rankrunners-cms 0.0.27 → 0.0.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/tanstack/captcha.ts +73 -0
package/package.json
CHANGED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
import { verifyToken as verifyTokenClient } from "../api/client/captcha";
|
|
2
|
+
|
|
3
|
+
export const getIpAddress = (request: Request): string => {
|
|
4
|
+
const forwardedFor = request.headers.get("x-forwarded-for");
|
|
5
|
+
|
|
6
|
+
if (forwardedFor) {
|
|
7
|
+
// x-forwarded-for can contain multiple IPs, take the first one
|
|
8
|
+
const splitForwardedFor = forwardedFor.split(",")[0]?.trim();
|
|
9
|
+
|
|
10
|
+
if (splitForwardedFor && splitForwardedFor.length > 0) {
|
|
11
|
+
return splitForwardedFor;
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
// Common fallback headers set by some proxies/CDNs
|
|
16
|
+
const realIp = request.headers.get("x-real-ip")?.trim();
|
|
17
|
+
if (realIp && realIp.length > 0) {
|
|
18
|
+
return realIp;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
const cfConnectingIp = request.headers.get("cf-connecting-ip")?.trim();
|
|
22
|
+
if (cfConnectingIp && cfConnectingIp.length > 0) {
|
|
23
|
+
return cfConnectingIp;
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
return "";
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
const getRequestHostname = (request: Request): string => {
|
|
30
|
+
const referer =
|
|
31
|
+
request.headers.get("referer") || request.headers.get("referrer");
|
|
32
|
+
if (referer) {
|
|
33
|
+
try {
|
|
34
|
+
return new URL(referer).hostname;
|
|
35
|
+
} catch {
|
|
36
|
+
// fall through
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
const origin = request.headers.get("origin");
|
|
40
|
+
if (origin) {
|
|
41
|
+
try {
|
|
42
|
+
return new URL(origin).hostname;
|
|
43
|
+
} catch {
|
|
44
|
+
// fall through
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
const host = request.headers.get("host");
|
|
48
|
+
if (host) {
|
|
49
|
+
// Remove port if present
|
|
50
|
+
const [hostname] = host.split(":");
|
|
51
|
+
if (hostname && hostname.length > 0) {
|
|
52
|
+
return hostname;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
return "";
|
|
56
|
+
};
|
|
57
|
+
|
|
58
|
+
export const verifyToken = async (request: Request, token: string) => {
|
|
59
|
+
const ip = getIpAddress(request);
|
|
60
|
+
const hostname = getRequestHostname(request);
|
|
61
|
+
|
|
62
|
+
if (ip.length === 0) {
|
|
63
|
+
console.error("Unable to determine IP address for captcha verification");
|
|
64
|
+
return false;
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
if (hostname.length === 0) {
|
|
68
|
+
console.error("Unable to determine hostname for captcha verification");
|
|
69
|
+
return false;
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
return verifyTokenClient({ token, ip, hostname });
|
|
73
|
+
};
|