Qubasa/clan-infra
1
0
Fork 0
forked from clan/clan-infra
Code Pull Requests Activity

add poor-mans captcha

Browse Source
This commit is contained in:
Jörg Thalheim 2023-07-05 15:22:57 +02:00
parent 1bae0c1b62
commit 4b563a2292
3 changed files with 69 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/web01/default.nix
View File

@ -1,7 +1,7 @@
{
imports = [
./homepage.nix
./gitea.nix
./gitea
./postfix.nix
];

62
modules/web01/gitea/0001-add-bot-check.patch Normal file
View File

@ -0,0 +1,62 @@
From f06e0e1aaa9bb0602e6944d0dd4370e24b66b4e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 5 Jul 2023 15:02:03 +0200
Subject: [PATCH] add bot check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
---
routers/web/auth/auth.go | 5 +++++
services/forms/user_form.go | 1 +
templates/user/auth/signup_inner.tmpl | 5 +++++
3 files changed, 11 insertions(+)
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index 9f1395225..2f7f434a5 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -411,6 +411,11 @@ func SignUpPost(ctx *context.Context) {
context.SetCaptchaData(ctx)
ctx.Data["PageIsSignUp"] = true
+ if form.Notabot != "Notabot" {
+ ctx.Error(http.StatusForbidden)
+ return
+ }
+
// Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true
if setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration {
ctx.Error(http.StatusForbidden)
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 1f5abf94e..196300a14 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -94,6 +94,7 @@ type RegisterForm struct {
UserName string `binding:"Required;Username;MaxSize(40)"`
Email string `binding:"Required;MaxSize(254)"`
Password string `binding:"MaxSize(255)"`
+ Notabot string `binding:"Required"`
Retype string
}
diff --git a/templates/user/auth/signup_inner.tmpl b/templates/user/auth/signup_inner.tmpl
index 8dfcb7b7d..0316163c5 100644
--- a/templates/user/auth/signup_inner.tmpl
+++ b/templates/user/auth/signup_inner.tmpl
@@ -24,6 +24,11 @@
<input id="email" name="email" type="email" value="{{.email}}" required>
</div>
+ <div class="required inline field">
+ <input type="checkbox" id="notabot" name="notabot" value="Notabot">
+ <label for="notabot">Confirm that you are not a bot</label><br>
+ </div>
+
{{if not .DisablePassword}}
<div class="required inline field {{if and (.Err_Password) (or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeRegister))}}error{{end}}">
<label for="password">{{.locale.Tr "password"}}</label>
--
2.41.0

8
modules/web01/gitea.nix → modules/web01/gitea/default.nix
View File

@ -15,6 +15,11 @@
host = "/run/postgresql";
port = 5432;
};
package = pkgs.gitea.overrideAttrs (oldAttrs: {
patches = [
./0001-add-bot-check.patch
];
});
#mailerPasswordFile = config.sops.secrets.gitea-mail.path;
settings.mailer = {
ENABLED = true;
@ -22,8 +27,7 @@
HOST = "localhost:25";
};
settings.log.LEVEL = "Error";
# TODO: prevent spammers from logging in, before enabling registration
settings.service.DISABLE_REGISTRATION = true;
settings.service.DISABLE_REGISTRATION = false;
settings.metrics.ENABLED = true;
settings.server = {
DISABLE_ROUTER_LOG = true;