rails_cloudflare_turnstile 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +3 -1
- data/lib/rails_cloudflare_turnstile/configuration.rb +3 -0
- data/lib/rails_cloudflare_turnstile/controller_helpers.rb +42 -38
- data/lib/rails_cloudflare_turnstile/version.rb +1 -1
- data/lib/rails_cloudflare_turnstile/view_helpers.rb +19 -3
- data/lib/rails_cloudflare_turnstile.rb +7 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 945f56fd2e6ef412bd71d68a58ca63978499ac4948ac4cdb640852a0d7f13cbf
|
|
4
|
+
data.tar.gz: 446c952679cf658fbc9e6e031043ca272ef8ef0ce5b3c6d40229461643725c07
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d27317d8fba8949675177a9fbbe798d0f57f7a26c2fad0ae72fe0b00337f6721dab1c298af562839a012d2f68764db99fe07fe2cb78ce44d6c996fa5ee0dc8b
|
|
7
|
+
data.tar.gz: 5549a4a67796a43b4effb39c4d50bef488f47164f3efcfb285c3ce8f64da445d23c1aefe4adc318da4964f79ea28af125d21972001da79ab5d00291649be4bda
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -34,7 +34,6 @@ RailsCloudflareTurnstile.configure do |c|
|
|
|
34
34
|
c.fail_open = true
|
|
35
35
|
end
|
|
36
36
|
```
|
|
37
|
-
|
|
38
37
|
To totally disable Turnstile, you can set `c.enabled = false` and all other config values are ignored.
|
|
39
38
|
|
|
40
39
|
To use Turnstile for a view:
|
|
@@ -46,5 +45,8 @@ To use Turnstile for a view:
|
|
|
46
45
|
If the challenge fails, the exception `RailsCloudflareTurnstile::Forbidden` will be raised; you should handle this with
|
|
47
46
|
a `rescue_from` block.
|
|
48
47
|
|
|
48
|
+
By default, in development and test mode, a special mock view will be inserted if real credentials are not present. To
|
|
49
|
+
disable this, set the `mock_enable` property of the configuration to false.
|
|
50
|
+
|
|
49
51
|
## License
|
|
50
52
|
The gem is available as open source under the terms of the [ISC License](LICENSE.txt).
|
|
@@ -21,11 +21,14 @@ module RailsCloudflareTurnstile
|
|
|
21
21
|
|
|
22
22
|
attr_accessor :enabled
|
|
23
23
|
|
|
24
|
+
attr_accessor :mock_enabled
|
|
25
|
+
|
|
24
26
|
def initialize
|
|
25
27
|
@site_key = nil
|
|
26
28
|
@secret_key = nil
|
|
27
29
|
@fail_open = true
|
|
28
30
|
@enabled = nil
|
|
31
|
+
@mock_enabled = nil
|
|
29
32
|
@timeout = 5.0
|
|
30
33
|
@size = :regular
|
|
31
34
|
@validation_url = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
|
|
@@ -5,54 +5,58 @@ require "faraday"
|
|
|
5
5
|
module RailsCloudflareTurnstile
|
|
6
6
|
module ControllerHelpers
|
|
7
7
|
def cloudflare_turnstile_ok?
|
|
8
|
-
|
|
8
|
+
if RailsCloudflareTurnstile.enabled?
|
|
9
|
+
config = RailsCloudflareTurnstile.configuration
|
|
9
10
|
|
|
10
|
-
|
|
11
|
+
url = URI(config.validation_url)
|
|
11
12
|
|
|
12
|
-
|
|
13
|
+
body = {
|
|
14
|
+
secret: config.secret_key,
|
|
15
|
+
response: params["cf-turnstile-response"],
|
|
16
|
+
remoteip: request.remote_ip
|
|
17
|
+
}
|
|
13
18
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
Rails.logger.error "Error response from CloudFlare Turnstile: #{e}"
|
|
30
|
-
if config.fail_open
|
|
31
|
-
return true
|
|
32
|
-
else
|
|
33
|
-
return false
|
|
19
|
+
begin
|
|
20
|
+
resp = Faraday.new(url) { |conn|
|
|
21
|
+
conn.options.timeout = config.timeout
|
|
22
|
+
conn.options.open_timeout = config.timeout
|
|
23
|
+
conn.use Faraday::Response::RaiseError
|
|
24
|
+
conn.request :json
|
|
25
|
+
conn.response :json
|
|
26
|
+
}.post(url, body)
|
|
27
|
+
rescue Faraday::Error => e
|
|
28
|
+
Rails.logger.error "Error response from CloudFlare Turnstile: #{e}"
|
|
29
|
+
if config.fail_open
|
|
30
|
+
return true
|
|
31
|
+
else
|
|
32
|
+
return false
|
|
33
|
+
end
|
|
34
34
|
end
|
|
35
|
-
end
|
|
36
35
|
|
|
37
|
-
|
|
36
|
+
json = resp.body
|
|
38
37
|
|
|
39
|
-
|
|
38
|
+
success = json["success"]
|
|
40
39
|
|
|
41
|
-
|
|
40
|
+
return true if success
|
|
42
41
|
|
|
43
|
-
|
|
42
|
+
error = json["error-codes"][0]
|
|
44
43
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
44
|
+
ActiveSupport::Notifications.instrument(
|
|
45
|
+
"rails_cloudflare_turnstile.failure",
|
|
46
|
+
message: error,
|
|
47
|
+
remote_ip: request.remote_ip,
|
|
48
|
+
user_agent: request.user_agent,
|
|
49
|
+
controller: params[:controller],
|
|
50
|
+
action: params[:action],
|
|
51
|
+
url: request.url
|
|
52
|
+
)
|
|
54
53
|
|
|
55
|
-
|
|
54
|
+
false
|
|
55
|
+
elsif RailsCloudflareTurnstile.mock_enabled?
|
|
56
|
+
params["cf-turnstile-response"] == "mocked"
|
|
57
|
+
else
|
|
58
|
+
true
|
|
59
|
+
end
|
|
56
60
|
end
|
|
57
61
|
|
|
58
62
|
private
|
|
@@ -3,9 +3,14 @@
|
|
|
3
3
|
module RailsCloudflareTurnstile
|
|
4
4
|
module ViewHelpers
|
|
5
5
|
def cloudflare_turnstile(action: "other")
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
if RailsCloudflareTurnstile.enabled?
|
|
7
|
+
content_tag(:div, class: "cloudflare-turnstile") do
|
|
8
|
+
concat turnstile_div(action)
|
|
9
|
+
end
|
|
10
|
+
elsif RailsCloudflareTurnstile.mock_enabled?
|
|
11
|
+
content_tag(:div, class: "cloudflare-turnstile") do
|
|
12
|
+
concat mock_turnstile_div(action)
|
|
13
|
+
end
|
|
9
14
|
end
|
|
10
15
|
end
|
|
11
16
|
|
|
@@ -25,6 +30,17 @@ module RailsCloudflareTurnstile
|
|
|
25
30
|
end
|
|
26
31
|
end
|
|
27
32
|
|
|
33
|
+
def mock_turnstile_div(action)
|
|
34
|
+
content_tag(:div, class: "cf-turnstile", style: "width: 300px; height: 65px: border: 1px solid gray") do
|
|
35
|
+
[
|
|
36
|
+
tag.input(type: "hidden", name: "cf-turnstile-response", value: "mocked"),
|
|
37
|
+
content_tag(:p) do
|
|
38
|
+
"CAPTCHA goes here in production"
|
|
39
|
+
end
|
|
40
|
+
].reduce(:<<)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
28
44
|
def site_key
|
|
29
45
|
RailsCloudflareTurnstile.configuration.site_key
|
|
30
46
|
end
|
|
@@ -16,12 +16,19 @@ module RailsCloudflareTurnstile
|
|
|
16
16
|
if configuration.enabled.nil?
|
|
17
17
|
configuration.enabled = true
|
|
18
18
|
end
|
|
19
|
+
if configuration.mock_enabled.nil?
|
|
20
|
+
configuration.mock_enabled = Rails.env.development? || Rails.env.test?
|
|
21
|
+
end
|
|
19
22
|
end
|
|
20
23
|
|
|
21
24
|
def self.enabled?
|
|
22
25
|
configuration.enabled == true
|
|
23
26
|
end
|
|
24
27
|
|
|
28
|
+
def self.mock_enabled?
|
|
29
|
+
configuration.mock_enabled == true
|
|
30
|
+
end
|
|
31
|
+
|
|
25
32
|
def self.reset_configuration!
|
|
26
33
|
LOCK.synchronize do
|
|
27
34
|
@configuration = nil
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails_cloudflare_turnstile
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Brown
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-01-
|
|
11
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|