forked from pterodactyl/panel
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathVerifyReCaptcha.php
More file actions
59 lines (48 loc) · 1.94 KB
/
VerifyReCaptcha.php
File metadata and controls
59 lines (48 loc) · 1.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<?php
namespace Pterodactyl\Http\Middleware;
use Closure;
use Alert;
use \Pterodactyl\Events\Auth\FailedCaptcha;
class VerifyReCaptcha
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!config('recaptcha.enabled')) return $next($request);
$response_domain = null;
if ($request->has('g-recaptcha-response')) {
$response = $request->get('g-recaptcha-response');
$client = new \GuzzleHttp\Client();
$res = $client->post('https://www.google.com/recaptcha/api/siteverify', [
'form_params' => [
'secret' => config('recaptcha.secret_key'),
'response' => $response,
],
]);
if ($res->getStatusCode() === 200) {
$result = json_decode($res->getBody());
$response_domain = $result->hostname;
// Compare the domain received by google with the app url
$domain_verified = false;
if (config('recaptcha.verify_domain')) {
$matches;
preg_match('/^(?:https?:\/\/)?((?:www\.)?[^:\/\n]+)/', config('app.url'), $matches);
$domain = $matches[1];
$domain_verified = $response_domain === $domain;
}
if ($result->success && (!config('recaptcha.verify_domain') || $domain_verified)) {
return $next($request);
}
}
}
// Emit an event and return to the previous view with an error (only the captcha error will be shown!)
event(new FailedCaptcha($request->ip(), $response_domain));
return back()->withErrors(['g-recaptcha-response' => trans('strings.captcha_invalid')])->withInput();
}
}