chore(refactor): use retrieveRequestParams in captcha middleware

supabase · Oct 28, 2024 · b0b9035 · b0b9035
1 parent 1551832
commit b0b9035
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 18 deletions.
diff --git a/internal/api/helpers.go b/internal/api/helpers.go
@@ -9,6 +9,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/supabase/auth/internal/conf"
 	"github.com/supabase/auth/internal/models"
+	"github.com/supabase/auth/internal/security"
 	"github.com/supabase/auth/internal/utilities"
 )
 
@@ -83,6 +84,7 @@ type RequestParams interface {
 		VerifyParams |
 		adminUserUpdateFactorParams |
 		adminUserDeleteParams |
+		security.GotrueRequest |
 		ChallengeFactorParams |
 		struct {
 			Email string `json:"email"`

diff --git a/internal/api/middleware.go b/internal/api/middleware.go
@@ -15,6 +15,7 @@ import (
 	"github.com/supabase/auth/internal/models"
 	"github.com/supabase/auth/internal/observability"
 	"github.com/supabase/auth/internal/security"
+	"github.com/supabase/auth/internal/utilities"
 
 	"github.com/didip/tollbooth/v5"
 	"github.com/didip/tollbooth/v5/limiter"
@@ -116,12 +117,13 @@ func (a *API) verifyCaptcha(w http.ResponseWriter, req *http.Request) (context.C
 		return ctx, nil
 	}
 
-	verificationResult, err := security.VerifyRequest(req, strings.TrimSpace(config.Security.Captcha.Secret), config.Security.Captcha.Provider)
-	if err != nil {
-		if strings.Contains(err.Error(), "request body was not JSON") {
-			return nil, badRequestError(ErrorCodeValidationFailed, "Request body for CAPTCHA verification was not a valid JSON object")
-		}
+	var body *security.GotrueRequest
+	if err := retrieveRequestParams(req, body); err != nil {
+		return nil, err
+	}
 
+	verificationResult, err := security.VerifyRequest(body, utilities.GetIPAddress(req), strings.TrimSpace(config.Security.Captcha.Secret), config.Security.Captcha.Provider)
+	if err != nil {
 		return nil, internalServerError("captcha verification process failed").WithInternalError(err)
 	}
 

diff --git a/internal/security/captcha.go b/internal/security/captcha.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"fmt"
+
 	"github.com/pkg/errors"
 	"github.com/supabase/auth/internal/utilities"
 )
@@ -45,25 +46,13 @@ func init() {
 	Client = &http.Client{Timeout: defaultTimeout}
 }
 
-func VerifyRequest(r *http.Request, secretKey, captchaProvider string) (VerificationResponse, error) {
-	bodyBytes, err := utilities.GetBodyBytes(r)
-	if err != nil {
-		return VerificationResponse{}, err
-	}
-
-	var requestBody GotrueRequest
-
-	if err := json.Unmarshal(bodyBytes, &requestBody); err != nil {
-		return VerificationResponse{}, errors.Wrap(err, "request body was not JSON")
-	}
-
+func VerifyRequest(requestBody *GotrueRequest, clientIP, secretKey, captchaProvider string) (VerificationResponse, error) {
 	captchaResponse := strings.TrimSpace(requestBody.Security.Token)
 
 	if captchaResponse == "" {
 		return VerificationResponse{}, errors.New("no captcha response (captcha_token) found in request")
 	}
 
-	clientIP := utilities.GetIPAddress(r)
 	captchaURL, err := GetCaptchaURL(captchaProvider)
 	if err != nil {
 		return VerificationResponse{}, err