feat(wave): add CAPTCHA to repo application form#1919
Open
efstajas wants to merge 1 commit into
Open
Conversation
Renders the Cloudflare Turnstile widget on the last step of the repo application form and sends the token via the x-turnstile-token header, mirroring the issue application page. Required for the backend captcha check added in drips-network/wave#662.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the Cloudflare Turnstile (CAPTCHA) check to the repo application form — the maintainer-onboarding "apply repos to a wave program" flow — mirroring the pattern already used on the issue application page.
This is the frontend counterpart required by the backend PR https://github.com/drips-network/wave/pull/662, which adds
requireCaptchatoPOST /api/wave-programs/:waveProgramId/repos/apply. Without this, that endpoint would reject submissions in environments where Turnstile is configured.Changes
src/lib/utils/wave/wavePrograms.ts—batchApplyReposnow accepts an optionalturnstileTokenand forwards it as thex-turnstile-tokenheader (only when present), matchingapplyToWorkOnIssue..../apply-to-wave-program/[waveProgramId]/form/+page.svelte(last step of the repo application form):Turnstilewidget in aVerification*FormField(shown once KYC is verified), just before the submit button.turnstileTokenstate and folds!!turnstileTokenintoformValid, so "Apply selected repos" stays disabled until the challenge is solved.batchApplyReposcall.Reuses all existing Turnstile infra (
Turnstilecomponent,PUBLIC_TURNSTILE_SITE_KEY, the Cloudflare script inapp.html) — same approach as the issue application page.Notes
TURNSTILE_SECRET_KEYis unset, so this is a no-op locally without the key.Verification
svelte-checkpasses with 0 errors.