hCaptcha Integration
This commit is contained in:
@@ -5,6 +5,8 @@ namespace Core\Elements;
|
||||
use Core\Configuration\Settings;
|
||||
use Core\Driver\Logger\Logger;
|
||||
use Core\Driver\SQL\SQL;
|
||||
use Core\Objects\Captcha\GoogleRecaptchaProvider;
|
||||
use Core\Objects\Captcha\HCaptchaProvider;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\Router\DocumentRoute;
|
||||
use Core\Objects\Router\Router;
|
||||
@@ -78,7 +80,7 @@ abstract class Document {
|
||||
return $this->router;
|
||||
}
|
||||
|
||||
public function addCSPWhitelist(string $path) {
|
||||
public function addCSPWhitelist(string $path): void {
|
||||
$urlParts = parse_url($path);
|
||||
if (!$urlParts || !isset($urlParts["host"])) {
|
||||
$this->cspWhitelist[] = getProtocol() . "://" . getCurrentHostName() . $path;
|
||||
@@ -89,7 +91,23 @@ abstract class Document {
|
||||
|
||||
public function sendHeaders(): void {
|
||||
if ($this->cspEnabled) {
|
||||
$frameSrc = [];
|
||||
|
||||
$captchaProvider = $this->getSettings()->getCaptchaProvider();
|
||||
if ($captchaProvider instanceof GoogleRecaptchaProvider) {
|
||||
$frameSrc[] = "https://www.google.com/recaptcha/";
|
||||
$frameSrc[] = "https://recaptcha.google.com/recaptcha/";
|
||||
$this->cspWhitelist[] = "https://www.google.com/recaptcha/";
|
||||
$this->cspWhitelist[] = "https://www.gstatic.com/recaptcha/";
|
||||
} else if ($captchaProvider instanceof HCaptchaProvider) {
|
||||
$frameSrc[] = "https://hcaptcha.com";
|
||||
$frameSrc[] = "https://*.hcaptcha.com";
|
||||
$this->cspWhitelist[] = "https://hcaptcha.com";
|
||||
$this->cspWhitelist[] = "https://*.hcaptcha.com";
|
||||
}
|
||||
|
||||
$cspWhiteList = implode(" ", $this->cspWhitelist);
|
||||
$frameSrc = implode(" ", $frameSrc);
|
||||
$csp = [
|
||||
"default-src $cspWhiteList 'self'",
|
||||
"object-src 'none'",
|
||||
@@ -98,10 +116,8 @@ abstract class Document {
|
||||
"img-src 'self' 'unsafe-inline' data: https:;",
|
||||
"script-src $cspWhiteList 'nonce-$this->cspNonce'",
|
||||
"frame-ancestors 'self'",
|
||||
"frame-src $frameSrc 'self'",
|
||||
];
|
||||
if ($this->getSettings()->isRecaptchaEnabled()) {
|
||||
$csp[] = "frame-src https://www.google.com/ 'self'";
|
||||
}
|
||||
|
||||
$compiledCSP = implode("; ", $csp);
|
||||
header("Content-Security-Policy: $compiledCSP;");
|
||||
|
||||
@@ -28,7 +28,7 @@ abstract class Head extends View {
|
||||
protected abstract function initRawFields(): array;
|
||||
protected abstract function initTitle(): string;
|
||||
|
||||
protected function init() {
|
||||
protected function init(): void {
|
||||
$this->keywords = array();
|
||||
$this->description = "";
|
||||
$this->baseUrl = "";
|
||||
@@ -51,19 +51,15 @@ abstract class Head extends View {
|
||||
public function addJS($url) { $this->sources[] = new Script(Script::MIME_TEXT_JAVASCRIPT, $url, ""); }
|
||||
public function addJSCode($code) { $this->sources[] = new Script(Script::MIME_TEXT_JAVASCRIPT, "", $code); }
|
||||
|
||||
public function loadFontawesome() {
|
||||
public function loadFontawesome(): void {
|
||||
$this->addCSS(Link::FONTAWESOME);
|
||||
}
|
||||
|
||||
public function loadGoogleRecaptcha($siteKey) {
|
||||
$this->addJS("https://www.google.com/recaptcha/api.js?render=$siteKey");
|
||||
}
|
||||
|
||||
public function loadJQuery() {
|
||||
public function loadJQuery(): void {
|
||||
$this->addJS(Script::JQUERY);
|
||||
}
|
||||
|
||||
public function loadBootstrap() {
|
||||
public function loadBootstrap(): void {
|
||||
$this->addCSS(Link::BOOTSTRAP);
|
||||
$this->addJS(Script::BOOTSTRAP);
|
||||
}
|
||||
|
||||
@@ -60,7 +60,6 @@ class HtmlDocument extends Document {
|
||||
return $code;
|
||||
}
|
||||
|
||||
|
||||
public function getTitle(): string {
|
||||
if ($this->head !== null) {
|
||||
return $this->head->getTitle();
|
||||
|
||||
@@ -80,6 +80,7 @@ class TemplateDocument extends Document {
|
||||
$session = $context->getSession();
|
||||
$settings = $this->getSettings();
|
||||
$language = $context->getLanguage();
|
||||
$captchaProvider = $settings->getCaptchaProvider();
|
||||
|
||||
$urlParts = parse_url($this->getRouter()->getRequestedUri());
|
||||
|
||||
@@ -102,9 +103,10 @@ class TemplateDocument extends Document {
|
||||
"lastModified" => date(L('Y-m-d H:i:s'), @filemtime(self::getTemplatePath($name))),
|
||||
"registrationEnabled" => $settings->isRegistrationAllowed(),
|
||||
"title" => $this->title,
|
||||
"recaptcha" => [
|
||||
"key" => $settings->isRecaptchaEnabled() ? $settings->getRecaptchaSiteKey() : null,
|
||||
"enabled" => $settings->isRecaptchaEnabled(),
|
||||
"captcha" => [
|
||||
"provider" => $captchaProvider?->getName(),
|
||||
"site_key" => $captchaProvider?->getSiteKey(),
|
||||
"enabled" => $captchaProvider !== null,
|
||||
],
|
||||
"csp" => [
|
||||
"nonce" => $this->getCSPNonce(),
|
||||
|
||||
Reference in New Issue
Block a user