From b0b903559c3d3ed9c1b1a9767737c802eb1f366f Mon Sep 17 00:00:00 2001 From: Kang Ming Date: Mon, 28 Oct 2024 15:07:30 +0800 Subject: [PATCH] chore(refactor): use retrieveRequestParams in captcha middleware --- internal/api/helpers.go | 2 ++ internal/api/middleware.go | 12 +++++++----- internal/security/captcha.go | 15 ++------------- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/internal/api/helpers.go b/internal/api/helpers.go index 2747052ea..bfc88ce2e 100644 --- a/internal/api/helpers.go +++ b/internal/api/helpers.go @@ -9,6 +9,7 @@ import ( "github.com/pkg/errors" "github.com/supabase/auth/internal/conf" "github.com/supabase/auth/internal/models" + "github.com/supabase/auth/internal/security" "github.com/supabase/auth/internal/utilities" ) @@ -83,6 +84,7 @@ type RequestParams interface { VerifyParams | adminUserUpdateFactorParams | adminUserDeleteParams | + security.GotrueRequest | ChallengeFactorParams | struct { Email string `json:"email"` diff --git a/internal/api/middleware.go b/internal/api/middleware.go index 853b8d528..ad71780b3 100644 --- a/internal/api/middleware.go +++ b/internal/api/middleware.go @@ -15,6 +15,7 @@ import ( "github.com/supabase/auth/internal/models" "github.com/supabase/auth/internal/observability" "github.com/supabase/auth/internal/security" + "github.com/supabase/auth/internal/utilities" "github.com/didip/tollbooth/v5" "github.com/didip/tollbooth/v5/limiter" @@ -116,12 +117,13 @@ func (a *API) verifyCaptcha(w http.ResponseWriter, req *http.Request) (context.C return ctx, nil } - verificationResult, err := security.VerifyRequest(req, strings.TrimSpace(config.Security.Captcha.Secret), config.Security.Captcha.Provider) - if err != nil { - if strings.Contains(err.Error(), "request body was not JSON") { - return nil, badRequestError(ErrorCodeValidationFailed, "Request body for CAPTCHA verification was not a valid JSON object") - } + var body *security.GotrueRequest + if err := retrieveRequestParams(req, body); err != nil { + return nil, err + } + verificationResult, err := security.VerifyRequest(body, utilities.GetIPAddress(req), strings.TrimSpace(config.Security.Captcha.Secret), config.Security.Captcha.Provider) + if err != nil { return nil, internalServerError("captcha verification process failed").WithInternalError(err) } diff --git a/internal/security/captcha.go b/internal/security/captcha.go index 051a33fa7..aeacb6338 100644 --- a/internal/security/captcha.go +++ b/internal/security/captcha.go @@ -11,6 +11,7 @@ import ( "time" "fmt" + "github.com/pkg/errors" "github.com/supabase/auth/internal/utilities" ) @@ -45,25 +46,13 @@ func init() { Client = &http.Client{Timeout: defaultTimeout} } -func VerifyRequest(r *http.Request, secretKey, captchaProvider string) (VerificationResponse, error) { - bodyBytes, err := utilities.GetBodyBytes(r) - if err != nil { - return VerificationResponse{}, err - } - - var requestBody GotrueRequest - - if err := json.Unmarshal(bodyBytes, &requestBody); err != nil { - return VerificationResponse{}, errors.Wrap(err, "request body was not JSON") - } - +func VerifyRequest(requestBody *GotrueRequest, clientIP, secretKey, captchaProvider string) (VerificationResponse, error) { captchaResponse := strings.TrimSpace(requestBody.Security.Token) if captchaResponse == "" { return VerificationResponse{}, errors.New("no captcha response (captcha_token) found in request") } - clientIP := utilities.GetIPAddress(r) captchaURL, err := GetCaptchaURL(captchaProvider) if err != nil { return VerificationResponse{}, err