forum security hardening

Browse Source
This commit is contained in:
Gregor Klevže
2026-03-17 16:06:28 +01:00
parent 980a15f66e
commit b3fc889452
40 changed files with 2849 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/Services/Security/Captcha/CaptchaProviderInterface.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
namespace App\Services\Security\Captcha;
interface CaptchaProviderInterface
{
public function name(): string;
public function isEnabled(): bool;
public function siteKey(): string;
public function inputName(): string;
public function scriptUrl(): string;
public function verify(string $token, ?string $ip = null): bool;
}

69
app/Services/Security/Captcha/HcaptchaCaptchaProvider.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace App\Services\Security\Captcha;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class HcaptchaCaptchaProvider implements CaptchaProviderInterface
{
public function name(): string
{
return 'hcaptcha';
}
public function isEnabled(): bool
{
return (bool) config('services.hcaptcha.enabled', false)
&& $this->siteKey() !== ''
&& (string) config('services.hcaptcha.secret', '') !== '';
}
public function siteKey(): string
{
return (string) config('services.hcaptcha.site_key', '');
}
public function inputName(): string
{
return 'h-captcha-response';
}
public function scriptUrl(): string
{
return (string) config('services.hcaptcha.script_url', 'https://js.hcaptcha.com/1/api.js');
}
public function verify(string $token, ?string $ip = null): bool
{
if (! $this->isEnabled()) {
return true;
}
if (trim($token) === '') {
return false;
}
try {
$response = Http::asForm()
->timeout((int) config('services.hcaptcha.timeout', 5))
->post((string) config('services.hcaptcha.verify_url', 'https://hcaptcha.com/siteverify'), [
'secret' => (string) config('services.hcaptcha.secret', ''),
'response' => $token,
'remoteip' => $ip,
]);
if ($response->failed()) {
return false;
}
return (bool) data_get($response->json(), 'success', false);
} catch (\Throwable $exception) {
Log::warning('hcaptcha verification request failed', [
'message' => $exception->getMessage(),
]);
return false;
}
}
}

69
app/Services/Security/Captcha/RecaptchaCaptchaProvider.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace App\Services\Security\Captcha;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class RecaptchaCaptchaProvider implements CaptchaProviderInterface
{
public function name(): string
{
return 'recaptcha';
}
public function isEnabled(): bool
{
return (bool) config('services.recaptcha.enabled', false)
&& $this->siteKey() !== ''
&& (string) config('services.recaptcha.secret', '') !== '';
}
public function siteKey(): string
{
return (string) config('services.recaptcha.site_key', '');
}
public function inputName(): string
{
return 'g-recaptcha-response';
}
public function scriptUrl(): string
{
return (string) config('services.recaptcha.script_url', 'https://www.google.com/recaptcha/api.js');
}
public function verify(string $token, ?string $ip = null): bool
{
if (! $this->isEnabled()) {
return true;
}
if (trim($token) === '') {
return false;
}
try {
$response = Http::asForm()
->timeout((int) config('services.recaptcha.timeout', 5))
->post((string) config('services.recaptcha.verify_url', 'https://www.google.com/recaptcha/api/siteverify'), [
'secret' => (string) config('services.recaptcha.secret', ''),
'response' => $token,
'remoteip' => $ip,
]);
if ($response->failed()) {
return false;
}
return (bool) data_get($response->json(), 'success', false);
} catch (\Throwable $exception) {
Log::warning('recaptcha verification request failed', [
'message' => $exception->getMessage(),
]);
return false;
}
}
}

69
app/Services/Security/Captcha/TurnstileCaptchaProvider.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace App\Services\Security\Captcha;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class TurnstileCaptchaProvider implements CaptchaProviderInterface
{
public function name(): string
{
return 'turnstile';
}
public function isEnabled(): bool
{
return (bool) config('registration.enable_turnstile', true)
&& $this->siteKey() !== ''
&& (string) config('services.turnstile.secret_key', '') !== '';
}
public function siteKey(): string
{
return (string) config('services.turnstile.site_key', '');
}
public function inputName(): string
{
return 'cf-turnstile-response';
}
public function scriptUrl(): string
{
return (string) config('services.turnstile.script_url', 'https://challenges.cloudflare.com/turnstile/v0/api.js');
}
public function verify(string $token, ?string $ip = null): bool
{
if (! $this->isEnabled()) {
return true;
}
if (trim($token) === '') {
return false;
}
try {
$response = Http::asForm()
->timeout((int) config('services.turnstile.timeout', 5))
->post((string) config('services.turnstile.verify_url', 'https://challenges.cloudflare.com/turnstile/v0/siteverify'), [
'secret' => (string) config('services.turnstile.secret_key', ''),
'response' => $token,
'remoteip' => $ip,
]);
if ($response->failed()) {
return false;
}
return (bool) data_get($response->json(), 'success', false);
} catch (\Throwable $exception) {
Log::warning('turnstile verification request failed', [
'message' => $exception->getMessage(),
]);
return false;
}
}
}

71
app/Services/Security/CaptchaVerifier.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
namespace App\Services\Security;
use App\Services\Security\Captcha\CaptchaProviderInterface;
use App\Services\Security\Captcha\HcaptchaCaptchaProvider;
use App\Services\Security\Captcha\RecaptchaCaptchaProvider;
use App\Services\Security\Captcha\TurnstileCaptchaProvider;
class CaptchaVerifier
{
public function __construct(
private readonly TurnstileCaptchaProvider $turnstileProvider,
private readonly RecaptchaCaptchaProvider $recaptchaProvider,
private readonly HcaptchaCaptchaProvider $hcaptchaProvider,
) {
}
public function provider(): string
{
$configured = strtolower(trim((string) config('forum_bot_protection.captcha.provider', 'turnstile')));
return match ($configured) {
'recaptcha' => 'recaptcha',
'hcaptcha' => 'hcaptcha',
default => 'turnstile',
};
}
public function isEnabled(): bool
{
return $this->resolveProvider()->isEnabled();
}
public function inputName(): string
{
$configured = trim((string) config('forum_bot_protection.captcha.input', ''));
if ($configured !== '') {
return $configured;
}
return $this->resolveProvider()->inputName();
}
public function verify(string $token, ?string $ip = null): bool
{
return $this->resolveProvider()->verify($token, $ip);
}
public function frontendConfig(): array
{
$provider = $this->resolveProvider();
return [
'provider' => $provider->name(),
'siteKey' => $provider->isEnabled() ? $provider->siteKey() : '',
'inputName' => $this->inputName(),
'scriptUrl' => $provider->isEnabled() ? $provider->scriptUrl() : '',
];
}
private function resolveProvider(): CaptchaProviderInterface
{
return match ($this->provider()) {
'recaptcha' => $this->recaptchaProvider,
'hcaptcha' => $this->hcaptchaProvider,
default => $this->turnstileProvider,
};
}
}

45
app/Services/Security/TurnstileVerifier.php
View File

@@ -2,50 +2,21 @@
namespace App\Services\Security;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
class TurnstileVerifier
{
public function __construct(
private readonly CaptchaVerifier $captchaVerifier,
) {
}
public function isEnabled(): bool
{
return (bool) config('registration.enable_turnstile', true)
&& (string) config('services.turnstile.site_key', '') !== ''
&& (string) config('services.turnstile.secret_key', '') !== '';
return $this->captchaVerifier->provider() === 'turnstile'
&& $this->captchaVerifier->isEnabled();
}
public function verify(string $token, ?string $ip = null): bool
{
if (! $this->isEnabled()) {
return true;
}
if (trim($token) === '') {
return false;
}
try {
$response = Http::asForm()
->timeout((int) config('services.turnstile.timeout', 5))
->post((string) config('services.turnstile.verify_url', 'https://challenges.cloudflare.com/turnstile/v0/siteverify'), [
'secret' => (string) config('services.turnstile.secret_key', ''),
'response' => $token,
'remoteip' => $ip,
]);
if ($response->failed()) {
return false;
}
$payload = $response->json();
return (bool) data_get($payload, 'success', false);
} catch (\Throwable $exception) {
Log::warning('turnstile verification request failed', [
'message' => $exception->getMessage(),
]);
return false;
}
return $this->captchaVerifier->verify($token, $ip);
}
}