Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add turnstile functionality

Browse Source
This commit is contained in:
David Bomba 2023-12-23 13:10:15 +11:00
parent c65cfcb31b
commit f9e709af5b
4 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/Http/Controllers/AccountController.php
View File

@ -65,6 +65,25 @@ class AccountController extends BaseController
*/
public function store(CreateAccountRequest $request)
{
if(config('ninja.cloudflare.turnstile.secret')) {
$r = \Illuminate\Support\Facades\Http::post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
'secret' => config('ninja.cloudflare.turnstile.secret'),
'response' => $request->input('cf-turnstile-response'),
'remoteip' => $request->getClientIp(),
]);
if($r->successful()){
if($r->json()['success'] === true) {
// return response()->json(['message' => 'Captcha Success'], 200);
} else {
return response()->json(['message' => 'Captcha Failed'], 400);
}
}
}
$account = (new CreateAccount($request->all(), $request->getClientIp()))->handle();
if (! ($account instanceof Account)) {
return $account;

8
app/Http/Controllers/TwilioController.php
View File

@ -144,6 +144,9 @@ class TwilioController extends BaseController
*/
public function generate2faResetCode(Generate2faRequest $request)
{
nlog($request->all());
nlog($request->headers());
$user = User::where('email', $request->email)->first();
if (!$user) {
@ -154,6 +157,11 @@ class TwilioController extends BaseController
return response()->json(['message' => 'Please verify your email address before verifying your phone number'], 400);
}
if(!$user->first_name || !$user->last_name) {
return response()->json(['message' => 'Please update your first and/or last name in the User Details before verifying your number.'], 400);
}
if (!$user->phone || $user->phone == '') {
return response()->json(['message' => 'User found, but no valid phone number on file, please contact support.'], 400);
}

5
config/ninja.php
View File

@ -228,5 +228,10 @@ return [
'secret' => env('PAYPAL_SECRET', null),
'client_id' => env('PAYPAL_CLIENT_ID', null),
'webhook_id' => env('PAYPAL_WEBHOOK_ID', null),
],
'cloudflare' => [
'turnstile' => [
'secret' => env('CLOUDFLARE_SECRET', null),
]
]
];

6
routes/api.php
View File

@ -360,7 +360,7 @@ Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale']
Route::post('settings/enable_two_factor', [TwoFactorController::class, 'enableTwoFactor']);
Route::post('settings/disable_two_factor', [TwoFactorController::class, 'disableTwoFactor']);
Route::post('verify', [TwilioController::class, 'generate'])->name('verify.generate')->middleware('throttle:100,1');
Route::post('verify', [TwilioController::class, 'generate'])->name('verify.generate')->middleware('throttle:3,1');
Route::post('verify/confirm', [TwilioController::class, 'confirm'])->name('verify.confirm');
Route::resource('vendors', VendorController::class); // name = (vendors. index / create / show / update / destroy / edit
@ -403,8 +403,8 @@ Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale']
Route::post('api/v1/yodlee/status/{account_number}', [YodleeController::class, 'accountStatus']);
});
Route::post('api/v1/sms_reset', [TwilioController::class, 'generate2faResetCode'])->name('sms_reset.generate')->middleware('throttle:10,1');
Route::post('api/v1/sms_reset/confirm', [TwilioController::class, 'confirm2faResetCode'])->name('sms_reset.confirm')->middleware('throttle:20,1');
Route::post('api/v1/sms_reset', [TwilioController::class, 'generate2faResetCode'])->name('sms_reset.generate')->middleware('throttle:3,1');
Route::post('api/v1/sms_reset/confirm', [TwilioController::class, 'confirm2faResetCode'])->name('sms_reset.confirm')->middleware('throttle:3,1');
Route::match(['get', 'post'], 'payment_webhook/{company_key}/{company_gateway_id}', PaymentWebhookController::class)
->middleware('throttle:1000,1')