From 6014ee9cc1e8bdd4533cb38787a476d8e8e607ef Mon Sep 17 00:00:00 2001 From: Ryan G <78384369+SpongeManiac@users.noreply.github.com> Date: Mon, 12 Jun 2023 23:47:09 -0700 Subject: [PATCH] Update authentication.cr --- src/invidious/routes/api/v1/authentication.cr | 47 +++++++++++++++---- 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/src/invidious/routes/api/v1/authentication.cr b/src/invidious/routes/api/v1/authentication.cr index 2a0e4e58..1fc8eb06 100644 --- a/src/invidious/routes/api/v1/authentication.cr +++ b/src/invidious/routes/api/v1/authentication.cr @@ -35,16 +35,45 @@ module Invidious::Routes::API::V1::Authentication password = password.byte_slice(0, 55) # send captcha if enabled if CONFIG.captcha_enabled - # send captcha - captcha = Invidious::User::Captcha.generate_text(HMAC_KEY, ":captcha") - # puts captcha - response = JSON.build do |json| - json.object do - json.field "question", captcha["question"] - json.field "tokens", captcha["tokens"] - end + captcha_response = nil + begin + captcha_response = CaptchaResponse.from_json(env.request.body || "{}") + rescue + end + if captcha_response + answer = captcha_response.answer + tokens = captcha_response.tokens + answer = Digest::MD5.hexdigest(answer.downcase.strip) + if tokens.empty? + return error_json(500, "Erroneous CAPTCHA") + end + + found_valid_captcha = false + error_exception = Exception.new + tokens.each do |tok| + begin + validate_request(tok, answer, env.request, HMAC_KEY, locale) + found_valid_captcha = true + rescue ex + error_exception = ex + end + end + + if !found_valid_captcha + return error_json(500, error_exception) + end + else + # send captcha + captcha = Invidious::User::Captcha.generate_text(HMAC_KEY, ":captcha") + # puts captcha + response = JSON.build do |json| + json.object do + json.field "question", captcha["question"] + json.field "tokens", captcha["tokens"] + end + end + return response end - return response end # create user sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))