only call the captcha check when we actually need it

author: gumi <git@gumi.ca> 2018-04-10 15:43:44 -0400
committer: gumi <git@gumi.ca> 2018-04-10 15:43:44 -0400
commit: b0b04027206e928e5a511c8f8f060b27006aa382 (patch)
tree: 21a29054490db9fb0a73f2c96c89b395c32a14c8
parent: 85e91a8cad446bbc0a916f6b045bd8720404d17f (diff)
download: api-b0b04027206e928e5a511c8f8f060b27006aa382.tar.gz
api-b0b04027206e928e5a511c8f8f060b27006aa382.tar.bz2
api-b0b04027206e928e5a511c8f8f060b27006aa382.tar.xz
api-b0b04027206e928e5a511c8f8f060b27006aa382.zip
1 files changed, 7 insertions, 6 deletions
diff --git a/server.js b/server.js
index de4d53f..0d28cd5 100644
--- a/server.js
+++ b/server.js
@@ -56,7 +56,7 @@ const checkRateLimiting = (req, res, next) => {
     return;
 };
 
-const checkCaptcha = (req, res, next) => {
+const checkCaptcha = (req, res) => {
     const token = String(req.get("X-CAPTCHA-TOKEN") || "");
 
     if (!token.match(/^[a-zA-Z0-9-_]{30,60}$/)) {
@@ -67,7 +67,7 @@ const checkCaptcha = (req, res, next) => {
         console.info("a request with an empty token was received", req.ip);
         rate_limiting.add(req.ip);
         setTimeout(() => rate_limiting.delete(req.ip), 300000);
-        return;
+        return false;
     }
 
     https.get(`https://www.google.com/recaptcha/api/siteverify?secret=${process.env.npm_package_config_recaptcha_secret}&response=${token}`, re => {
@@ -83,10 +83,10 @@ const checkCaptcha = (req, res, next) => {
                 console.info("a request failed to validate", req.ip);
                 rate_limiting.add(req.ip);
                 setTimeout(() => rate_limiting.delete(req.ip), 300000);
-                return;
+                return false;
             }
 
-            next(); // challenge passed, so process the request
+            return true; // challenge passed, so process the request
         });
     }).on("error", error => {
         console.error(error);
@@ -95,7 +95,7 @@ const checkCaptcha = (req, res, next) => {
             error: "recaptcha couldn't be reached"
         });
         console.warn("reCaptcha couldn't be reached");
-        return;
+        return false;
     })
 };
 
@@ -112,9 +112,10 @@ api.get("/api/tmwa", (req, res) => {
 });
 
 api.use(checkRateLimiting);
-api.use(checkCaptcha);
 api.use(express.json());
 api.post("/api/account", (req, res) => {
+    if (checkCaptcha(req, res) !== true) return;
+
     if (!req.body || !Reflect.has(req.body, "username") ||
         !Reflect.has(req.body, "password") || !Reflect.has(req.body, "email") ||
         !req.body.username.match(/^[a-zA-Z0-9]{4,23}$/) ||
author	gumi <git@gumi.ca>	2018-04-10 15:43:44 -0400
committer	gumi <git@gumi.ca>	2018-04-10 15:43:44 -0400
commit	b0b04027206e928e5a511c8f8f060b27006aa382 (patch)
tree	21a29054490db9fb0a73f2c96c89b395c32a14c8
parent	85e91a8cad446bbc0a916f6b045bd8720404d17f (diff)
download	api-b0b04027206e928e5a511c8f8f060b27006aa382.tar.gz api-b0b04027206e928e5a511c8f8f060b27006aa382.tar.bz2 api-b0b04027206e928e5a511c8f8f060b27006aa382.tar.xz api-b0b04027206e928e5a511c8f8f060b27006aa382.zip