RECAPTCHA Verification added to 'user dashboard'

DogukanUrker · Jan 20, 2024 · 750067a · 750067a
1 parent ee5ecab
commit 750067a
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 11 deletions.
diff --git a/routes/dashboard.py b/routes/dashboard.py
@@ -1,4 +1,6 @@
 from helpers import (
+    abort,
+    message,
     flash,
     url_for,
     request,
@@ -7,9 +9,15 @@
     message,
     redirect,
     Blueprint,
+    RECAPTCHA,
+    requestsPost,
     DB_POSTS_ROOT,
-    DB_COMMENTS_ROOT,
     render_template,
+    DB_COMMENTS_ROOT,
+    RECAPTCHA_SITE_KEY,
+    RECAPTCHA_VERIFY_URL,
+    RECAPTCHA_SECRET_KEY,
+    RECAPTCHA_POST_DELETE,
 )
 from delete import deletePost
 
@@ -24,17 +32,35 @@ def dashboard(userName):
                 case True:
                     match request.method == "POST":
                         case True:
-                            match "postDeleteButton" in request.form:
+                            match RECAPTCHA and RECAPTCHA_POST_DELETE:
                                 case True:
+                                    secretResponse = request.form[
+                                                "g-recaptcha-response"
+                                            ]
+                                    verifyResponse = requestsPost(
+                                                url=f"{RECAPTCHA_VERIFY_URL}?secret={RECAPTCHA_SECRET_KEY}&response={secretResponse}"
+                                            ).json()
+                                    match verifyResponse[
+                                                "success"
+                                            ] == True or verifyResponse[
+                                                "score"
+                                            ] > 0.5:
+                                        case True:
+                                            message("2",f"POST DELETE RECAPTCHA | VERIFICATION: {verifyResponse["success"]} | VERIFICATION SCORE: {verifyResponse["score"]}")
+                                            deletePost(request.form["postID"])
+                                        case False:
+                                            message("1",f"POST DELETE RECAPTCHA | VERIFICATION: {verifyResponse["success"]} | VERIFICATION SCORE: {verifyResponse["score"]}")
+                                            abort(401)
+                                case False:
                                     deletePost(request.form["postID"])
-                                    return (
-                                        redirect(
-                                            url_for(
-                                                "dashboard.dashboard", userName=userName
-                                            )
-                                        ),
-                                        301,
+                            return (
+                                redirect(
+                                    url_for(
+                                        "dashboard.dashboard", userName=userName,
                                     )
+                                ),
+                                301,
+                            )
                     connection = sqlite3.connect(DB_POSTS_ROOT)
                     cursor = connection.cursor()
                     cursor.execute(
@@ -64,7 +90,7 @@ def dashboard(userName):
                         posts=posts,
                         comments=comments,
                         showPosts=showPosts,
-                        showComments=showComments,
+                        showComments=showComments, siteKey=RECAPTCHA_SITE_KEY, recaptcha=RECAPTCHA,
                     )
                 case False:
                     message(

diff --git a/templates/standardUI/dashboard.html b/templates/standardUI/dashboard.html
@@ -20,6 +20,24 @@ <h1 class="textCenter">Posts</h1>
   <div class="content" tag="content">{{post[3]|safe}}</div>
   <section>
     <a href="/editpost/{{post[0]}}" class="btn btnLink textPrimary">edit</a>
+    {% if recaptcha %}
+    <script src="https://www.google.com/recaptcha/api.js"></script>
+    <script src="{{ url_for('static', filename='js/recaptcha.js') }}"></script>
+    <form method="post" id="recaptchaForm">
+      <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+      <input type="hidden" name="postID" value="{{post[0]}}" />
+      <button
+        type="submit"
+        name="postDeleteButton"
+        data-sitekey="{{ siteKey }}"
+        data-callback="onSubmit"
+        data-action="submit"
+        class="g-recaptcha btn btnLink textPrimary"
+      >
+        delete
+      </button>
+    </form>
+    {% else %}
     <form method="post">
       <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
       <input type="hidden" name="postID" value="{{post[0]}}" />
@@ -31,6 +49,7 @@ <h1 class="textCenter">Posts</h1>
         delete
       </button>
     </form>
+    {% endif %}
   </section>
   <div class="info">
     <p class="tags">Tags: {{post[2]}}</p>

diff --git a/templates/tailwindUI/dashboard.html b/templates/tailwindUI/dashboard.html
@@ -24,17 +24,34 @@ <h1 class="my-4 text-4xl font-medium select-none text-center">Posts</h1>
       class="hover:text-rose-500 duration-150 font-medium"
       ><i class="ti ti-edit mr-1 text-2xl"></i
     ></a>
+    {% if recaptcha %}
+    <script src="https://www.google.com/recaptcha/api.js"></script>
+    <script src="{{ url_for('static', filename='js/recaptcha.js') }}"></script>
+    <form method="post" id="recaptchaForm">
+      <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+      <input type="hidden" name="postID" value="{{post[0]}}" />
+      <button
+        type="submit"
+        data-sitekey="{{ siteKey }}"
+        data-callback="onSubmit"
+        data-action="submit"
+        class="g-recaptcha hover:text-rose-500 duration-150 font-medium"
+      >
+        <i class="ti ti-trash-x mr-1 text-2xl"></i>
+      </button>
+    </form>
+    {% else %}
     <form method="post">
       <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
       <input type="hidden" name="postID" value="{{post[0]}}" />
       <button
         type="submit"
-        name="postDeleteButton"
         class="hover:text-rose-500 duration-150 font-medium"
       >
         <i class="ti ti-trash-x mr-1 text-2xl"></i>
       </button>
     </form>
+    {% endif %}
   </section>
   <div class="flex items-center justify-between my-2">
     <p class="flex ">