fixes issue with PROXY_KEY when used together with proof-of-work captcha

2024-07-29 19:41:57 -05:00 · 2024-07-29 19:41:57 -05:00 · ca58770458
parent 9a3cca6b80
commit ca58770458
3 changed files with 10 additions and 2 deletions
--- a/src/user/web/pow-captcha.ts
+++ b/src/user/web/pow-captcha.ts
@ -213,7 +213,7 @@ router.post("/challenge", (req, res) => {
  }
  const { action, refreshToken, proxyKey } = data.data;
  if (config.proxyKey && proxyKey !== config.proxyKey) {
-    res.status(400).json({ error: "Invalid proxy password" });
+    res.status(401).json({ error: "Invalid proxy password" });
    return;
  }

--- a/src/user/web/views/partials/user_challenge_widget.ejs
+++ b/src/user/web/views/partials/user_challenge_widget.ejs
@ -303,6 +303,10 @@
      _csrf: document.querySelector("meta[name=csrf-token]").getAttribute("content"),
    };

+    if (localStorage.getItem("captcha-proxy-key")) {
+      body.proxyKey = localStorage.getItem("captcha-proxy-key");
+    }
+
    fetch("/user/captcha/verify", {
      method: "POST",
      credentials: "same-origin",
--- a/src/user/web/views/user_request_token.ejs
+++ b/src/user/web/views/user_request_token.ejs
@ -61,7 +61,11 @@
    const refreshToken = token && action === "refresh" ? JSON.parse(token).token : undefined;
    const keyInput = document.getElementById("proxy-key");
    const proxyKey = (keyInput && keyInput.value) || undefined;
-    localStorage.setItem("captcha-proxy-key", proxyKey);
+    if (!proxyKey?.length) {
+      localStorage.removeItem("captcha-proxy-key");
+    } else {
+      localStorage.setItem("captcha-proxy-key", proxyKey);
+    }

    fetch("/user/captcha/challenge", {
      method: "POST",