Payment recaptcha

ImpactDevelopment · May 19, 2022 · 28c4b33 · 28c4b33
1 parent a256496
commit 28c4b33
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/src/api/v1/donate.go b/src/api/v1/donate.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"github.com/ImpactDevelopment/ImpactServer/src/database"
 	"github.com/ImpactDevelopment/ImpactServer/src/discord"
+	"github.com/ImpactDevelopment/ImpactServer/src/recaptcha"
 	"github.com/ImpactDevelopment/ImpactServer/src/stripe"
 	"github.com/ImpactDevelopment/ImpactServer/src/util"
 	"github.com/google/uuid"
@@ -102,6 +103,12 @@ func createStripePayment(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusForbidden)
 	}
 
+	// Only check recaptcha after we've verified that the address is allowed
+	err = recaptcha.Verify(c)
+	if err != nil {
+		return err
+	}
+
 	payment, err := stripe.CreatePayment(body.Amount, body.Currency, "Donation", body.Email)
 	if err != nil {
 		return err

diff --git a/static/donate.html b/static/donate.html
@@ -13,6 +13,7 @@
     <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.2/jquery.validate.min.js"></script>
     <script type="text/javascript" src="/js/api.js"></script>
     <script type="text/javascript" src="https://js.stripe.com/v3/"></script>
+    <script src="https://www.google.com/recaptcha/api.js" async></script>
 
     <!-- Global site tag (gtag.js) - Google Analytics -->
     <script async src="https://www.googletagmanager.com/gtag/js?id=UA-143397381-1"></script>
@@ -129,7 +130,8 @@ <h4 class="col s12">
                 <input type="email" id="email" name="email" required tabindex="2" />
                 <span class="helper-text" data-error="Invalid Email" data-success="">An email to send your receipt to</span>
             </div>
-            <div class="input-field col s12 m2 center">
+            <div class="input-field col s12 g-recaptcha" data-sitekey="6Lf19NcUAAAAADBY-60OxWuSMgr4XMH3aq1BZYRs"></div>
+            <div class="input-field col s12 m2">
                 <button type="submit" form="amount-form" class="btn waves-effect waves-light" disabled tabindex="3">
                     Next
                 </button>
@@ -380,6 +382,9 @@ <h4 class="col s12">Thank you for donating <span class="amount"></span> to Impac
                     var amount = Math.floor(form['amount'].value.trim() * 100)
                     var email = form['email'].value.trim()
                     var currency = form['currency'].value.trim()
+                    var captcha = $("#g-recaptcha-response").val()
+
+                    if (!captcha) showError($(form), "Recaptcha is required")
 
                     // Show a spinner while creating payment
                     loading($(form), true)
@@ -391,7 +396,7 @@ <h4 class="col s12">Thank you for donating <span class="amount"></span> to Impac
                         return
                     }
 
-                    api.createPayment(currency, amount, email)
+                    api.createPayment(currency, amount, email, captcha)
                         .then(function (payment) {
                             return currentPayment = payment
                         })

diff --git a/static/js/api.js b/static/js/api.js
@@ -125,7 +125,7 @@
                 })
             })
         },
-        createPayment: function(currency, amount, email) {
+        createPayment: function(currency, amount, email, verification) {
             if (!email) {
                 // currency is optional, if only two args are present then shift them right
                 email = amount
@@ -138,7 +138,8 @@
                     data: {
                         currency: currency,
                         amount: amount,
-                        email: email
+                        email: email,
+                        "g-recaptcha-response": verification
                     },
                     dataType: "json",
                     error: function (jqXHR, textStatus, errorThrown) {