From ba36a15b3166bcb09bdf2cd67acb6a3763a79e9c Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 9 Jun 2023 20:18:05 +0300 Subject: feat(corp/rih): implement backend captcha validation Change-Id: Ia80a6aeb8c20bdacbf93356be31592ca4ba7fcdc Reviewed-on: https://cl.tvl.fyi/c/depot/+/8741 Autosubmit: tazjin Reviewed-by: tazjin Tested-by: BuildkiteCI --- corp/ops/yandex/rih.tf | 2 +- corp/rih/backend/Cargo.lock | 1 + corp/rih/backend/Cargo.toml | 5 +++++ corp/rih/backend/src/main.rs | 36 ++++++++++++++++++++++++++++++++++++ 4 files changed, 43 insertions(+), 1 deletion(-) (limited to 'corp') diff --git a/corp/ops/yandex/rih.tf b/corp/ops/yandex/rih.tf index 08836eee95..3fd59895fb 100644 --- a/corp/ops/yandex/rih.tf +++ b/corp/ops/yandex/rih.tf @@ -94,7 +94,7 @@ resource "yandex_serverless_container" "rih_backend" { service_account_id = yandex_iam_service_account.rih_backend.id image { - url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:dhgw6c4afancx1a3gac6day0bdgd9qhf" + url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:q8kfd6kwc7p4wphzw1pj916y9m6icl9q" } secrets { diff --git a/corp/rih/backend/Cargo.lock b/corp/rih/backend/Cargo.lock index 8e6465fe35..afbe6fbc0b 100644 --- a/corp/rih/backend/Cargo.lock +++ b/corp/rih/backend/Cargo.lock @@ -671,6 +671,7 @@ name = "rih-backend" version = "0.1.0" dependencies = [ "anyhow", + "attohttpc", "log", "rouille", "rust-s3", diff --git a/corp/rih/backend/Cargo.toml b/corp/rih/backend/Cargo.toml index 16d7d4d484..97d4821e3b 100644 --- a/corp/rih/backend/Cargo.toml +++ b/corp/rih/backend/Cargo.toml @@ -10,6 +10,11 @@ serde = { version = "1.0", features = [ "derive" ] } serde_json = "1.0" uuid = { version = "1.3.3", features = ["v4", "serde"] } +[dependencies.attohttpc] +version = "0.22" +default-features = false +features = [ "tls-rustls" ] + [dependencies.rouille] version = "3.6" default-features = false diff --git a/corp/rih/backend/src/main.rs b/corp/rih/backend/src/main.rs index c696858da5..208e0367c6 100644 --- a/corp/rih/backend/src/main.rs +++ b/corp/rih/backend/src/main.rs @@ -43,6 +43,40 @@ impl Record { } } +fn validate_captcha(token: &str) -> Result<()> { + // TODO(tazjin): pass `ip` parameter + let url = "https://smartcaptcha.yandexcloud.net/validate"; + let backend_key = + env::var("YANDEX_SMARTCAPTCHA_KEY").context("captcha verification key not provided")?; + + #[derive(Deserialize)] + struct CaptchaResponse { + status: String, + message: String, + } + + let response: CaptchaResponse = attohttpc::get(url) + .param("secret", backend_key) + .param("token", token) + .send() + .context("failed to send captcha verification request")? + .error_for_status() + .context("captcha verification request failed")? + .json() + .context("failed to deserialize captcha verification response")?; + + if response.status != "ok" { + warn!( + "invalid captcha: {} ({})", + response.message, response.status + ); + } + + info!("captcha token was valid"); + + Ok(()) +} + fn persist_record(ip: &SocketAddr, record: &Record) -> Result<()> { let bucket_name = "rih-backend-data"; let credentials = @@ -88,6 +122,8 @@ fn handle_submit(req: &Request) -> Result { let submitted: FrontendReq = rouille::input::json::json_input(req).context("failed to deserialise frontend request")?; + validate_captcha(&submitted.captcha_token)?; + if !submitted.record.validate() { bail!("invalid record: {:?}", submitted.record); } -- cgit 1.4.1