feat: add captcha-backed forum security hardening

app/Services/Security/TurnstileVerifier.php

@@ -2,50 +2,21 @@
 
 namespace App\Services\Security;
 
-use Illuminate\Support\Facades\Http;
-use Illuminate\Support\Facades\Log;
-
 class TurnstileVerifier
 {
+    public function __construct(
+        private readonly CaptchaVerifier $captchaVerifier,
+    ) {
+    }
+
     public function isEnabled(): bool
     {
-        return (bool) config('registration.enable_turnstile', true)
-            && (string) config('services.turnstile.site_key', '') !== ''
-            && (string) config('services.turnstile.secret_key', '') !== '';
+        return $this->captchaVerifier->provider() === 'turnstile'
+            && $this->captchaVerifier->isEnabled();
     }
 
     public function verify(string $token, ?string $ip = null): bool
     {
-        if (! $this->isEnabled()) {
-            return true;
-        }
-
-        if (trim($token) === '') {
-            return false;
-        }
-
-        try {
-            $response = Http::asForm()
-                ->timeout((int) config('services.turnstile.timeout', 5))
-                ->post((string) config('services.turnstile.verify_url', 'https://challenges.cloudflare.com/turnstile/v0/siteverify'), [
-                    'secret' => (string) config('services.turnstile.secret_key', ''),
-                    'response' => $token,
-                    'remoteip' => $ip,
-                ]);
-
-            if ($response->failed()) {
-                return false;
-            }
-
-            $payload = $response->json();
-
-            return (bool) data_get($payload, 'success', false);
-        } catch (\Throwable $exception) {
-            Log::warning('turnstile verification request failed', [
-                'message' => $exception->getMessage(),
-            ]);
-
-            return false;
-        }
+        return $this->captchaVerifier->verify($token, $ip);
     }
 }