Update authentication.cr

2025-08-28 15:38:30 +00:00 · 2023-06-12 23:47:09 -07:00 · 2023-06-12 23:47:09 -07:00 · 6014ee9cc1
commit 6014ee9cc1
parent ae058da25c
1 changed files with 38 additions and 9 deletions
--- a/src/invidious/routes/api/v1/authentication.cr
+++ b/src/invidious/routes/api/v1/authentication.cr
@ -35,6 +35,34 @@ module Invidious::Routes::API::V1::Authentication
        password = password.byte_slice(0, 55)
        # send captcha if enabled
        if CONFIG.captcha_enabled
+          captcha_response = nil
+          begin
+            captcha_response = CaptchaResponse.from_json(env.request.body || "{}")
+          rescue
+          end
+          if captcha_response
+            answer = captcha_response.answer
+            tokens = captcha_response.tokens
+            answer = Digest::MD5.hexdigest(answer.downcase.strip)
+            if tokens.empty?
+              return error_json(500, "Erroneous CAPTCHA")
+            end
+
+            found_valid_captcha = false
+            error_exception = Exception.new
+            tokens.each do |tok|
+              begin
+                validate_request(tok, answer, env.request, HMAC_KEY, locale)
+                found_valid_captcha = true
+              rescue ex
+                error_exception = ex
+              end
+            end
+
+            if !found_valid_captcha
+              return error_json(500, error_exception)
+            end
+          else
            # send captcha
            captcha = Invidious::User::Captcha.generate_text(HMAC_KEY, ":captcha")
            # puts captcha
@ -46,6 +74,7 @@ module Invidious::Routes::API::V1::Authentication
            end
            return response
          end
+        end
        # create user
        sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
        user, sid = create_user(sid, username, password)