diff --git a/files/helpers/captcha.py b/files/helpers/captcha.py
new file mode 100644
index 000000000..c80342fb3
--- /dev/null
+++ b/files/helpers/captcha.py
@@ -0,0 +1,14 @@
+from typing import Final
+import requests
+
+HCAPTCHA_URL: Final[str] = "https://hcaptcha.com/siteverify"
+
+def validate_captcha(secret:str, sitekey: str, token: str):
+ if not sitekey: return True
+ if not token: return False
+ data = {"secret": secret,
+ "response": token,
+ "sitekey": sitekey
+ }
+ req = requests.post(HCAPTCHA_URL, data=data, timeout=5)
+ return bool(req.json()["success"])
diff --git a/files/routes/login.py b/files/routes/login.py
index 20d5b08a9..81f9a32b4 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -2,12 +2,11 @@ from urllib.parse import urlencode
from files.mail import *
from files.__main__ import app, limiter
from files.helpers.const import *
-import requests
+from files.helpers.captcha import validate_captcha
@app.get("/login")
@auth_desired
def login_get(v):
-
redir = request.values.get("redirect")
if redir:
redir = redir.replace("/logged_out", "").strip()
@@ -289,21 +288,11 @@ def sign_up_post(v):
if existing_account:
return signup_error("An account with that username already exists.")
-
- if app.config.get("HCAPTCHA_SITEKEY"):
- token = request.values.get("h-captcha-response")
- if not token:
- return signup_error("Unable to verify captcha [1].")
-
- data = {"secret": app.config["HCAPTCHA_SECRET"],
- "response": token,
- "sitekey": app.config["HCAPTCHA_SITEKEY"]}
- url = "https://hcaptcha.com/siteverify"
-
- x = requests.post(url, data=data, timeout=5)
-
- if not x.json()["success"]:
- return signup_error("Unable to verify captcha [2].")
+
+ if not validate_captcha(app.config.get("HCAPTCHA_SECRET", ""),
+ app.config.get("HCAPTCHA_SITEKEY", ""),
+ request.values.get("h-captcha-response", "")):
+ return signup_error("Unable to verify CAPTCHA")
session.pop("signup_token")
diff --git a/files/routes/static.py b/files/routes/static.py
index b362e6947..b290f9936 100644
--- a/files/routes/static.py
+++ b/files/routes/static.py
@@ -2,6 +2,7 @@ from files.mail import *
from files.__main__ import app, limiter, mail
from files.helpers.alerts import *
from files.helpers.const import *
+from files.helpers.captcha import validate_captcha
from files.classes.award import AWARDS
from sqlalchemy import func
from os import path
@@ -280,13 +281,17 @@ def api(v):
@app.get("/media")
@auth_desired
def contact(v):
-
- return render_template("contact.html", v=v)
+ return render_template("contact.html", v=v,
+ hcaptcha=app.config.get("HCAPTCHA_SITEKEY", ""))
@app.post("/send_admin")
@limiter.limit("1/second;2/minute;6/hour;10/day")
@auth_desired
-def submit_contact(v):
+def submit_contact(v: Optional[User]):
+ if not v and not validate_captcha(app.config.get("HCAPTCHA_SECRET", ""),
+ app.config.get("HCAPTCHA_SITEKEY", ""),
+ request.values.get("h-captcha-response", "")):
+ abort(403, "CAPTCHA provided was not correct. Please try it again")
body = request.values.get("message")
email = request.values.get("email")
if not body: abort(400)
diff --git a/files/templates/contact.html b/files/templates/contact.html
index 86541913a..8ce463847 100644
--- a/files/templates/contact.html
+++ b/files/templates/contact.html
@@ -1,12 +1,8 @@
{% extends "default.html" %}
-
{% block title %}
{{SITE_TITLE}} - Contact
-
{% endblock %}
-
{% block content %}
-
{% if msg %}
@@ -18,7 +14,7 @@
{% endif %}
-
+
+
+ If you can see this line, we haven't been contacted by any law enforcement or governmental organizations in 2022 yet.
+
+ {% if hcaptcha %}
+
+ {% endif %}
{% endblock %}