chore: extend recaptcha logging (#11182)

1 week ago · 8a1d83b7ad
parent e8aa655d0c
commit 8a1d83b7ad
3 changed files with 27 additions and 4 deletions
--- a/apps/block_scout_web/lib/block_scout_web/captcha_helper.ex
+++ b/apps/block_scout_web/lib/block_scout_web/captcha_helper.ex
@ -2,6 +2,7 @@ defmodule BlockScoutWeb.CaptchaHelper do
  @moduledoc """
  A helper for CAPTCHA
  """
+  require Logger

  alias Explorer.Helper

@ -49,26 +50,42 @@ defmodule BlockScoutWeb.CaptchaHelper do
      false ->
        true

-      _ ->
+      error ->
+        Logger.error("Failed to verify reCAPTCHA: #{inspect(error)}")
        false
    end
  end

  # v3 case
  defp success?(%{"success" => true, "score" => score, "hostname" => hostname}) do
+    unless Helper.get_app_host() == hostname do
+      Logger.warning("reCAPTCHA v3 Hostname mismatch: #{inspect(hostname)} != #{inspect(Helper.get_app_host())}")
+    end
+
+    if Helper.get_app_host() == hostname and not check_recaptcha_v3_score(score) do
+      Logger.warning("reCAPTCHA v3 low score: #{inspect(score)} < #{inspect(score_threshold())}")
+    end
+
    (!check_hostname?() || Helper.get_app_host() == hostname) &&
      check_recaptcha_v3_score(score)
  end

  # v2 case
  defp success?(%{"success" => true, "hostname" => hostname}) do
+    unless Helper.get_app_host() == hostname do
+      Logger.warning("reCAPTCHA v2 Hostname mismatch: #{inspect(hostname)} != #{inspect(Helper.get_app_host())}")
+    end
+
    !check_hostname?() || Helper.get_app_host() == hostname
  end

-  defp success?(_resp), do: false
+  defp success?(resp) do
+    Logger.error("Failed to verify reCAPTCHA, unexpected response: #{inspect(resp)}")
+    false
+  end

  defp check_recaptcha_v3_score(score) do
-    if score >= 0.5 do
+    if score >= score_threshold() do
      true
    else
      false
@ -78,4 +95,8 @@ defmodule BlockScoutWeb.CaptchaHelper do
  defp check_hostname? do
    Application.get_env(:block_scout_web, :recaptcha)[:check_hostname?]
  end
+
+  defp score_threshold do
+    Application.get_env(:block_scout_web, :recaptcha)[:score_threshold]
+  end
 end
--- a/config/runtime.exs
+++ b/config/runtime.exs
@ -44,7 +44,8 @@ config :block_scout_web, :recaptcha,
  v3_client_key: System.get_env("RE_CAPTCHA_V3_CLIENT_KEY"),
  v3_secret_key: System.get_env("RE_CAPTCHA_V3_SECRET_KEY"),
  is_disabled: ConfigHelper.parse_bool_env_var("RE_CAPTCHA_DISABLED"),
-  check_hostname?: ConfigHelper.parse_bool_env_var("RE_CAPTCHA_CHECK_HOSTNAME", "true")
+  check_hostname?: ConfigHelper.parse_bool_env_var("RE_CAPTCHA_CHECK_HOSTNAME", "true"),
+  score_threshold: ConfigHelper.parse_float_env_var("RE_CAPTCHA_SCORE_THRESHOLD", "0.5")

 network_path =
  "NETWORK_PATH"
--- a/docker-compose/envs/common-blockscout.env
+++ b/docker-compose/envs/common-blockscout.env
@ -369,6 +369,7 @@ RE_CAPTCHA_V3_SECRET_KEY=
 RE_CAPTCHA_V3_CLIENT_KEY=
 RE_CAPTCHA_DISABLED=false
 # RE_CAPTCHA_CHECK_HOSTNAME
+# RE_CAPTCHA_SCORE_THRESHOLD
 JSON_RPC=
 # API_RATE_LIMIT_HAMMER_REDIS_URL=redis://redis-db:6379/1
 # API_RATE_LIMIT_IS_BLOCKSCOUT_BEHIND_PROXY=false