juice-shop
54 строки · 1.7 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { type Request, type Response, type NextFunction } from 'express'
7import { ImageCaptchaModel } from '../models/imageCaptcha'
8import { Op } from 'sequelize'
9
10const svgCaptcha = require('svg-captcha')
11const security = require('../lib/insecurity')
12
13function imageCaptchas () {
14return (req: Request, res: Response) => {
15const captcha = svgCaptcha.create({ size: 5, noise: 2, color: true })
16
17const imageCaptcha = {
18image: captcha.data,
19answer: captcha.text,
20UserId: security.authenticatedUsers.from(req).data.id
21}
22const imageCaptchaInstance = ImageCaptchaModel.build(imageCaptcha)
23imageCaptchaInstance.save().then(() => {
24res.json(imageCaptcha)
25}).catch(() => {
26res.status(400).send(res.__('Unable to create CAPTCHA. Please try again.'))
27})
28}
29}
30
31imageCaptchas.verifyCaptcha = () => (req: Request, res: Response, next: NextFunction) => {
32const user = security.authenticatedUsers.from(req)
33const UserId = user ? user.data ? user.data.id : undefined : undefined
34ImageCaptchaModel.findAll({
35limit: 1,
36where: {
37UserId,
38createdAt: {
39[Op.gt]: new Date(Date.now() - 300000)
40}
41},
42order: [['createdAt', 'DESC']]
43}).then(captchas => {
44if (!captchas[0] || req.body.answer === captchas[0].answer) {
45next()
46} else {
47res.status(401).send(res.__('Wrong answer to CAPTCHA. Please try again.'))
48}
49}).catch(() => {
50res.status(401).send(res.__('Something went wrong while submitting CAPTCHA. Please try again.'))
51})
52}
53
54module.exports = imageCaptchas
55