mirror of
https://github.com/HeyPuter/puter.git
synced 2025-12-30 17:50:00 -06:00
ad4b3e7aeb
* Added Revis distributed cash to enhance our Captcha Verification system so that we prevent our system from replay attacks * Fix: There was an error with the implementation of Redis, so I reverted to our previous version that uses in memory storage * Integrated the captcha verification system into our sign in Form. The captcha verification system now works on both login and sign int * Remove test files from captcha module * Update src/backend/src/modules/captcha/middleware/captcha-middleware.js Co-authored-by: Eric Dubé <eric.alex.dube@gmail.com> * Update src/backend/src/modules/captcha/middleware/captcha-middleware.js Co-authored-by: Eric Dubé <eric.alex.dube@gmail.com> * Now the captcha can be requested on condition, this llaows extenstions to control wether a captcha should be required, I fixed the code in CaptchaModule to use config and got rid of the lines that made captcha middleware available since it wasn't used anywhre * I split the middleware into two distinct parts, so that the frontend can now determine captach requirements. PuterHomePageService can set GUI parameters for captcha requirements. The /whoarewe endpoint provides captcha requirement information and the extensuo system integration is maintained * Fix security issues with password handling in URL query parameters * Made sure that the enter key, submits the login request instead of refreshing the captcha * In development we can now disable the Captcha verification system by running it with CAPTCHA_ENABLED=false npm start * Went back and modified checkCaptcha so that it checks at the start to check what CAPTCHA_ENABLED is equal to * Refactor captcha system to use configuration values instead of environment variables * Fix captcha verification and align with project standards * Update src/backend/src/modules/captcha/README.md Co-authored-by: Eric Dubé <eric.alex.dube@gmail.com> * fix: incorrect service name * dev: use Endpoint for captcha endpoints Use Endpoint class, which uses eggspress behind the scenes, which handles async errors in handlers automatically. * dev: add extension support and simplify captcha - removed extra error handling - removed dormant code - no distinction between login and signup (for now) * clean: remove local files * fix: undefined edge case --------- Co-authored-by: Eric Dubé <eric.alex.dube@gmail.com>