From c27f45e88c064b924798cda8f5581ed3ccb12a47 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Mar 2024 13:18:38 +0000
Subject: [PATCH 1/5] Bump express from 4.18.2 to 4.19.2 in /app

Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 app/yarn.lock | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/app/yarn.lock b/app/yarn.lock
index 0aa14b6..b9e2bb0 100644
--- a/app/yarn.lock
+++ b/app/yarn.lock
@@ -3289,13 +3289,13 @@ bluebird@^3.7.2:
   resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
   integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
 
-body-parser@1.20.1:
-  version "1.20.1"
-  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.1.tgz#b1812a8912c195cd371a3ee5e66faa2338a5c668"
-  integrity sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==
+body-parser@1.20.2:
+  version "1.20.2"
+  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.2.tgz#6feb0e21c4724d06de7ff38da36dad4f57a747fd"
+  integrity sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==
   dependencies:
     bytes "3.1.2"
-    content-type "~1.0.4"
+    content-type "~1.0.5"
     debug "2.6.9"
     depd "2.0.0"
     destroy "1.2.0"
@@ -3303,7 +3303,7 @@ body-parser@1.20.1:
     iconv-lite "0.4.24"
     on-finished "2.4.1"
     qs "6.11.0"
-    raw-body "2.5.1"
+    raw-body "2.5.2"
     type-is "~1.6.18"
     unpipe "1.0.0"
 
@@ -3671,7 +3671,7 @@ content-disposition@0.5.4:
   dependencies:
     safe-buffer "5.2.1"
 
-content-type@~1.0.4:
+content-type@~1.0.4, content-type@~1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.5.tgz#8b773162656d1d1086784c8f23a54ce6d73d7918"
   integrity sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==
@@ -3691,10 +3691,10 @@ cookie-signature@1.0.6:
   resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
   integrity sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==
 
-cookie@0.5.0:
-  version "0.5.0"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.5.0.tgz#d1f5d71adec6558c58f389987c366aa47e994f8b"
-  integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==
+cookie@0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
+  integrity sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==
 
 core-js-compat@^3.31.0, core-js-compat@^3.33.1:
   version "3.33.3"
@@ -4813,16 +4813,16 @@ expect@^29.0.0:
     jest-util "^29.7.0"
 
 express@^4.17.3:
-  version "4.18.2"
-  resolved "https://registry.yarnpkg.com/express/-/express-4.18.2.tgz#3fabe08296e930c796c19e3c516979386ba9fd59"
-  integrity sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==
+  version "4.19.2"
+  resolved "https://registry.yarnpkg.com/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465"
+  integrity sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==
   dependencies:
     accepts "~1.3.8"
     array-flatten "1.1.1"
-    body-parser "1.20.1"
+    body-parser "1.20.2"
     content-disposition "0.5.4"
     content-type "~1.0.4"
-    cookie "0.5.0"
+    cookie "0.6.0"
     cookie-signature "1.0.6"
     debug "2.6.9"
     depd "2.0.0"
@@ -8073,10 +8073,10 @@ range-parser@^1.2.1, range-parser@~1.2.1:
   resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031"
   integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
 
-raw-body@2.5.1:
-  version "2.5.1"
-  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.5.1.tgz#fe1b1628b181b700215e5fd42389f98b71392857"
-  integrity sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==
+raw-body@2.5.2:
+  version "2.5.2"
+  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.5.2.tgz#99febd83b90e08975087e8f1f9419a149366b68a"
+  integrity sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==
   dependencies:
     bytes "3.1.2"
     http-errors "2.0.0"

From c12eae394c6c6826c7e3566b1e794ff69e346b6d Mon Sep 17 00:00:00 2001
From: Giacomo Licari <giacomo@gnosis.io>
Date: Wed, 10 Apr 2024 15:13:30 +0200
Subject: [PATCH 2/5] Improve captcha verification

---
 api/api/services/captcha.py   | 6 ++++--
 api/api/services/validator.py | 4 +++-
 api/api/settings.py           | 1 +
 app/package.json              | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/api/api/services/captcha.py b/api/api/services/captcha.py
index a8cc74a..e790800 100644
--- a/api/api/services/captcha.py
+++ b/api/api/services/captcha.py
@@ -1,10 +1,12 @@
 import requests
 
 
-def captcha_verify(client_response, catpcha_api_url, secret_key):
+def captcha_verify(client_response, catpcha_api_url, secret_key, remote_ip, site_key):
     request = requests.post(catpcha_api_url, data={
         'response': client_response,
-        'secret': secret_key
+        'secret': secret_key,
+        'remoteip': remote_ip,
+        'sitekey': site_key
     })
 
     if request.status_code != 200:
diff --git a/api/api/services/validator.py b/api/api/services/validator.py
index d9abfa3..c6389de 100644
--- a/api/api/services/validator.py
+++ b/api/api/services/validator.py
@@ -111,7 +111,9 @@ def captcha_validation(self):
         # check hcatpcha
         catpcha_verified = captcha_verify(
             self.request_data.get('captcha'),
-            current_app.config['CAPTCHA_VERIFY_ENDPOINT'], current_app.config['CAPTCHA_SECRET_KEY']
+            current_app.config['CAPTCHA_VERIFY_ENDPOINT'], current_app.config['CAPTCHA_SECRET_KEY'],
+            self.ip_address,
+            current_app.config['CAPTCHA_SITE_KEY']
         )
 
         if not catpcha_verified:
diff --git a/api/api/settings.py b/api/api/settings.py
index e4bdd24..27c7549 100644
--- a/api/api/settings.py
+++ b/api/api/settings.py
@@ -26,3 +26,4 @@
 
 CAPTCHA_VERIFY_ENDPOINT = os.getenv('CAPTCHA_VERIFY_ENDPOINT')
 CAPTCHA_SECRET_KEY = os.getenv('CAPTCHA_SECRET_KEY')
+CAPTCHA_SITE_KEY = os.getenv('CAPTCHA_SITE_KEY')
diff --git a/app/package.json b/app/package.json
index 44d4991..49e5358 100644
--- a/app/package.json
+++ b/app/package.json
@@ -3,7 +3,7 @@
   "version": "0.1.0",
   "private": true,
   "dependencies": {
-    "@hcaptcha/react-hcaptcha": "^1.9.1",
+    "@hcaptcha/react-hcaptcha": "1.10.1",
     "@testing-library/jest-dom": "^5.14.1",
     "@testing-library/react": "^13.0.0",
     "@testing-library/user-event": "^13.2.1",

From daf3366b62bcd893f7a917e292d97b214f422b3b Mon Sep 17 00:00:00 2001
From: Giacomo Licari <giacomo@gnosis.io>
Date: Wed, 10 Apr 2024 16:51:15 +0200
Subject: [PATCH 3/5] Add CAPTCHA_SITE_KEY to .env.example, add
 local_run_api.sh to run API locally

---
 api/.env.example             |  3 ++-
 api/scripts/local_run_api.sh | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 api/scripts/local_run_api.sh

diff --git a/api/.env.example b/api/.env.example
index 0d7993e..f158dc3 100644
--- a/api/.env.example
+++ b/api/.env.example
@@ -4,4 +4,5 @@ FAUCET_RPC_URL=https://rpc.chiadochain.net
 FAUCET_CHAIN_ID=10200
 FAUCET_DATABASE_URI=sqlite://
 CAPTCHA_VERIFY_ENDPOINT=https://api.hcaptcha.com/siteverify
-CAPTCHA_SECRET_KEY=0x0000000000000000000000000000000000000000
\ No newline at end of file
+CAPTCHA_SECRET_KEY=0x0000000000000000000000000000000000000000
+CAPTCHA_SITE_KEY=xxxxx-xxxxx-xxxxx-xxxxx
\ No newline at end of file
diff --git a/api/scripts/local_run_api.sh b/api/scripts/local_run_api.sh
new file mode 100644
index 0000000..ebd5767
--- /dev/null
+++ b/api/scripts/local_run_api.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -euo pipefail
+
+
+echo "==> $(date +%H:%M:%S) ==> Migrating DB models... "
+FLASK_APP=api python -m flask db upgrade
+
+echo "==> $(date +%H:%M:%S) ==> Running Gunicorn... "
+exec gunicorn --bind localhost:8000 "api:create_app()"
\ No newline at end of file

From 2bc83daeedd28163a9ba10258fac098150df4ff3 Mon Sep 17 00:00:00 2001
From: Giacomo Licari <giacomo@gnosis.io>
Date: Wed, 10 Apr 2024 16:56:45 +0200
Subject: [PATCH 4/5] Log captcha verify response

---
 api/api/services/captcha.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/api/api/services/captcha.py b/api/api/services/captcha.py
index e790800..b9d51c2 100644
--- a/api/api/services/captcha.py
+++ b/api/api/services/captcha.py
@@ -1,4 +1,8 @@
 import requests
+import logging
+
+
+logging.basicConfig(level=logging.INFO)
 
 
 def captcha_verify(client_response, catpcha_api_url, secret_key, remote_ip, site_key):
@@ -9,6 +13,8 @@ def captcha_verify(client_response, catpcha_api_url, secret_key, remote_ip, site
         'sitekey': site_key
     })
 
+    logging.info('Captcha verify response: %s' % request.json())
+
     if request.status_code != 200:
         return False
     return request.json()['success'] == True

From c349e64d217f8afbf60e940d3447c7c90ba1512f Mon Sep 17 00:00:00 2001
From: Giacomo Licari <giacomo@gnosis.io>
Date: Wed, 10 Apr 2024 16:56:45 +0200
Subject: [PATCH 5/5] Log captcha verify response

---
 api/api/services/captcha.py   | 6 ++++++
 api/api/services/validator.py | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/api/api/services/captcha.py b/api/api/services/captcha.py
index e790800..b9d51c2 100644
--- a/api/api/services/captcha.py
+++ b/api/api/services/captcha.py
@@ -1,4 +1,8 @@
 import requests
+import logging
+
+
+logging.basicConfig(level=logging.INFO)
 
 
 def captcha_verify(client_response, catpcha_api_url, secret_key, remote_ip, site_key):
@@ -9,6 +13,8 @@ def captcha_verify(client_response, catpcha_api_url, secret_key, remote_ip, site
         'sitekey': site_key
     })
 
+    logging.info('Captcha verify response: %s' % request.json())
+
     if request.status_code != 200:
         return False
     return request.json()['success'] == True
diff --git a/api/api/services/validator.py b/api/api/services/validator.py
index c6389de..842e8ad 100644
--- a/api/api/services/validator.py
+++ b/api/api/services/validator.py
@@ -111,7 +111,8 @@ def captcha_validation(self):
         # check hcatpcha
         catpcha_verified = captcha_verify(
             self.request_data.get('captcha'),
-            current_app.config['CAPTCHA_VERIFY_ENDPOINT'], current_app.config['CAPTCHA_SECRET_KEY'],
+            current_app.config['CAPTCHA_VERIFY_ENDPOINT'],
+            current_app.config['CAPTCHA_SECRET_KEY'],
             self.ip_address,
             current_app.config['CAPTCHA_SITE_KEY']
         )