From 6fd6cdf55b599ac7bc60659e39e4599ffc44e4e5 Mon Sep 17 00:00:00 2001
From: Miodec <jack@monkeytype.com>
Date: Thu, 22 Sep 2022 12:56:38 +0200
Subject: [PATCH] added captcha requirement to create new user

---
 backend/src/api/controllers/user.ts    | 11 ++++++++++-
 backend/src/api/routes/users.ts        |  1 +
 frontend/src/ts/ape/endpoints/users.ts |  8 +++++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/backend/src/api/controllers/user.ts b/backend/src/api/controllers/user.ts
index f56b16ae1..da392b6f7 100644
--- a/backend/src/api/controllers/user.ts
+++ b/backend/src/api/controllers/user.ts
@@ -11,13 +11,22 @@ import { deleteAllApeKeys } from "../../dal/ape-keys";
 import { deleteAllPresets } from "../../dal/preset";
 import { deleteAll as deleteAllResults } from "../../dal/result";
 import { deleteConfig } from "../../dal/config";
+import { verify } from "../../utils/captcha";
+
+async function verifyCaptcha(captcha: string): Promise<void> {
+  if (!(await verify(captcha))) {
+    throw new MonkeyError(422, "Captcha check failed");
+  }
+}
 
 export async function createNewUser(
   req: MonkeyTypes.Request
 ): Promise<MonkeyResponse> {
-  const { name } = req.body;
+  const { name, captcha } = req.body;
   const { email, uid } = req.ctx.decodedToken;
 
+  await verifyCaptcha(captcha);
+
   if (email.endsWith("@tidal.lol") || email.endsWith("@selfbot.cc")) {
     throw new MonkeyError(400, "Invalid domain");
   }
diff --git a/backend/src/api/routes/users.ts b/backend/src/api/routes/users.ts
index aab22a75b..81a1a6242 100644
--- a/backend/src/api/routes/users.ts
+++ b/backend/src/api/routes/users.ts
@@ -102,6 +102,7 @@ router.post(
       email: joi.string().email(),
       name: usernameValidation,
       uid: joi.string(),
+      captcha: joi.string().required(),
     },
   }),
   asyncHandler(UserController.createNewUser)
diff --git a/frontend/src/ts/ape/endpoints/users.ts b/frontend/src/ts/ape/endpoints/users.ts
index 67ff8e79e..53936f398 100644
--- a/frontend/src/ts/ape/endpoints/users.ts
+++ b/frontend/src/ts/ape/endpoints/users.ts
@@ -9,11 +9,17 @@ export default class Users {
     return await this.httpClient.get(BASE_PATH);
   }
 
-  async create(name: string, email?: string, uid?: string): Ape.EndpointData {
+  async create(
+    name: string,
+    captcha: string,
+    email?: string,
+    uid?: string
+  ): Ape.EndpointData {
     const payload = {
       email,
       name,
       uid,
+      captcha,
     };
 
     return await this.httpClient.post(`${BASE_PATH}/signup`, { payload });