@atproto/oauth-provider 0.6.2 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/dist/account/account-manager.d.ts.map +1 -1
- package/dist/account/account-manager.js +15 -4
- package/dist/account/account-manager.js.map +1 -1
- package/dist/lib/hcaptcha.d.ts +32 -24
- package/dist/lib/hcaptcha.d.ts.map +1 -1
- package/dist/lib/hcaptcha.js +40 -21
- package/dist/lib/hcaptcha.js.map +1 -1
- package/dist/oauth-hooks.d.ts +13 -2
- package/dist/oauth-hooks.d.ts.map +1 -1
- package/dist/oauth-hooks.js.map +1 -1
- package/package.json +2 -2
- package/src/account/account-manager.ts +20 -10
- package/src/lib/hcaptcha.ts +67 -25
- package/src/oauth-hooks.ts +18 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
# @atproto/oauth-provider
|
|
2
2
|
|
|
3
|
+
## 0.6.4
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#3690](https://github.com/bluesky-social/atproto/pull/3690) [`9b28184cb`](https://github.com/bluesky-social/atproto/commit/9b28184cb9c417173f46cfb5824dc197dec3e069) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Expose hcaptcha tokens in hook and errors
|
|
8
|
+
|
|
9
|
+
- [#3690](https://github.com/bluesky-social/atproto/pull/3690) [`9b28184cb`](https://github.com/bluesky-social/atproto/commit/9b28184cb9c417173f46cfb5824dc197dec3e069) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove hcaptcha hostname check
|
|
10
|
+
|
|
11
|
+
## 0.6.3
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- [#3688](https://github.com/bluesky-social/atproto/pull/3688) [`98d8a677c`](https://github.com/bluesky-social/atproto/commit/98d8a677ca4671137727d14567c8354c48c9e850) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add debugging info to HCaptcha validation errors
|
|
16
|
+
|
|
17
|
+
- [#3688](https://github.com/bluesky-social/atproto/pull/3688) [`98d8a677c`](https://github.com/bluesky-social/atproto/commit/98d8a677ca4671137727d14567c8354c48c9e850) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add hook with hcaptcha result
|
|
18
|
+
|
|
3
19
|
## 0.6.2
|
|
4
20
|
|
|
5
21
|
### Patch Changes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account-manager.d.ts","sourceRoot":"","sources":["../../src/account/account-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EAEtB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAEjD,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AAGzE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EACL,OAAO,EACP,WAAW,EACX,YAAY,EACZ,wBAAwB,EACxB,wBAAwB,EACxB,UAAU,EACX,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAKhD,qBAAa,cAAc;IAMvB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,YAAY;IACtC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IANtC,SAAS,CAAC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAA;IAC9C,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,cAAc,CAAA;gBAGhD,MAAM,EAAE,qBAAqB,EACV,KAAK,EAAE,YAAY,EACnB,KAAK,EAAE,UAAU,EACpC,aAAa,EAAE,aAAa;cAQd,oBAAoB,CAClC,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"account-manager.d.ts","sourceRoot":"","sources":["../../src/account/account-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EAEtB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAEjD,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AAGzE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EACL,OAAO,EACP,WAAW,EACX,YAAY,EACZ,wBAAwB,EACxB,wBAAwB,EACxB,UAAU,EACX,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAKhD,qBAAa,cAAc;IAMvB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,YAAY;IACtC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IANtC,SAAS,CAAC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAA;IAC9C,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,cAAc,CAAA;gBAGhD,MAAM,EAAE,qBAAqB,EACV,KAAK,EAAE,YAAY,EACnB,KAAK,EAAE,UAAU,EACpC,aAAa,EAAE,aAAa;cAQd,oBAAoB,CAClC,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;cAsC5B,iBAAiB,CAC/B,KAAK,EAAE,WAAW,EAClB,SAAS,EAAE,QAAQ,EACnB,eAAe,EAAE,eAAe,GAC/B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;cAYd,eAAe,CAC7B,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,UAAU,CAAC;IAST,MAAM,CACjB,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,WAAW,CAAC;IA4CV,MAAM,CACjB,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,WAAW,CAAC;IA4BV,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC;IAOvD,mBAAmB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,UAAU,GACtB,OAAO,CAAC,IAAI,CAAC;IAOH,IAAI,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAKhD,oBAAoB,CAAC,IAAI,EAAE,wBAAwB;IAMnD,oBAAoB,CAAC,IAAI,EAAE,wBAAwB;IAMnD,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAKrE"}
|
|
@@ -28,13 +28,24 @@ class AccountManager {
|
|
|
28
28
|
if (!input.hcaptchaToken) {
|
|
29
29
|
throw new invalid_request_error_js_1.InvalidRequestError('hCaptcha token is required');
|
|
30
30
|
}
|
|
31
|
-
const
|
|
32
|
-
|
|
31
|
+
const tokens = this.hcaptchaClient.buildClientTokens(deviceMetadata.ipAddress, input.handle, deviceMetadata.userAgent);
|
|
32
|
+
const result = await this.hcaptchaClient
|
|
33
|
+
.verify('signup', input.hcaptchaToken, deviceMetadata.ipAddress, tokens)
|
|
33
34
|
.catch((err) => {
|
|
34
35
|
throw invalid_request_error_js_1.InvalidRequestError.from(err, 'hCaptcha verification failed');
|
|
35
36
|
});
|
|
36
|
-
|
|
37
|
-
|
|
37
|
+
await (0, function_js_1.callAsync)(this.hooks.onHcaptchaResult, {
|
|
38
|
+
input,
|
|
39
|
+
deviceId,
|
|
40
|
+
deviceMetadata,
|
|
41
|
+
tokens,
|
|
42
|
+
result,
|
|
43
|
+
});
|
|
44
|
+
try {
|
|
45
|
+
this.hcaptchaClient.checkVerifyResult(result, tokens);
|
|
46
|
+
}
|
|
47
|
+
catch (err) {
|
|
48
|
+
throw invalid_request_error_js_1.InvalidRequestError.from(err, 'hCaptcha verification failed');
|
|
38
49
|
}
|
|
39
50
|
return result;
|
|
40
51
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account/account-manager.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAG7B,iFAAwE;AACxE,oDAAyE;AACzE,yDAAmD;AACnD,iDAAkD;AAgBlD,MAAM,8BAA8B,GAAG,GAAG,CAAA;AAC1C,MAAM,4BAA4B,GAAG,GAAG,CAAA;AAExC,MAAa,cAAc;IAMJ;IACA;IANF,kBAAkB,CAAS;IAC3B,cAAc,CAAiB;IAElD,YACE,MAA6B,EACV,KAAmB,EACnB,KAAiB,EACpC,aAA4B;QAFT,UAAK,GAAL,KAAK,CAAc;QACnB,UAAK,GAAL,KAAK,CAAY;QAGpC,IAAI,CAAC,kBAAkB,GAAG,aAAa,CAAC,kBAAkB,KAAK,KAAK,CAAA;QACpE,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC,QAAQ;YAC1C,CAAC,CAAC,IAAI,4BAAc,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC;YACtE,CAAC,CAAC,SAAS,CAAA;IACf,CAAC;IAES,KAAK,CAAC,oBAAoB,CAClC,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,MAAM,IAAI,8CAAmB,CAAC,4BAA4B,CAAC,CAAA;QAC7D,CAAC;QAED,MAAM,
|
|
1
|
+
{"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account/account-manager.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAG7B,iFAAwE;AACxE,oDAAyE;AACzE,yDAAmD;AACnD,iDAAkD;AAgBlD,MAAM,8BAA8B,GAAG,GAAG,CAAA;AAC1C,MAAM,4BAA4B,GAAG,GAAG,CAAA;AAExC,MAAa,cAAc;IAMJ;IACA;IANF,kBAAkB,CAAS;IAC3B,cAAc,CAAiB;IAElD,YACE,MAA6B,EACV,KAAmB,EACnB,KAAiB,EACpC,aAA4B;QAFT,UAAK,GAAL,KAAK,CAAc;QACnB,UAAK,GAAL,KAAK,CAAY;QAGpC,IAAI,CAAC,kBAAkB,GAAG,aAAa,CAAC,kBAAkB,KAAK,KAAK,CAAA;QACpE,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC,QAAQ;YAC1C,CAAC,CAAC,IAAI,4BAAc,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC;YACtE,CAAC,CAAC,SAAS,CAAA;IACf,CAAC;IAES,KAAK,CAAC,oBAAoB,CAClC,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,MAAM,IAAI,8CAAmB,CAAC,4BAA4B,CAAC,CAAA;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAClD,cAAc,CAAC,SAAS,EACxB,KAAK,CAAC,MAAM,EACZ,cAAc,CAAC,SAAS,CACzB,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc;aACrC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,EAAE,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC;aACvE,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAA;QACrE,CAAC,CAAC,CAAA;QAEJ,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE;YAC3C,KAAK;YACL,QAAQ;YACR,cAAc;YACd,MAAM;YACN,MAAM;SACP,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QACvD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAA;QACrE,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,KAAkB,EAClB,SAAmB,EACnB,eAAgC;QAEhC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,8CAAmB,CAAC,yBAAyB,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,KAAK,CAAC,UAAU,CAAA;IACzB,CAAC;IAES,KAAK,CAAC,eAAe,CAC7B,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACrD,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC;YAC1D,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC;SACxD,CAAC,CAAA;QAEF,OAAO,EAAE,GAAG,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,CAAA;IACjD,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE;YAC1C,KAAK;YACL,QAAQ;YACR,cAAc;SACf,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;QAExE,mDAAmD;QACnD,gDAAgD;QAChD,OAAO,IAAA,sBAAY,EAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YAC3D,IAAI,OAAgB,CAAA;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;YAChD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAA;YAChE,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAC5C,QAAQ,EACR,OAAO,CAAC,GAAG,EACX,KAAK,CACN,CAAA;gBAED,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE;oBACrC,IAAI;oBACJ,IAAI;oBACJ,OAAO;oBACP,QAAQ;oBACR,cAAc;iBACf,CAAC,CAAA;gBAEF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,8CAAmB,CAAC,IAAI,CAC5B,GAAG,EACH,sCAAsC,CACvC,CAAA;YACH,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,IAAgB,EAChB,QAAkB,EAClB,cAA+B;QAE/B,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAA;gBAC1D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAC5C,QAAQ,EACR,OAAO,CAAC,GAAG,EACX,IAAI,CAAC,QAAQ,CACd,CAAA;gBAED,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE;oBACrC,IAAI;oBACJ,IAAI;oBACJ,OAAO;oBACP,QAAQ;oBACR,cAAc;iBACf,CAAC,CAAA;gBAEF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,8CAAmB,CAAC,IAAI,CAC5B,GAAG,EACH,qDAAqD,CACtD,CAAA;YACH,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,QAAkB,EAAE,GAAQ;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QAC/D,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QAEzB,MAAM,IAAI,8CAAmB,CAAC,mBAAmB,CAAC,CAAA;IACpD,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,QAAkB,EAClB,OAAgB,EAChB,MAAc,EACd,WAAuB;QAEvB,+DAA+D;QAC/D,IAAI,IAAA,qCAAuB,EAAC,MAAM,CAAC,EAAE,CAAC;YAAE,OAAM;QAE9C,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC,CAAA;IACxE,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,QAAkB;QAClC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;QAC7D,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC3D,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAAC,IAA8B;QAC9D,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAA;QAC7C,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAAC,IAA8B;QAC9D,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAA;QAC7C,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,wBAAwB,CAAC,MAAc;QAClD,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,OAAO,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAhND,wCAgNC"}
|
package/dist/lib/hcaptcha.d.ts
CHANGED
|
@@ -147,34 +147,42 @@ export declare const hcaptchaVerifyResultSchema: z.ZodObject<{
|
|
|
147
147
|
tags?: string[] | undefined;
|
|
148
148
|
}>;
|
|
149
149
|
export type HcaptchaVerifyResult = z.infer<typeof hcaptchaVerifyResultSchema>;
|
|
150
|
+
export type HcaptchaClientTokens = {
|
|
151
|
+
hashedIp: string;
|
|
152
|
+
hashedHandle: string;
|
|
153
|
+
hashedUserAgent?: string;
|
|
154
|
+
};
|
|
150
155
|
export declare class HCaptchaClient {
|
|
151
|
-
|
|
152
|
-
|
|
156
|
+
readonly hostname: string;
|
|
157
|
+
readonly config: HcaptchaConfig;
|
|
153
158
|
protected readonly fetch: FetchBound;
|
|
154
159
|
constructor(hostname: string, config: HcaptchaConfig, fetch?: Fetch);
|
|
155
|
-
verify(behaviorType: 'login' | 'signup', response: string, remoteip: string,
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
sigs?: Record<string, unknown> | undefined;
|
|
174
|
-
tags?: string[] | undefined;
|
|
175
|
-
};
|
|
160
|
+
verify(behaviorType: 'login' | 'signup', response: string, remoteip: string, clientTokens: HcaptchaClientTokens): Promise<{
|
|
161
|
+
hostname: string | null;
|
|
162
|
+
success: boolean;
|
|
163
|
+
challenge_ts: string;
|
|
164
|
+
'error-codes'?: string[] | undefined;
|
|
165
|
+
score?: number | undefined;
|
|
166
|
+
score_reason?: string[] | undefined;
|
|
167
|
+
sitekey?: string | undefined;
|
|
168
|
+
behavior_counts?: Record<string, unknown> | undefined;
|
|
169
|
+
similarity?: number | undefined;
|
|
170
|
+
similarity_failures?: number | undefined;
|
|
171
|
+
similarity_error_details?: string[] | undefined;
|
|
172
|
+
scoped_uid_0?: string | undefined;
|
|
173
|
+
scoped_uid_1?: string | undefined;
|
|
174
|
+
scoped_uid_2?: string | undefined;
|
|
175
|
+
risk_insights?: Record<string, unknown> | undefined;
|
|
176
|
+
sigs?: Record<string, unknown> | undefined;
|
|
177
|
+
tags?: string[] | undefined;
|
|
176
178
|
}>;
|
|
177
|
-
|
|
179
|
+
checkVerifyResult(result: HcaptchaVerifyResult, tokens: HcaptchaClientTokens): void;
|
|
180
|
+
buildClientTokens(remoteip: string, handle: string, userAgent?: string): HcaptchaClientTokens;
|
|
178
181
|
protected hashToken(value: string): string;
|
|
179
182
|
}
|
|
183
|
+
export declare class HCaptchaVerifyError extends Error {
|
|
184
|
+
readonly result: HcaptchaVerifyResult;
|
|
185
|
+
readonly tokens: HcaptchaClientTokens;
|
|
186
|
+
constructor(result: HcaptchaVerifyResult, tokens: HcaptchaClientTokens, message?: string);
|
|
187
|
+
}
|
|
180
188
|
//# sourceMappingURL=hcaptcha.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hcaptcha.d.ts","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EACL,KAAK,EACL,UAAU,EAKX,MAAM,qBAAqB,CAAA;AAG5B,eAAO,MAAM,mBAAmB,aAAoB,CAAA;AACpD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,eAAO,MAAM,oBAAoB;IAC/B;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;OAMG;;;;;;;;;;;;EAEH,CAAA;AACF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE;;GAEG;AACH,eAAO,MAAM,0BAA0B;IACrC;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;OAGG;;IAEH;;;OAGG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAA;AAEF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"hcaptcha.d.ts","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EACL,KAAK,EACL,UAAU,EAKX,MAAM,qBAAqB,CAAA;AAG5B,eAAO,MAAM,mBAAmB,aAAoB,CAAA;AACpD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,eAAO,MAAM,oBAAoB;IAC/B;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;OAMG;;;;;;;;;;;;EAEH,CAAA;AACF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE;;GAEG;AACH,eAAO,MAAM,0BAA0B;IACrC;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;OAGG;;IAEH;;;OAGG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAA;AAEF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAA;AAE7E,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA;AAQD,qBAAa,cAAc;IAGvB,QAAQ,CAAC,QAAQ,EAAE,MAAM;IACzB,QAAQ,CAAC,MAAM,EAAE,cAAc;IAHjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAA;gBAEzB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,EAC/B,KAAK,GAAE,KAAwB;IAKpB,MAAM,CACjB,YAAY,EAAE,OAAO,GAAG,QAAQ,EAChC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,oBAAoB;;;;;;;;;;;;;;;;;;;IAkB7B,iBAAiB,CACtB,MAAM,EAAE,oBAAoB,EAC5B,MAAM,EAAE,oBAAoB,GAC3B,IAAI;IAmCA,iBAAiB,CACtB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,MAAM,GACjB,oBAAoB;IAQvB,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM;CAMlC;AAED,qBAAa,mBAAoB,SAAQ,KAAK;IAE1C,QAAQ,CAAC,MAAM,EAAE,oBAAoB;IACrC,QAAQ,CAAC,MAAM,EAAE,oBAAoB;gBAD5B,MAAM,EAAE,oBAAoB,EAC5B,MAAM,EAAE,oBAAoB,EACrC,OAAO,CAAC,EAAE,MAAM;CAInB"}
|
package/dist/lib/hcaptcha.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.HCaptchaClient = exports.hcaptchaVerifyResultSchema = exports.hcaptchaConfigSchema = exports.hcaptchaTokenSchema = void 0;
|
|
3
|
+
exports.HCaptchaVerifyError = exports.HCaptchaClient = exports.hcaptchaVerifyResultSchema = exports.hcaptchaConfigSchema = exports.hcaptchaTokenSchema = void 0;
|
|
4
4
|
const node_crypto_1 = require("node:crypto");
|
|
5
5
|
const zod_1 = require("zod");
|
|
6
6
|
const fetch_1 = require("@atproto-labs/fetch");
|
|
@@ -113,8 +113,8 @@ class HCaptchaClient {
|
|
|
113
113
|
this.config = config;
|
|
114
114
|
this.fetch = (0, fetch_1.bindFetch)(fetch);
|
|
115
115
|
}
|
|
116
|
-
async verify(behaviorType, response, remoteip,
|
|
117
|
-
|
|
116
|
+
async verify(behaviorType, response, remoteip, clientTokens) {
|
|
117
|
+
return this.fetch('https://api.hcaptcha.com/siteverify', {
|
|
118
118
|
method: 'POST',
|
|
119
119
|
headers: {
|
|
120
120
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
@@ -125,29 +125,38 @@ class HCaptchaClient {
|
|
|
125
125
|
behavior_type: behaviorType,
|
|
126
126
|
response,
|
|
127
127
|
remoteip,
|
|
128
|
-
client_tokens: JSON.stringify(
|
|
129
|
-
hashedIp: this.hashToken(remoteip),
|
|
130
|
-
hashedHandle: this.hashToken(handle),
|
|
131
|
-
hashedUserAgent: userAgent ? this.hashToken(userAgent) : undefined,
|
|
132
|
-
}),
|
|
128
|
+
client_tokens: JSON.stringify(clientTokens),
|
|
133
129
|
}).toString(),
|
|
134
130
|
}).then(fetchSuccessHandler);
|
|
131
|
+
}
|
|
132
|
+
checkVerifyResult(result, tokens) {
|
|
133
|
+
const { success, score } = result;
|
|
134
|
+
if (success !== true) {
|
|
135
|
+
throw new HCaptchaVerifyError(result, tokens, 'Expected success to be true');
|
|
136
|
+
}
|
|
137
|
+
// https://docs.hcaptcha.com/#verify-the-user-response-server-side
|
|
138
|
+
// Please [...] note that the hostname field is derived from the user's
|
|
139
|
+
// browser, and should not be used for authentication of any kind; it is
|
|
140
|
+
// primarily useful as a statistical metric. Additionally, in the event that
|
|
141
|
+
// your site experiences unusually high challenge traffic, the hostname
|
|
142
|
+
// field may be returned as "not-provided" rather than the usual value; all
|
|
143
|
+
// other fields will return their normal values.
|
|
144
|
+
if (
|
|
145
|
+
// Ignore if enterprise feature is not enabled
|
|
146
|
+
score != null &&
|
|
147
|
+
// Ignore if disabled through config
|
|
148
|
+
this.config.scoreThreshold != null &&
|
|
149
|
+
score >= this.config.scoreThreshold) {
|
|
150
|
+
throw new HCaptchaVerifyError(result, tokens, `Score ${score} is above the threshold ${this.config.scoreThreshold}`);
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
buildClientTokens(remoteip, handle, userAgent) {
|
|
135
154
|
return {
|
|
136
|
-
|
|
137
|
-
|
|
155
|
+
hashedIp: this.hashToken(remoteip),
|
|
156
|
+
hashedHandle: this.hashToken(handle),
|
|
157
|
+
hashedUserAgent: userAgent ? this.hashToken(userAgent) : undefined,
|
|
138
158
|
};
|
|
139
159
|
}
|
|
140
|
-
isAllowed({ success, hostname, score }) {
|
|
141
|
-
return (success &&
|
|
142
|
-
// Fool-proofing: If this is false, the user is trying to use a token
|
|
143
|
-
// generated for the same siteKey, but on another domain.
|
|
144
|
-
(hostname == null || hostname === this.hostname) &&
|
|
145
|
-
// Ignore if enterprise feature is not enabled
|
|
146
|
-
(score == null ||
|
|
147
|
-
// Ignore if disabled through config
|
|
148
|
-
this.config.scoreThreshold == null ||
|
|
149
|
-
score < this.config.scoreThreshold));
|
|
150
|
-
}
|
|
151
160
|
hashToken(value) {
|
|
152
161
|
const hash = (0, node_crypto_1.createHash)('sha256');
|
|
153
162
|
hash.update(this.config.tokenSalt);
|
|
@@ -156,4 +165,14 @@ class HCaptchaClient {
|
|
|
156
165
|
}
|
|
157
166
|
}
|
|
158
167
|
exports.HCaptchaClient = HCaptchaClient;
|
|
168
|
+
class HCaptchaVerifyError extends Error {
|
|
169
|
+
result;
|
|
170
|
+
tokens;
|
|
171
|
+
constructor(result, tokens, message) {
|
|
172
|
+
super(message);
|
|
173
|
+
this.result = result;
|
|
174
|
+
this.tokens = tokens;
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
exports.HCaptchaVerifyError = HCaptchaVerifyError;
|
|
159
178
|
//# sourceMappingURL=hcaptcha.js.map
|
package/dist/lib/hcaptcha.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hcaptcha.js","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,6BAAuB;AACvB,+CAO4B;AAC5B,6CAAyC;AAE5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAGvC,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;;;;;OAMG;IACH,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B;;;OAGG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B;;OAEG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD;;OAEG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC;;OAEG;IACH,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"hcaptcha.js","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,6BAAuB;AACvB,+CAO4B;AAC5B,6CAAyC;AAE5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAGvC,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;;;;;OAMG;IACH,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B;;;OAGG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B;;OAEG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD;;OAEG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC;;OAEG;IACH,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;AAUF,MAAM,mBAAmB,GAAG,IAAA,WAAI,EAC9B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,GAAE,EACpB,IAAA,6BAAqB,EAAC,kCAA0B,CAAC,CAClD,CAAA;AAED,MAAa,cAAc;IAGd;IACA;IAHQ,KAAK,CAAY;IACpC,YACW,QAAgB,EAChB,MAAsB,EAC/B,QAAe,UAAU,CAAC,KAAK;QAFtB,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAgB;QAG/B,IAAI,CAAC,KAAK,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,YAAgC,EAChC,QAAgB,EAChB,QAAgB,EAChB,YAAkC;QAElC,OAAO,IAAI,CAAC,KAAK,CAAC,qCAAqC,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,aAAa,EAAE,YAAY;gBAC3B,QAAQ;gBACR,QAAQ;gBACR,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;aAC5C,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;IAC9B,CAAC;IAEM,iBAAiB,CACtB,MAA4B,EAC5B,MAA4B;QAE5B,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;QAEjC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,MAAM,IAAI,mBAAmB,CAC3B,MAAM,EACN,MAAM,EACN,6BAA6B,CAC9B,CAAA;QACH,CAAC;QAED,kEAAkE;QAElE,uEAAuE;QACvE,wEAAwE;QACxE,4EAA4E;QAC5E,uEAAuE;QACvE,2EAA2E;QAC3E,gDAAgD;QAEhD;QACE,8CAA8C;QAC9C,KAAK,IAAI,IAAI;YACb,oCAAoC;YACpC,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI;YAClC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EACnC,CAAC;YACD,MAAM,IAAI,mBAAmB,CAC3B,MAAM,EACN,MAAM,EACN,SAAS,KAAK,2BAA2B,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CACtE,CAAA;QACH,CAAC;IACH,CAAC;IAEM,iBAAiB,CACtB,QAAgB,EAChB,MAAc,EACd,SAAkB;QAElB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAClC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YACpC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;SACnE,CAAA;IACH,CAAC;IAES,SAAS,CAAC,KAAa;QAC/B,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACzC,CAAC;CACF;AAxFD,wCAwFC;AAED,MAAa,mBAAoB,SAAQ,KAAK;IAEjC;IACA;IAFX,YACW,MAA4B,EAC5B,MAA4B,EACrC,OAAgB;QAEhB,KAAK,CAAC,OAAO,CAAC,CAAA;QAJL,WAAM,GAAN,MAAM,CAAsB;QAC5B,WAAM,GAAN,MAAM,CAAsB;IAIvC,CAAC;CACF;AARD,kDAQC"}
|
package/dist/oauth-hooks.d.ts
CHANGED
|
@@ -8,12 +8,12 @@ import { ClientId } from './client/client-id.js';
|
|
|
8
8
|
import { ClientInfo } from './client/client-info.js';
|
|
9
9
|
import { Client } from './client/client.js';
|
|
10
10
|
import { InvalidRequestError } from './errors/invalid-request-error.js';
|
|
11
|
-
import { HcaptchaConfig, HcaptchaVerifyResult } from './lib/hcaptcha.js';
|
|
11
|
+
import { HcaptchaClientTokens, HcaptchaConfig, HcaptchaVerifyResult } from './lib/hcaptcha.js';
|
|
12
12
|
import { RequestMetadata } from './lib/http/request.js';
|
|
13
13
|
import { Awaitable } from './lib/util/type.js';
|
|
14
14
|
import { AccessDeniedError, OAuthError } from './oauth-errors.js';
|
|
15
15
|
import { DeviceAccountInfo, DeviceId, SignUpData } from './oauth-store.js';
|
|
16
|
-
export { AccessDeniedError, type Account, type Awaitable, Client, type ClientAuth, type ClientId, type ClientInfo, type DeviceAccountInfo, type DeviceId, type HcaptchaConfig, type HcaptchaVerifyResult, InvalidRequestError, type Jwks, type OAuthAuthorizationDetails, type OAuthAuthorizationRequestParameters, type OAuthClientMetadata, OAuthError, type OAuthTokenResponse, type RequestMetadata, type SignInData, type SignUpData, type SignUpInput, };
|
|
16
|
+
export { AccessDeniedError, type Account, type Awaitable, Client, type ClientAuth, type ClientId, type ClientInfo, type DeviceAccountInfo, type DeviceId, type HcaptchaClientTokens, type HcaptchaConfig, type HcaptchaVerifyResult, InvalidRequestError, type Jwks, type OAuthAuthorizationDetails, type OAuthAuthorizationRequestParameters, type OAuthClientMetadata, OAuthError, type OAuthTokenResponse, type RequestMetadata, type SignInData, type SignUpData, type SignUpInput, };
|
|
17
17
|
export type OAuthHooks = {
|
|
18
18
|
/**
|
|
19
19
|
* Use this to alter, override or validate the client metadata & jwks returned
|
|
@@ -48,6 +48,17 @@ export type OAuthHooks = {
|
|
|
48
48
|
deviceId: DeviceId;
|
|
49
49
|
deviceMetadata: RequestMetadata;
|
|
50
50
|
}) => Awaitable<void>;
|
|
51
|
+
/**
|
|
52
|
+
* This hook is called when a user attempts to sign up, after the hcaptcha
|
|
53
|
+
* `/siteverify` request has been made (and before the result is validated).
|
|
54
|
+
*/
|
|
55
|
+
onHcaptchaResult?: (data: {
|
|
56
|
+
input: SignUpInput;
|
|
57
|
+
deviceId: DeviceId;
|
|
58
|
+
deviceMetadata: RequestMetadata;
|
|
59
|
+
tokens: HcaptchaClientTokens;
|
|
60
|
+
result: HcaptchaVerifyResult;
|
|
61
|
+
}) => Awaitable<void>;
|
|
51
62
|
/**
|
|
52
63
|
* This hook is called when a user successfully signs up.
|
|
53
64
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EACnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAA;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,
|
|
1
|
+
{"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EACnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAA;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACrB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAC9C,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AACjE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAG1E,OAAO,EACL,iBAAiB,EACjB,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,MAAM,EACN,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,iBAAiB,EACtB,KAAK,QAAQ,EACb,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,yBAAyB,EAC9B,KAAK,mCAAmC,EACxC,KAAK,mBAAmB,EACxB,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,GACjB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,CACd,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAA;KAAE,KACjD,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/C;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,UAAU,EAAE,mCAAmC,CAAA;QAC/C,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,SAAS,GAAG,yBAAyB,CAAC,CAAA;IAEtD;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,oBAAoB,CAAA;KAC7B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,IAAI,EAAE,iBAAiB,CAAA;QACvB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,IAAI,EAAE,iBAAiB,CAAA;QACvB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;OAUG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,kGAAkG;QAClG,QAAQ,EAAE,IAAI,GAAG,QAAQ,CAAA;KAC1B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,kGAAkG;QAClG,QAAQ,EAAE,IAAI,GAAG,QAAQ,CAAA;KAC1B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;CACtB,CAAA"}
|
package/dist/oauth-hooks.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":";;;AAaA,kDAA2C;
|
|
1
|
+
{"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":";;;AAaA,kDAA2C;AAiBzC,uFAjBO,kBAAM,OAiBP;AAhBR,gFAAuE;AAyBrE,oGAzBO,8CAAmB,OAyBP;AAjBrB,uDAAiE;AAK/D,kGALO,mCAAiB,OAKP;AAiBjB,2FAtB0B,4BAAU,OAsB1B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-provider",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.4",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
|
|
6
6
|
"keywords": [
|
|
@@ -43,8 +43,8 @@
|
|
|
43
43
|
"jose": "^5.2.0",
|
|
44
44
|
"psl": "^1.9.0",
|
|
45
45
|
"zod": "^3.23.8",
|
|
46
|
-
"@atproto-labs/fetch-node": "0.1.8",
|
|
47
46
|
"@atproto-labs/fetch": "0.2.2",
|
|
47
|
+
"@atproto-labs/fetch-node": "0.1.8",
|
|
48
48
|
"@atproto-labs/pipe": "0.1.0",
|
|
49
49
|
"@atproto-labs/simple-store": "0.1.2",
|
|
50
50
|
"@atproto-labs/simple-store-memory": "0.1.2",
|
|
@@ -55,20 +55,30 @@ export class AccountManager {
|
|
|
55
55
|
throw new InvalidRequestError('hCaptcha token is required')
|
|
56
56
|
}
|
|
57
57
|
|
|
58
|
-
const
|
|
59
|
-
.
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
)
|
|
58
|
+
const tokens = this.hcaptchaClient.buildClientTokens(
|
|
59
|
+
deviceMetadata.ipAddress,
|
|
60
|
+
input.handle,
|
|
61
|
+
deviceMetadata.userAgent,
|
|
62
|
+
)
|
|
63
|
+
|
|
64
|
+
const result = await this.hcaptchaClient
|
|
65
|
+
.verify('signup', input.hcaptchaToken, deviceMetadata.ipAddress, tokens)
|
|
66
66
|
.catch((err) => {
|
|
67
67
|
throw InvalidRequestError.from(err, 'hCaptcha verification failed')
|
|
68
68
|
})
|
|
69
69
|
|
|
70
|
-
|
|
71
|
-
|
|
70
|
+
await callAsync(this.hooks.onHcaptchaResult, {
|
|
71
|
+
input,
|
|
72
|
+
deviceId,
|
|
73
|
+
deviceMetadata,
|
|
74
|
+
tokens,
|
|
75
|
+
result,
|
|
76
|
+
})
|
|
77
|
+
|
|
78
|
+
try {
|
|
79
|
+
this.hcaptchaClient.checkVerifyResult(result, tokens)
|
|
80
|
+
} catch (err) {
|
|
81
|
+
throw InvalidRequestError.from(err, 'hCaptcha verification failed')
|
|
72
82
|
}
|
|
73
83
|
|
|
74
84
|
return result
|
package/src/lib/hcaptcha.ts
CHANGED
|
@@ -115,6 +115,12 @@ export const hcaptchaVerifyResultSchema = z.object({
|
|
|
115
115
|
|
|
116
116
|
export type HcaptchaVerifyResult = z.infer<typeof hcaptchaVerifyResultSchema>
|
|
117
117
|
|
|
118
|
+
export type HcaptchaClientTokens = {
|
|
119
|
+
hashedIp: string
|
|
120
|
+
hashedHandle: string
|
|
121
|
+
hashedUserAgent?: string
|
|
122
|
+
}
|
|
123
|
+
|
|
118
124
|
const fetchSuccessHandler = pipe(
|
|
119
125
|
fetchOkProcessor(),
|
|
120
126
|
fetchJsonProcessor(),
|
|
@@ -124,8 +130,8 @@ const fetchSuccessHandler = pipe(
|
|
|
124
130
|
export class HCaptchaClient {
|
|
125
131
|
protected readonly fetch: FetchBound
|
|
126
132
|
constructor(
|
|
127
|
-
|
|
128
|
-
|
|
133
|
+
readonly hostname: string,
|
|
134
|
+
readonly config: HcaptchaConfig,
|
|
129
135
|
fetch: Fetch = globalThis.fetch,
|
|
130
136
|
) {
|
|
131
137
|
this.fetch = bindFetch(fetch)
|
|
@@ -135,10 +141,9 @@ export class HCaptchaClient {
|
|
|
135
141
|
behaviorType: 'login' | 'signup',
|
|
136
142
|
response: string,
|
|
137
143
|
remoteip: string,
|
|
138
|
-
|
|
139
|
-
userAgent?: string,
|
|
144
|
+
clientTokens: HcaptchaClientTokens,
|
|
140
145
|
) {
|
|
141
|
-
|
|
146
|
+
return this.fetch('https://api.hcaptcha.com/siteverify', {
|
|
142
147
|
method: 'POST',
|
|
143
148
|
headers: {
|
|
144
149
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
@@ -149,32 +154,59 @@ export class HCaptchaClient {
|
|
|
149
154
|
behavior_type: behaviorType,
|
|
150
155
|
response,
|
|
151
156
|
remoteip,
|
|
152
|
-
client_tokens: JSON.stringify(
|
|
153
|
-
hashedIp: this.hashToken(remoteip),
|
|
154
|
-
hashedHandle: this.hashToken(handle),
|
|
155
|
-
hashedUserAgent: userAgent ? this.hashToken(userAgent) : undefined,
|
|
156
|
-
}),
|
|
157
|
+
client_tokens: JSON.stringify(clientTokens),
|
|
157
158
|
}).toString(),
|
|
158
159
|
}).then(fetchSuccessHandler)
|
|
160
|
+
}
|
|
159
161
|
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
162
|
+
public checkVerifyResult(
|
|
163
|
+
result: HcaptchaVerifyResult,
|
|
164
|
+
tokens: HcaptchaClientTokens,
|
|
165
|
+
): void {
|
|
166
|
+
const { success, score } = result
|
|
167
|
+
|
|
168
|
+
if (success !== true) {
|
|
169
|
+
throw new HCaptchaVerifyError(
|
|
170
|
+
result,
|
|
171
|
+
tokens,
|
|
172
|
+
'Expected success to be true',
|
|
173
|
+
)
|
|
163
174
|
}
|
|
164
|
-
}
|
|
165
175
|
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
176
|
+
// https://docs.hcaptcha.com/#verify-the-user-response-server-side
|
|
177
|
+
|
|
178
|
+
// Please [...] note that the hostname field is derived from the user's
|
|
179
|
+
// browser, and should not be used for authentication of any kind; it is
|
|
180
|
+
// primarily useful as a statistical metric. Additionally, in the event that
|
|
181
|
+
// your site experiences unusually high challenge traffic, the hostname
|
|
182
|
+
// field may be returned as "not-provided" rather than the usual value; all
|
|
183
|
+
// other fields will return their normal values.
|
|
184
|
+
|
|
185
|
+
if (
|
|
172
186
|
// Ignore if enterprise feature is not enabled
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
)
|
|
187
|
+
score != null &&
|
|
188
|
+
// Ignore if disabled through config
|
|
189
|
+
this.config.scoreThreshold != null &&
|
|
190
|
+
score >= this.config.scoreThreshold
|
|
191
|
+
) {
|
|
192
|
+
throw new HCaptchaVerifyError(
|
|
193
|
+
result,
|
|
194
|
+
tokens,
|
|
195
|
+
`Score ${score} is above the threshold ${this.config.scoreThreshold}`,
|
|
196
|
+
)
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
public buildClientTokens(
|
|
201
|
+
remoteip: string,
|
|
202
|
+
handle: string,
|
|
203
|
+
userAgent?: string,
|
|
204
|
+
): HcaptchaClientTokens {
|
|
205
|
+
return {
|
|
206
|
+
hashedIp: this.hashToken(remoteip),
|
|
207
|
+
hashedHandle: this.hashToken(handle),
|
|
208
|
+
hashedUserAgent: userAgent ? this.hashToken(userAgent) : undefined,
|
|
209
|
+
}
|
|
178
210
|
}
|
|
179
211
|
|
|
180
212
|
protected hashToken(value: string) {
|
|
@@ -184,3 +216,13 @@ export class HCaptchaClient {
|
|
|
184
216
|
return hash.digest().toString('base64')
|
|
185
217
|
}
|
|
186
218
|
}
|
|
219
|
+
|
|
220
|
+
export class HCaptchaVerifyError extends Error {
|
|
221
|
+
constructor(
|
|
222
|
+
readonly result: HcaptchaVerifyResult,
|
|
223
|
+
readonly tokens: HcaptchaClientTokens,
|
|
224
|
+
message?: string,
|
|
225
|
+
) {
|
|
226
|
+
super(message)
|
|
227
|
+
}
|
|
228
|
+
}
|
package/src/oauth-hooks.ts
CHANGED
|
@@ -13,7 +13,11 @@ import { ClientId } from './client/client-id.js'
|
|
|
13
13
|
import { ClientInfo } from './client/client-info.js'
|
|
14
14
|
import { Client } from './client/client.js'
|
|
15
15
|
import { InvalidRequestError } from './errors/invalid-request-error.js'
|
|
16
|
-
import {
|
|
16
|
+
import {
|
|
17
|
+
HcaptchaClientTokens,
|
|
18
|
+
HcaptchaConfig,
|
|
19
|
+
HcaptchaVerifyResult,
|
|
20
|
+
} from './lib/hcaptcha.js'
|
|
17
21
|
import { RequestMetadata } from './lib/http/request.js'
|
|
18
22
|
import { Awaitable } from './lib/util/type.js'
|
|
19
23
|
import { AccessDeniedError, OAuthError } from './oauth-errors.js'
|
|
@@ -30,6 +34,7 @@ export {
|
|
|
30
34
|
type ClientInfo,
|
|
31
35
|
type DeviceAccountInfo,
|
|
32
36
|
type DeviceId,
|
|
37
|
+
type HcaptchaClientTokens,
|
|
33
38
|
type HcaptchaConfig,
|
|
34
39
|
type HcaptchaVerifyResult,
|
|
35
40
|
InvalidRequestError,
|
|
@@ -82,6 +87,18 @@ export type OAuthHooks = {
|
|
|
82
87
|
deviceMetadata: RequestMetadata
|
|
83
88
|
}) => Awaitable<void>
|
|
84
89
|
|
|
90
|
+
/**
|
|
91
|
+
* This hook is called when a user attempts to sign up, after the hcaptcha
|
|
92
|
+
* `/siteverify` request has been made (and before the result is validated).
|
|
93
|
+
*/
|
|
94
|
+
onHcaptchaResult?: (data: {
|
|
95
|
+
input: SignUpInput
|
|
96
|
+
deviceId: DeviceId
|
|
97
|
+
deviceMetadata: RequestMetadata
|
|
98
|
+
tokens: HcaptchaClientTokens
|
|
99
|
+
result: HcaptchaVerifyResult
|
|
100
|
+
}) => Awaitable<void>
|
|
101
|
+
|
|
85
102
|
/**
|
|
86
103
|
* This hook is called when a user successfully signs up.
|
|
87
104
|
*
|