From 8a1d83b7adcef923cde70b519a1066c7f49852dc Mon Sep 17 00:00:00 2001 From: Maxim Filonov <53992153+sl1depengwyn@users.noreply.github.com> Date: Tue, 12 Nov 2024 17:57:36 +0300 Subject: [PATCH] chore: extend recaptcha logging (#11182) --- .../lib/block_scout_web/captcha_helper.ex | 27 ++++++++++++++++--- config/runtime.exs | 3 ++- docker-compose/envs/common-blockscout.env | 1 + 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/apps/block_scout_web/lib/block_scout_web/captcha_helper.ex b/apps/block_scout_web/lib/block_scout_web/captcha_helper.ex index b05f39d696..810652e217 100644 --- a/apps/block_scout_web/lib/block_scout_web/captcha_helper.ex +++ b/apps/block_scout_web/lib/block_scout_web/captcha_helper.ex @@ -2,6 +2,7 @@ defmodule BlockScoutWeb.CaptchaHelper do @moduledoc """ A helper for CAPTCHA """ + require Logger alias Explorer.Helper @@ -49,26 +50,42 @@ defmodule BlockScoutWeb.CaptchaHelper do false -> true - _ -> + error -> + Logger.error("Failed to verify reCAPTCHA: #{inspect(error)}") false end end # v3 case defp success?(%{"success" => true, "score" => score, "hostname" => hostname}) do + unless Helper.get_app_host() == hostname do + Logger.warning("reCAPTCHA v3 Hostname mismatch: #{inspect(hostname)} != #{inspect(Helper.get_app_host())}") + end + + if Helper.get_app_host() == hostname and not check_recaptcha_v3_score(score) do + Logger.warning("reCAPTCHA v3 low score: #{inspect(score)} < #{inspect(score_threshold())}") + end + (!check_hostname?() || Helper.get_app_host() == hostname) && check_recaptcha_v3_score(score) end # v2 case defp success?(%{"success" => true, "hostname" => hostname}) do + unless Helper.get_app_host() == hostname do + Logger.warning("reCAPTCHA v2 Hostname mismatch: #{inspect(hostname)} != #{inspect(Helper.get_app_host())}") + end + !check_hostname?() || Helper.get_app_host() == hostname end - defp success?(_resp), do: false + defp success?(resp) do + Logger.error("Failed to verify reCAPTCHA, unexpected response: #{inspect(resp)}") + false + end defp check_recaptcha_v3_score(score) do - if score >= 0.5 do + if score >= score_threshold() do true else false @@ -78,4 +95,8 @@ defmodule BlockScoutWeb.CaptchaHelper do defp check_hostname? do Application.get_env(:block_scout_web, :recaptcha)[:check_hostname?] end + + defp score_threshold do + Application.get_env(:block_scout_web, :recaptcha)[:score_threshold] + end end diff --git a/config/runtime.exs b/config/runtime.exs index 399394b782..2ad5409019 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -44,7 +44,8 @@ config :block_scout_web, :recaptcha, v3_client_key: System.get_env("RE_CAPTCHA_V3_CLIENT_KEY"), v3_secret_key: System.get_env("RE_CAPTCHA_V3_SECRET_KEY"), is_disabled: ConfigHelper.parse_bool_env_var("RE_CAPTCHA_DISABLED"), - check_hostname?: ConfigHelper.parse_bool_env_var("RE_CAPTCHA_CHECK_HOSTNAME", "true") + check_hostname?: ConfigHelper.parse_bool_env_var("RE_CAPTCHA_CHECK_HOSTNAME", "true"), + score_threshold: ConfigHelper.parse_float_env_var("RE_CAPTCHA_SCORE_THRESHOLD", "0.5") network_path = "NETWORK_PATH" diff --git a/docker-compose/envs/common-blockscout.env b/docker-compose/envs/common-blockscout.env index 80166a8332..f31d65b6ff 100644 --- a/docker-compose/envs/common-blockscout.env +++ b/docker-compose/envs/common-blockscout.env @@ -369,6 +369,7 @@ RE_CAPTCHA_V3_SECRET_KEY= RE_CAPTCHA_V3_CLIENT_KEY= RE_CAPTCHA_DISABLED=false # RE_CAPTCHA_CHECK_HOSTNAME +# RE_CAPTCHA_SCORE_THRESHOLD JSON_RPC= # API_RATE_LIMIT_HAMMER_REDIS_URL=redis://redis-db:6379/1 # API_RATE_LIMIT_IS_BLOCKSCOUT_BEHIND_PROXY=false