Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add cloudflare turnstile #181

Closed
wants to merge 1 commit into from
Closed

add cloudflare turnstile #181

wants to merge 1 commit into from

Conversation

hyusap
Copy link
Collaborator

@hyusap hyusap commented Dec 8, 2024

make sure to add env vars before merging

@hyusap hyusap requested review from VVoruganti and bLopata December 8, 2024 01:51
@vercel Vercel
Copy link

vercel bot commented Dec 8, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
tutor-gpt ✅ Ready (Inspect) Visit Preview 💬 Add feedback Dec 8, 2024 1:52am

VVoruganti
VVoruganti requested changes Dec 11, 2024
View reviewed changes
Copy link
Collaborator

@VVoruganti VVoruganti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rebase for the changes to main that now uses server side rendering for the main page.

www/app/api/chat/route.ts
Comment on lines +135 to +151
async function verifyTurnstile(token: string, ip: string) {
const formData = new FormData();
formData.append('secret', process.env.TURNSTILE_SECRET_KEY as string);
formData.append('response', token);
formData.append('remoteip', ip);

const url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
const result = await fetch(url, {
body: formData,
method: 'POST',
});

const json = await result.json();

return json.success;
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So from briefly reading about cloudflare turnstiles it does look like a good option if we don't need a manual challenge. I was initially thinking to use the Supabase captcha, but this works.

The main thing we want to do is protect the authentication page to avoid bots and from reading about this we want to have a client side check that is verified on the server.

That makes me think a dedicated server action for cloudflare would make sense that we call on the authentication page as well. We might want to add it to the layout.tsx so it's called on all pages?

@hyusap hyusap closed this Dec 14, 2024
@hyusap
Copy link
Collaborator Author

hyusap commented Dec 14, 2024

see #184

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VVoruganti VVoruganti VVoruganti requested changes

@bLopata bLopata Awaiting requested review from bLopata

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hyusap @VVoruganti