@businessflow/reviews 2.1.4 → 2.1.5

package/dist/chunk-FQOS7677.mjs

@@ -0,0 +1,92 @@
+// src/server/recaptcha.ts
+async function verifyRecaptcha(token, config) {
+  if (!config.secretKey) {
+    console.warn("RECAPTCHA_SECRET_KEY not configured, skipping verification");
+    return { success: true };
+  }
+  if (!token || typeof token !== "string") {
+    return {
+      success: false,
+      errorCodes: ["missing-input-response"]
+    };
+  }
+  const timeout = config.timeoutMs || 1e4;
+  try {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    const response = await fetch("https://www.google.com/recaptcha/api/siteverify", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        secret: config.secretKey,
+        response: token
+      }),
+      signal: controller.signal
+    });
+    clearTimeout(timeoutId);
+    if (!response.ok) {
+      console.error("reCAPTCHA API returned non-OK status:", response.status);
+      return {
+        success: false,
+        errorCodes: ["recaptcha-api-error"]
+      };
+    }
+    const data = await response.json();
+    if (config.minimumScore !== void 0 && data.score !== void 0) {
+      if (data.score < config.minimumScore) {
+        return {
+          success: false,
+          score: data.score,
+          errorCodes: ["score-threshold-not-met"]
+        };
+      }
+    }
+    return {
+      success: data.success === true,
+      score: data.score,
+      action: data.action,
+      challengeTimestamp: data.challenge_ts,
+      hostname: data.hostname,
+      errorCodes: data["error-codes"] || []
+    };
+  } catch (error) {
+    if (error instanceof Error && error.name === "AbortError") {
+      console.error("reCAPTCHA verification timeout");
+      return {
+        success: false,
+        errorCodes: ["timeout-or-duplicate"]
+      };
+    }
+    console.error("reCAPTCHA verification error:", error);
+    return {
+      success: false,
+      errorCodes: ["network-error"]
+    };
+  }
+}
+function getRecaptchaErrorMessage(errorCodes) {
+  const errorMessages = {
+    "missing-input-secret": "reCAPTCHA secret key is missing",
+    "invalid-input-secret": "reCAPTCHA secret key is invalid",
+    "missing-input-response": "reCAPTCHA token is missing",
+    "invalid-input-response": "reCAPTCHA token is invalid or malformed",
+    "bad-request": "The request is invalid or malformed",
+    "timeout-or-duplicate": "reCAPTCHA verification timed out or token was already used",
+    "score-threshold-not-met": "reCAPTCHA score is below the required threshold",
+    "recaptcha-api-error": "reCAPTCHA service is unavailable",
+    "network-error": "Network error during reCAPTCHA verification"
+  };
+  if (!errorCodes || errorCodes.length === 0) {
+    return "reCAPTCHA verification failed";
+  }
+  const knownErrors = errorCodes.filter((code) => errorMessages[code]).map((code) => errorMessages[code]);
+  return knownErrors.length > 0 ? knownErrors.join(", ") : "reCAPTCHA verification failed";
+}
+
+export {
+  verifyRecaptcha,
+  getRecaptchaErrorMessage
+};
+//# sourceMappingURL=chunk-FQOS7677.mjs.map

package/dist/chunk-FQOS7677.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/recaptcha.ts"],"sourcesContent":["/**\n * Server-side reCAPTCHA verification utility\n */\n\nexport interface RecaptchaConfig {\n  secretKey: string;\n  minimumScore?: number; // For reCAPTCHA v3, minimum score (0.0 to 1.0)\n  timeoutMs?: number; // Request timeout in milliseconds\n}\n\nexport interface RecaptchaVerificationResult {\n  success: boolean;\n  score?: number; // reCAPTCHA v3 score\n  action?: string; // reCAPTCHA v3 action\n  challengeTimestamp?: string;\n  hostname?: string;\n  errorCodes?: string[];\n}\n\n/**\n * Verify reCAPTCHA token with Google's API\n */\nexport async function verifyRecaptcha(\n  token: string,\n  config: RecaptchaConfig\n): Promise<RecaptchaVerificationResult> {\n  if (!config.secretKey) {\n    console.warn('RECAPTCHA_SECRET_KEY not configured, skipping verification');\n    return { success: true };\n  }\n\n  if (!token || typeof token !== 'string') {\n    return {\n      success: false,\n      errorCodes: ['missing-input-response']\n    };\n  }\n\n  const timeout = config.timeoutMs || 10000; // 10 second default timeout\n\n  try {\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n    const response = await fetch('https://www.google.com/recaptcha/api/siteverify', {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/x-www-form-urlencoded',\n      },\n      body: new URLSearchParams({\n        secret: config.secretKey,\n        response: token\n      }),\n      signal: controller.signal\n    });\n\n    clearTimeout(timeoutId);\n\n    if (!response.ok) {\n      console.error('reCAPTCHA API returned non-OK status:', response.status);\n      return {\n        success: false,\n        errorCodes: ['recaptcha-api-error']\n      };\n    }\n\n    const data = await response.json();\n    \n    // Check minimum score for v3 (if configured)\n    if (config.minimumScore !== undefined && data.score !== undefined) {\n      if (data.score < config.minimumScore) {\n        return {\n          success: false,\n          score: data.score,\n          errorCodes: ['score-threshold-not-met']\n        };\n      }\n    }\n\n    return {\n      success: data.success === true,\n      score: data.score,\n      action: data.action,\n      challengeTimestamp: data.challenge_ts,\n      hostname: data.hostname,\n      errorCodes: data['error-codes'] || []\n    };\n\n  } catch (error) {\n    if (error instanceof Error && error.name === 'AbortError') {\n      console.error('reCAPTCHA verification timeout');\n      return {\n        success: false,\n        errorCodes: ['timeout-or-duplicate']\n      };\n    }\n\n    console.error('reCAPTCHA verification error:', error);\n    return {\n      success: false,\n      errorCodes: ['network-error']\n    };\n  }\n}\n\n/**\n * Get human-readable error message for reCAPTCHA error codes\n */\nexport function getRecaptchaErrorMessage(errorCodes: string[]): string {\n  const errorMessages: { [key: string]: string } = {\n    'missing-input-secret': 'reCAPTCHA secret key is missing',\n    'invalid-input-secret': 'reCAPTCHA secret key is invalid',\n    'missing-input-response': 'reCAPTCHA token is missing',\n    'invalid-input-response': 'reCAPTCHA token is invalid or malformed',\n    'bad-request': 'The request is invalid or malformed',\n    'timeout-or-duplicate': 'reCAPTCHA verification timed out or token was already used',\n    'score-threshold-not-met': 'reCAPTCHA score is below the required threshold',\n    'recaptcha-api-error': 'reCAPTCHA service is unavailable',\n    'network-error': 'Network error during reCAPTCHA verification'\n  };\n\n  if (!errorCodes || errorCodes.length === 0) {\n    return 'reCAPTCHA verification failed';\n  }\n\n  const knownErrors = errorCodes\n    .filter(code => errorMessages[code])\n    .map(code => errorMessages[code]);\n\n  return knownErrors.length > 0 \n    ? knownErrors.join(', ')\n    : 'reCAPTCHA verification failed';\n}"],"mappings":";AAsBA,eAAsB,gBACpB,OACA,QACsC;AACtC,MAAI,CAAC,OAAO,WAAW;AACrB,YAAQ,KAAK,4DAA4D;AACzE,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AAEA,MAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY,CAAC,wBAAwB;AAAA,IACvC;AAAA,EACF;AAEA,QAAM,UAAU,OAAO,aAAa;AAEpC,MAAI;AACF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,OAAO;AAE9D,UAAM,WAAW,MAAM,MAAM,mDAAmD;AAAA,MAC9E,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,QAAQ,OAAO;AAAA,QACf,UAAU;AAAA,MACZ,CAAC;AAAA,MACD,QAAQ,WAAW;AAAA,IACrB,CAAC;AAED,iBAAa,SAAS;AAEtB,QAAI,CAAC,SAAS,IAAI;AAChB,cAAQ,MAAM,yCAAyC,SAAS,MAAM;AACtE,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,CAAC,qBAAqB;AAAA,MACpC;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AAGjC,QAAI,OAAO,iBAAiB,UAAa,KAAK,UAAU,QAAW;AACjE,UAAI,KAAK,QAAQ,OAAO,cAAc;AACpC,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,KAAK;AAAA,UACZ,YAAY,CAAC,yBAAyB;AAAA,QACxC;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS,KAAK,YAAY;AAAA,MAC1B,OAAO,KAAK;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,oBAAoB,KAAK;AAAA,MACzB,UAAU,KAAK;AAAA,MACf,YAAY,KAAK,aAAa,KAAK,CAAC;AAAA,IACtC;AAAA,EAEF,SAAS,OAAO;AACd,QAAI,iBAAiB,SAAS,MAAM,SAAS,cAAc;AACzD,cAAQ,MAAM,gCAAgC;AAC9C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,CAAC,sBAAsB;AAAA,MACrC;AAAA,IACF;AAEA,YAAQ,MAAM,iCAAiC,KAAK;AACpD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY,CAAC,eAAe;AAAA,IAC9B;AAAA,EACF;AACF;AAKO,SAAS,yBAAyB,YAA8B;AACrE,QAAM,gBAA2C;AAAA,IAC/C,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,IACxB,0BAA0B;AAAA,IAC1B,0BAA0B;AAAA,IAC1B,eAAe;AAAA,IACf,wBAAwB;AAAA,IACxB,2BAA2B;AAAA,IAC3B,uBAAuB;AAAA,IACvB,iBAAiB;AAAA,EACnB;AAEA,MAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,WAAO;AAAA,EACT;AAEA,QAAM,cAAc,WACjB,OAAO,UAAQ,cAAc,IAAI,CAAC,EAClC,IAAI,UAAQ,cAAc,IAAI,CAAC;AAElC,SAAO,YAAY,SAAS,IACxB,YAAY,KAAK,IAAI,IACrB;AACN;","names":[]}

package/dist/index.js

@@ -3,6 +3,9 @@ var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -17,6 +20,103 @@ var __copyProps = (to, from, except, desc) => {
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
+// src/server/recaptcha.ts
+var recaptcha_exports = {};
+__export(recaptcha_exports, {
+  getRecaptchaErrorMessage: () => getRecaptchaErrorMessage,
+  verifyRecaptcha: () => verifyRecaptcha
+});
+async function verifyRecaptcha(token, config) {
+  if (!config.secretKey) {
+    console.warn("RECAPTCHA_SECRET_KEY not configured, skipping verification");
+    return { success: true };
+  }
+  if (!token || typeof token !== "string") {
+    return {
+      success: false,
+      errorCodes: ["missing-input-response"]
+    };
+  }
+  const timeout = config.timeoutMs || 1e4;
+  try {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    const response = await fetch("https://www.google.com/recaptcha/api/siteverify", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        secret: config.secretKey,
+        response: token
+      }),
+      signal: controller.signal
+    });
+    clearTimeout(timeoutId);
+    if (!response.ok) {
+      console.error("reCAPTCHA API returned non-OK status:", response.status);
+      return {
+        success: false,
+        errorCodes: ["recaptcha-api-error"]
+      };
+    }
+    const data = await response.json();
+    if (config.minimumScore !== void 0 && data.score !== void 0) {
+      if (data.score < config.minimumScore) {
+        return {
+          success: false,
+          score: data.score,
+          errorCodes: ["score-threshold-not-met"]
+        };
+      }
+    }
+    return {
+      success: data.success === true,
+      score: data.score,
+      action: data.action,
+      challengeTimestamp: data.challenge_ts,
+      hostname: data.hostname,
+      errorCodes: data["error-codes"] || []
+    };
+  } catch (error) {
+    if (error instanceof Error && error.name === "AbortError") {
+      console.error("reCAPTCHA verification timeout");
+      return {
+        success: false,
+        errorCodes: ["timeout-or-duplicate"]
+      };
+    }
+    console.error("reCAPTCHA verification error:", error);
+    return {
+      success: false,
+      errorCodes: ["network-error"]
+    };
+  }
+}
+function getRecaptchaErrorMessage(errorCodes) {
+  const errorMessages = {
+    "missing-input-secret": "reCAPTCHA secret key is missing",
+    "invalid-input-secret": "reCAPTCHA secret key is invalid",
+    "missing-input-response": "reCAPTCHA token is missing",
+    "invalid-input-response": "reCAPTCHA token is invalid or malformed",
+    "bad-request": "The request is invalid or malformed",
+    "timeout-or-duplicate": "reCAPTCHA verification timed out or token was already used",
+    "score-threshold-not-met": "reCAPTCHA score is below the required threshold",
+    "recaptcha-api-error": "reCAPTCHA service is unavailable",
+    "network-error": "Network error during reCAPTCHA verification"
+  };
+  if (!errorCodes || errorCodes.length === 0) {
+    return "reCAPTCHA verification failed";
+  }
+  const knownErrors = errorCodes.filter((code) => errorMessages[code]).map((code) => errorMessages[code]);
+  return knownErrors.length > 0 ? knownErrors.join(", ") : "reCAPTCHA verification failed";
+}
+var init_recaptcha = __esm({
+  "src/server/recaptcha.ts"() {
+    "use strict";
+  }
+});
+
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -508,6 +608,24 @@ function createReviewSubmitHandler(config) {
           }
         }
       }
+      if (config.recaptcha) {
+        const token = body.token;
+        if (!token) {
+          return import_server.NextResponse.json(
+            { error: "reCAPTCHA verification is required" },
+            { status: 400 }
+          );
+        }
+        const { verifyRecaptcha: verifyRecaptcha2, getRecaptchaErrorMessage: getRecaptchaErrorMessage2 } = await Promise.resolve().then(() => (init_recaptcha(), recaptcha_exports));
+        const recaptchaResult = await verifyRecaptcha2(token, config.recaptcha);
+        if (!recaptchaResult.success) {
+          const errorMessage = getRecaptchaErrorMessage2(recaptchaResult.errorCodes || []);
+          return import_server.NextResponse.json(
+            { error: `reCAPTCHA verification failed: ${errorMessage}` },
+            { status: 400 }
+          );
+        }
+      }
       let response;
       try {
         if (!config.onSubmit) {
@@ -642,6 +760,9 @@ function createReviewHandler(config) {
   };
 }
 
+// src/server/index.ts
+init_recaptcha();
+
 // src/react/components/StarRating.tsx
 var import_jsx_runtime = require("react/jsx-runtime");
 var StarRating = ({