Implement two-layer CAPTCHA bypass

2025-12-22 19:11:12 -05:00 · 2025-10-11 00:41:13 +00:00
parent c986a54fbf
commit 21acbb948c
7 changed files with 112 additions and 5 deletions
--- a/src/hooks/useCaptchaBypass.ts
+++ b/src/hooks/useCaptchaBypass.ts
@@ -0,0 +1,34 @@
+import { useEffect } from 'react';
+import { useAdminSettings } from './useAdminSettings';
+
+export function useCaptchaBypass() {
+  const { getSettingValue } = useAdminSettings();
+  
+  // Layer 1: Check if environment allows bypass
+  const environmentAllowsBypass = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
+  
+  // Layer 2: Check if admin has enabled bypass
+  const adminEnabledBypass = getSettingValue('auth.captcha_bypass_enabled', false) === true || 
+                             getSettingValue('auth.captcha_bypass_enabled', false) === 'true';
+  
+  // Both layers must allow bypass
+  const bypassEnabled = environmentAllowsBypass && adminEnabledBypass;
+  
+  // Log warning if bypass is active
+  useEffect(() => {
+    if (bypassEnabled && typeof window !== 'undefined') {
+      console.warn(
+        '⚠️ CAPTCHA BYPASS IS ACTIVE\n' +
+        'This should only be enabled in development/preview environments.\n' +
+        'Verify VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
+      );
+    }
+  }, [bypassEnabled]);
+  
+  return {
+    bypassEnabled,
+    requireCaptcha: !bypassEnabled,
+    environmentAllowsBypass,
+    adminEnabledBypass
+  };
+}