Implemented ReCaptcha

Author: pkfln

package-lock.json

@@ -15,6 +15,7 @@
     "@types/execa": "^0.9.0",
     "@types/got": "^9.4.1",
     "@types/helmet": "0.0.42",
+    "@types/recaptcha2": "^1.3.0",
     "@types/socket.io": "^2.1.2",
     "adjective-adjective-animal": "^1.3.3",
     "async-file": "^2.0.2",
@@ -27,6 +28,7 @@
     "got": "^9.6.0",
     "helmet": "^3.15.1",
     "pino": "^5.8.1",
+    "recaptcha2": "^1.3.3",
     "socket.io": "^2.2.0",
     "uuid-by-string": "^2.1.0"
   },

package.json

@@ -0,0 +1,6 @@
+import reCAPTCHA from 'recaptcha2';
+
+export default new reCAPTCHA({
+  siteKey: 'notNeeded',
+  secretKey: process.env.RECAPTCHA_SECRET_KEY
+});

server/common/recaptcha/index.ts

@@ -8,6 +8,7 @@ import { IBuildResponse, IDependency } from '../fiddle/interfaces';
 import server from '../express';
 import StdMessages from './StdMessages';
 import Fiddle from '../fiddle';
+import recaptcha from '../recaptcha';
 
 const aaaRegex = /^(?=(.*[A-Z]){3,})(?=(.*[a-z]){3,})[^\W|_|\d]+$/;
 
@@ -129,14 +130,23 @@ export default class SocketServer {
     socket.content = content;
   }
 
-  async onRunScript(socket: IExtendedSocket): Promise<any> {
+  async onRunScript(socket: IExtendedSocket, captchaToken: string): Promise<any> {
     if (socket.isRunning || socket.isProcessing)
       return StdMessages.sendErrorMessage(socket, 'Invalid request. (Your script is already running)');
 
     socket.isProcessing = true;
     socket.isRunning = false;
     StdMessages.sendScriptExecutionState(socket);
 
+    try {
+      await recaptcha.validate(captchaToken);
+    } catch (ex) {
+      socket.isProcessing = false;
+      socket.isRunning = false;
+      StdMessages.sendScriptExecutionState(socket);
+      return StdMessages.sendErrorMessage(socket, 'Invalid request. (Captcha challenge failed)');
+    }
+
     socket.emit('clearConsole');
 
     if (!socket.fiddleInstance)
@@ -197,7 +207,13 @@ export default class SocketServer {
       socket.fiddleInstance.terminate(); // We just hope that the client was subscribed to the error / close event
   }
 
-  async onShare(socket: IExtendedSocket): Promise<any> {
+  async onShare(socket: IExtendedSocket, captchaToken: string): Promise<any> {
+    try {
+      await recaptcha.validate(captchaToken);
+    } catch (ex) {
+      return StdMessages.sendErrorMessage(socket, 'Invalid request. (Captcha challenge failed)');
+    }
+
     if (!socket.fiddleInstance)
       socket.fiddleInstance = new Fiddle();
 

server/common/socket/index.ts

@@ -11,6 +11,7 @@
     "@types/react": "16.8.4",
     "@types/react-custom-scrollbars": "^4.0.5",
     "@types/react-dom": "16.8.2",
+    "@types/react-google-recaptcha": "^1.0.0",
     "@types/react-router-dom": "^4.3.1",
     "@types/react-select": "^2.0.13",
     "@types/react-splitter-layout": "^3.0.0",
@@ -25,6 +26,7 @@
     "react-container-dimensions": "^1.4.1",
     "react-custom-scrollbars": "^4.2.1",
     "react-dom": "^16.8.2",
+    "react-google-recaptcha": "^1.0.5",
     "react-monaco-editor": "^0.24.0",
     "react-router-dom": "^4.3.1",
     "react-scripts": "2.1.5",
@@ -33,7 +35,8 @@
     "sanitize-html-react": "^1.13.0",
     "socket.io-client": "^2.2.0",
     "tabler-react": "^1.28.0",
-    "typescript": "3.3.3"
+    "typescript": "3.3.3",
+    "wait-for-cond": "^1.6.0"
   },
   "scripts": {
     "start": "react-scripts start",

ui/package.json

@@ -64,6 +64,9 @@ class Footer extends Component<{}, IState> {
         <div className={'row footer bp3-navbar'}>
           PAWN Fiddle <Button className={'bp3-minimal'} onClick={this.handleDialogOpen} icon={'help'}></Button> |
           Made with <Icon icon={'heart'} intent={Intent.DANGER} /> by <a href={'https://sa-mp.dev'}>sa-mp.dev</a> | Powered by <a href={'http://sampctl.com'}>sampctl</a>
+          <div className={'recaptcha-footer'}>
+            This site is protected by reCAPTCHA and the Google <a href="https://policies.google.com/privacy">Privacy Policy</a> and <a href="https://policies.google.com/terms">Terms of Service</a> apply.
+          </div>
         </div>
       </>
     );

ui/src/components/Footer/index.tsx

@@ -1,4 +1,19 @@
+@import "~@blueprintjs/core/lib/scss/variables";
+
 .footer {
-    line-height: 40px;
-    text-align: center;
-}
+  line-height: 40px;
+  text-align: center;
+}
+
+.recaptcha-footer {
+  background-color: $dark-gray2;
+  border-radius: 5px;
+  position: absolute;
+  top: 5px;
+  right: 5px;
+  height: 30px;
+  width: 215px;
+  font-size: 9px;
+  line-height: 9px;
+  padding: 6px;
+}

ui/src/components/Footer/style.scss

@@ -1,5 +1,7 @@
-import React, { Component } from 'react';
+import React, { Component, RefObject } from 'react';
 import { Classes, Navbar, Alignment, EditableText, Button, Popover, Spinner, H5, Intent } from '@blueprintjs/core';
+import ReCAPTCHA from 'react-google-recaptcha';
+import waitFor from 'wait-for-cond';
 
 import socketClient from '../../socketClient';
 import Toast from '../../toast';
@@ -9,6 +11,8 @@ import './style.scss';
 import logoPath from '../../assets/images/pawnlogo.png';
 
 interface IState extends IExecutionState {
+  recaptcha: RefObject<ReCAPTCHA>,
+  captchaToken: string | null,
   locked: boolean,
   title: string,
   isSharing: boolean,
@@ -23,6 +27,8 @@ interface IExecutionState {
 
 class NavBar extends Component {
   state: IState = {
+    recaptcha: React.createRef(),
+    captchaToken: null,
     locked: false,
     title: '',
     isProcessing: false,
@@ -93,10 +99,20 @@ class NavBar extends Component {
     Toast.show({ intent: Intent.SUCCESS, icon: 'tick', message: `Forked ${previousTitle} successfully.` });
   }
 
-  private runScript(): void {
-    if (!this.state.isProcessing || !this.state.isRunning) {
-      socketClient.socket.emit('runScript');
+  private async runScript(): Promise<any> {
+    if (this.state.isProcessing || this.state.isRunning)
+      return;
+
+    if (!await this.checkCaptcha()) {
+      return Toast.show({
+        intent: Intent.DANGER,
+        icon: 'error',
+        message: 'You are solving that damn captcha for over an hour now... Hit the button again to retry solving the captcha.'
+      });
     }
+    
+    socketClient.socket.emit('runScript', this.state.captchaToken);
+    this.invalidateCaptcha();
   }
 
   private stopScript(): void {
@@ -144,12 +160,43 @@ class NavBar extends Component {
     }
   }
 
-  private shareFiddle(): void {
+  private async checkCaptcha(): Promise<boolean> {
+    if (!this.state.recaptcha.current)
+      return false;
+    
+    this.state.recaptcha.current.execute();
+
+    try {
+      await waitFor(() => this.state.captchaToken, 1 * 60 * 60 * 1000); // Shouldn't take longer than an hour to solve some captchas...
+      return true;
+    } catch (ex) {
+      return false; // he actually took longer than 1 hour to solve captchas... smh my head
+    }
+  }
+
+  private invalidateCaptcha(): void {
+    if (!this.state.recaptcha.current)
+      return;
+    
+    this.state.recaptcha.current.reset();
+    this.setState({ captchaToken: null });
+  }
+
+  private async shareFiddle(): Promise<any> {
     if (this.state.isSharing || this.state.locked)
       return;
 
+    if (!await this.checkCaptcha()) {
+      return Toast.show({
+        intent: Intent.DANGER,
+        icon: 'error',
+        message: 'You are solving that damn captcha for over an hour now... Hit the button again to retry solving the captcha.'
+      });
+    }
+
     this.setState({ isSharing: true });
-    socketClient.socket.emit('share');
+    socketClient.socket.emit('share', this.state.captchaToken);
+    this.invalidateCaptcha();
   }
 
   private forkFiddle(): void {
@@ -180,6 +227,13 @@ class NavBar extends Component {
           </Navbar.Heading>
         </Navbar.Group>
         <Navbar.Group align={Alignment.RIGHT}>
+          <ReCAPTCHA
+            ref={this.state.recaptcha}
+            size={'invisible'}
+            theme={'dark'}
+            onChange={captchaToken => this.setState({ captchaToken })}
+            sitekey={process.env.REACT_APP_RECAPTCHA_KEY || '6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI'}
+          />
           <Popover>
             <Button className={'bp3-minimal'} disabled={this.state.locked} icon={'share'} text={'Share'} large />
             <div className={'sharePopover'}>

ui/src/components/NavBar/index.tsx

@@ -1,7 +1,11 @@
 .sharePopover {
-    padding: 20px;
+  padding: 20px;
 }
 
 .shareURL {
-    user-select: all;
-}
+  user-select: all;
+}
+
+.grecaptcha-badge {
+  visibility: collapse !important;
+}

ui/src/components/NavBar/style.scss

@@ -1,6 +1,7 @@
 /// <reference types="react-scripts" />
 declare module '@uiw/react-monacoeditor';
 declare module 'sanitize-html-react';
+declare module 'wait-for-cond';
 declare module '*.scss' {
     const content: {[className: string]: string};
     export default content;

ui/src/react-app-env.d.ts

@@ -1035,6 +1035,13 @@
   dependencies:
     "@types/react" "*"
 
+"@types/react-google-recaptcha@^1.0.0":
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/@types/react-google-recaptcha/-/react-google-recaptcha-1.0.0.tgz#f0831066d082b7dcb3613c2ce361ff96fbc1b567"
+  integrity sha512-NhHWdRzRt766Zw+e5qvEAP0dVPHX9RDcv9BCrQ3GWXbN5qUjUe7ZSSpwa1lftVzjt4vD9755uBsSJ668rJpOHQ==
+  dependencies:
+    "@types/react" "*"
+
 "@types/react-router-dom@^4.3.1":
   version "4.3.1"
   resolved "https://registry.yarnpkg.com/@types/react-router-dom/-/react-router-dom-4.3.1.tgz#71fe2918f8f60474a891520def40a63997dafe04"
@@ -4973,6 +4980,13 @@ hoist-non-react-statics@^2.5.0:
   resolved "https://registry.yarnpkg.com/hoist-non-react-statics/-/hoist-non-react-statics-2.5.5.tgz#c5903cf409c0dfd908f388e619d86b9c1174cb47"
   integrity sha512-rqcy4pJo55FTTLWt+bU8ukscqHeE/e9KWvsOW2b/a3afxQZhwkQdT1rPPCJ0rYXdj4vNcasY8zHTH+jF/qStxw==
 
+hoist-non-react-statics@^3.0.1:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/hoist-non-react-statics/-/hoist-non-react-statics-3.3.0.tgz#b09178f0122184fb95acf525daaecb4d8f45958b"
+  integrity sha512-0XsbTXxgiaCDYDIWFcwkmerZPSwywfUqYmwT4jzewKTQSWoE6FCMoUVOeBJWK3E/CrWbxRG3m5GzY4lnIwGRBA==
+  dependencies:
+    react-is "^16.7.0"
+
 home-or-tmp@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/home-or-tmp/-/home-or-tmp-2.0.0.tgz#e36c3f2d2cae7d746a857e38d18d5f32a7882db8"
@@ -8625,7 +8639,7 @@ prompts@^0.1.9:
     kleur "^2.0.1"
     sisteransi "^0.1.1"
 
-prop-types@^15.5.10, prop-types@^15.5.4, prop-types@^15.5.6, prop-types@^15.5.8, prop-types@^15.6.0, prop-types@^15.6.1:
+prop-types@^15.5.0, prop-types@^15.5.10, prop-types@^15.5.4, prop-types@^15.5.6, prop-types@^15.5.8, prop-types@^15.6.0, prop-types@^15.6.1:
   version "15.7.2"
   resolved "https://registry.yarnpkg.com/prop-types/-/prop-types-15.7.2.tgz#52c41e75b8c87e72b9d9360e0206b99dcbffa6c5"
   integrity sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==
@@ -8832,6 +8846,14 @@ react-app-polyfill@^0.2.1:
     raf "3.4.1"
     whatwg-fetch "3.0.0"
 
+react-async-script@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/react-async-script/-/react-async-script-1.0.0.tgz#3578153247bc3f9654a5878c4142539ffbf65c2d"
+  integrity sha512-KNbqPgaOrb7sxEr3qLuyxswJfveCGSGsxj/jYbUT0esTD2p5u5kmnt6huOOEcL5UwU4Zmbw561gUC45xPjB+MA==
+  dependencies:
+    hoist-non-react-statics "^3.0.1"
+    prop-types "^15.5.0"
+
 react-container-dimensions@^1.4.1:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/react-container-dimensions/-/react-container-dimensions-1.4.1.tgz#73a8b497f09c6b55a18a79b18a57a8327138f343"
@@ -8912,13 +8934,26 @@ react-error-overlay@^5.1.3:
   resolved "https://registry.yarnpkg.com/react-error-overlay/-/react-error-overlay-5.1.3.tgz#16fcbde75ed4dc6161dc6dc959b48e92c6ffa9ad"
   integrity sha512-GoqeM3Xadie7XUApXOjkY3Qhs8RkwB/Za4WMedBGrOKH1eTuKGyoAECff7jiVonJchOx6KZ9i8ILO5XIoHB+Tg==
 
+react-google-recaptcha@^1.0.5:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/react-google-recaptcha/-/react-google-recaptcha-1.0.5.tgz#fc5a1c5c9fd678ccea11c9a47b22f38a8b9d3c88"
+  integrity sha512-IUIIQVUIKgsG7Ok1AiqBdJZVpFRpIWOM3H/36fAJHMd52l+X0pn4sTxvm2YJEN01QXWR1jg79+93J8mQef7hfw==
+  dependencies:
+    prop-types "^15.5.0"
+    react-async-script "^1.0.0"
+
 react-input-autosize@^2.2.1:
   version "2.2.1"
   resolved "https://registry.yarnpkg.com/react-input-autosize/-/react-input-autosize-2.2.1.tgz#ec428fa15b1592994fb5f9aa15bb1eb6baf420f8"
   integrity sha512-3+K4CD13iE4lQQ2WlF8PuV5htfmTRLH6MDnfndHM6LuBRszuXnuyIfE7nhSKt8AzRBZ50bu0sAhkNMeS5pxQQA==
   dependencies:
     prop-types "^15.5.8"
 
+react-is@^16.7.0:
+  version "16.8.4"
+  resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.8.4.tgz#90f336a68c3a29a096a3d648ab80e87ec61482a2"
+  integrity sha512-PVadd+WaUDOAciICm/J1waJaSvgq+4rHE/K70j0PFqKhkTBsPv/82UGQJNXAngz1fOQLLxI6z1sEDmJDQhCTAA==
+
 react-is@^16.8.1:
   version "16.8.1"
   resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.8.1.tgz#a80141e246eb894824fb4f2901c0c50ef31d4cdb"
@@ -10993,6 +11028,11 @@ w3c-hr-time@^1.0.1:
   dependencies:
     browser-process-hrtime "^0.1.2"
 
+wait-for-cond@^1.6.0:
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/wait-for-cond/-/wait-for-cond-1.6.0.tgz#7ec38c4ccd99eceefae63d62be2498100f9f7ac5"
+  integrity sha512-hC+xGlFfspoTPpie43JjFi4onzVNAxr6UtvttAT+QigVbge7hJPH1oR0LNvLcsNOEt5K4FoR6Q2Ez3a9jWNmig==
+
 walker@~1.0.5:
   version "1.0.7"
   resolved "https://registry.yarnpkg.com/walker/-/walker-1.0.7.tgz#2f7f9b8fd10d677262b18a884e28d19618e028fb"