rails_cloudflare_turnstile 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +3 -1
- data/lib/rails_cloudflare_turnstile/configuration.rb +3 -0
- data/lib/rails_cloudflare_turnstile/controller_helpers.rb +42 -38
- data/lib/rails_cloudflare_turnstile/version.rb +1 -1
- data/lib/rails_cloudflare_turnstile/view_helpers.rb +19 -3
- data/lib/rails_cloudflare_turnstile.rb +7 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 945f56fd2e6ef412bd71d68a58ca63978499ac4948ac4cdb640852a0d7f13cbf
|
4
|
+
data.tar.gz: 446c952679cf658fbc9e6e031043ca272ef8ef0ce5b3c6d40229461643725c07
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6d27317d8fba8949675177a9fbbe798d0f57f7a26c2fad0ae72fe0b00337f6721dab1c298af562839a012d2f68764db99fe07fe2cb78ce44d6c996fa5ee0dc8b
|
7
|
+
data.tar.gz: 5549a4a67796a43b4effb39c4d50bef488f47164f3efcfb285c3ce8f64da445d23c1aefe4adc318da4964f79ea28af125d21972001da79ab5d00291649be4bda
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -34,7 +34,6 @@ RailsCloudflareTurnstile.configure do |c|
|
|
34
34
|
c.fail_open = true
|
35
35
|
end
|
36
36
|
```
|
37
|
-
|
38
37
|
To totally disable Turnstile, you can set `c.enabled = false` and all other config values are ignored.
|
39
38
|
|
40
39
|
To use Turnstile for a view:
|
@@ -46,5 +45,8 @@ To use Turnstile for a view:
|
|
46
45
|
If the challenge fails, the exception `RailsCloudflareTurnstile::Forbidden` will be raised; you should handle this with
|
47
46
|
a `rescue_from` block.
|
48
47
|
|
48
|
+
By default, in development and test mode, a special mock view will be inserted if real credentials are not present. To
|
49
|
+
disable this, set the `mock_enable` property of the configuration to false.
|
50
|
+
|
49
51
|
## License
|
50
52
|
The gem is available as open source under the terms of the [ISC License](LICENSE.txt).
|
@@ -21,11 +21,14 @@ module RailsCloudflareTurnstile
|
|
21
21
|
|
22
22
|
attr_accessor :enabled
|
23
23
|
|
24
|
+
attr_accessor :mock_enabled
|
25
|
+
|
24
26
|
def initialize
|
25
27
|
@site_key = nil
|
26
28
|
@secret_key = nil
|
27
29
|
@fail_open = true
|
28
30
|
@enabled = nil
|
31
|
+
@mock_enabled = nil
|
29
32
|
@timeout = 5.0
|
30
33
|
@size = :regular
|
31
34
|
@validation_url = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
|
@@ -5,54 +5,58 @@ require "faraday"
|
|
5
5
|
module RailsCloudflareTurnstile
|
6
6
|
module ControllerHelpers
|
7
7
|
def cloudflare_turnstile_ok?
|
8
|
-
|
8
|
+
if RailsCloudflareTurnstile.enabled?
|
9
|
+
config = RailsCloudflareTurnstile.configuration
|
9
10
|
|
10
|
-
|
11
|
+
url = URI(config.validation_url)
|
11
12
|
|
12
|
-
|
13
|
+
body = {
|
14
|
+
secret: config.secret_key,
|
15
|
+
response: params["cf-turnstile-response"],
|
16
|
+
remoteip: request.remote_ip
|
17
|
+
}
|
13
18
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
Rails.logger.error "Error response from CloudFlare Turnstile: #{e}"
|
30
|
-
if config.fail_open
|
31
|
-
return true
|
32
|
-
else
|
33
|
-
return false
|
19
|
+
begin
|
20
|
+
resp = Faraday.new(url) { |conn|
|
21
|
+
conn.options.timeout = config.timeout
|
22
|
+
conn.options.open_timeout = config.timeout
|
23
|
+
conn.use Faraday::Response::RaiseError
|
24
|
+
conn.request :json
|
25
|
+
conn.response :json
|
26
|
+
}.post(url, body)
|
27
|
+
rescue Faraday::Error => e
|
28
|
+
Rails.logger.error "Error response from CloudFlare Turnstile: #{e}"
|
29
|
+
if config.fail_open
|
30
|
+
return true
|
31
|
+
else
|
32
|
+
return false
|
33
|
+
end
|
34
34
|
end
|
35
|
-
end
|
36
35
|
|
37
|
-
|
36
|
+
json = resp.body
|
38
37
|
|
39
|
-
|
38
|
+
success = json["success"]
|
40
39
|
|
41
|
-
|
40
|
+
return true if success
|
42
41
|
|
43
|
-
|
42
|
+
error = json["error-codes"][0]
|
44
43
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
44
|
+
ActiveSupport::Notifications.instrument(
|
45
|
+
"rails_cloudflare_turnstile.failure",
|
46
|
+
message: error,
|
47
|
+
remote_ip: request.remote_ip,
|
48
|
+
user_agent: request.user_agent,
|
49
|
+
controller: params[:controller],
|
50
|
+
action: params[:action],
|
51
|
+
url: request.url
|
52
|
+
)
|
54
53
|
|
55
|
-
|
54
|
+
false
|
55
|
+
elsif RailsCloudflareTurnstile.mock_enabled?
|
56
|
+
params["cf-turnstile-response"] == "mocked"
|
57
|
+
else
|
58
|
+
true
|
59
|
+
end
|
56
60
|
end
|
57
61
|
|
58
62
|
private
|
@@ -3,9 +3,14 @@
|
|
3
3
|
module RailsCloudflareTurnstile
|
4
4
|
module ViewHelpers
|
5
5
|
def cloudflare_turnstile(action: "other")
|
6
|
-
|
7
|
-
|
8
|
-
|
6
|
+
if RailsCloudflareTurnstile.enabled?
|
7
|
+
content_tag(:div, class: "cloudflare-turnstile") do
|
8
|
+
concat turnstile_div(action)
|
9
|
+
end
|
10
|
+
elsif RailsCloudflareTurnstile.mock_enabled?
|
11
|
+
content_tag(:div, class: "cloudflare-turnstile") do
|
12
|
+
concat mock_turnstile_div(action)
|
13
|
+
end
|
9
14
|
end
|
10
15
|
end
|
11
16
|
|
@@ -25,6 +30,17 @@ module RailsCloudflareTurnstile
|
|
25
30
|
end
|
26
31
|
end
|
27
32
|
|
33
|
+
def mock_turnstile_div(action)
|
34
|
+
content_tag(:div, class: "cf-turnstile", style: "width: 300px; height: 65px: border: 1px solid gray") do
|
35
|
+
[
|
36
|
+
tag.input(type: "hidden", name: "cf-turnstile-response", value: "mocked"),
|
37
|
+
content_tag(:p) do
|
38
|
+
"CAPTCHA goes here in production"
|
39
|
+
end
|
40
|
+
].reduce(:<<)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
28
44
|
def site_key
|
29
45
|
RailsCloudflareTurnstile.configuration.site_key
|
30
46
|
end
|
@@ -16,12 +16,19 @@ module RailsCloudflareTurnstile
|
|
16
16
|
if configuration.enabled.nil?
|
17
17
|
configuration.enabled = true
|
18
18
|
end
|
19
|
+
if configuration.mock_enabled.nil?
|
20
|
+
configuration.mock_enabled = Rails.env.development? || Rails.env.test?
|
21
|
+
end
|
19
22
|
end
|
20
23
|
|
21
24
|
def self.enabled?
|
22
25
|
configuration.enabled == true
|
23
26
|
end
|
24
27
|
|
28
|
+
def self.mock_enabled?
|
29
|
+
configuration.mock_enabled == true
|
30
|
+
end
|
31
|
+
|
25
32
|
def self.reset_configuration!
|
26
33
|
LOCK.synchronize do
|
27
34
|
@configuration = nil
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails_cloudflare_turnstile
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- James Brown
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-01-
|
11
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|