From 3f08dcb2037c865912d271ca57b8719c2255e6b8 Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Sat, 11 Oct 2025 00:47:34 +0000
Subject: [PATCH] Refactor: Simplify CAPTCHA bypass logic

---
 .env.example                  |  6 ++--
 src/hooks/useAdminSettings.ts |  6 ----
 src/hooks/useCaptchaBypass.ts | 21 ++++----------
 src/pages/AdminSettings.tsx   | 53 ++---------------------------------
 4 files changed, 10 insertions(+), 76 deletions(-)

diff --git a/.env.example b/.env.example
index 618c48a2..ef4279f5 100644
--- a/.env.example
+++ b/.env.example
@@ -15,9 +15,9 @@ VITE_TURNSTILE_SITE_KEY=your-turnstile-site-key
 VITE_CLOUDFLARE_ACCOUNT_HASH=your-cloudflare-account-hash
 
 # CAPTCHA Bypass Control (Development/Preview Only)
-# This acts as a safety gate - even if admins enable bypass in settings,
-# it will only work if this is set to 'true'
-# MUST be 'false' or unset in production
+# Set to 'true' to bypass CAPTCHA verification during authentication
+# This is controlled ONLY via environment variable for simplicity
+# MUST be 'false' or unset in production for security
 VITE_ALLOW_CAPTCHA_BYPASS=false
 
 # Novu Configuration
diff --git a/src/hooks/useAdminSettings.ts b/src/hooks/useAdminSettings.ts
index d03075c8..9da234de 100644
--- a/src/hooks/useAdminSettings.ts
+++ b/src/hooks/useAdminSettings.ts
@@ -78,11 +78,6 @@ export function useAdminSettings() {
     return settings?.filter(s => s.category === category) || [];
   };
 
-  const getCaptchaBypassEnabled = (): boolean => {
-    const value = getSettingValue('auth.captcha_bypass_enabled', 'false');
-    const cleanValue = typeof value === 'string' ? value.replace(/"/g, '') : value;
-    return cleanValue === 'true' || cleanValue === true;
-  };
 
   const updateSetting = async (key: string, value: any) => {
     return updateSettingMutation.mutateAsync({ key, value });
@@ -185,6 +180,5 @@ export function useAdminSettings() {
     getAutoRefreshStrategy,
     getPreserveInteractionState,
     getUseRealtimeQueue,
-    getCaptchaBypassEnabled,
   };
 }
\ No newline at end of file
diff --git a/src/hooks/useCaptchaBypass.ts b/src/hooks/useCaptchaBypass.ts
index 1060f1ef..72ec1569 100644
--- a/src/hooks/useCaptchaBypass.ts
+++ b/src/hooks/useCaptchaBypass.ts
@@ -1,26 +1,17 @@
 import { useEffect } from 'react';
-import { useAdminSettings } from './useAdminSettings';
 
 export function useCaptchaBypass() {
-  const { getSettingValue } = useAdminSettings();
-  
-  // Layer 1: Check if environment allows bypass
-  const environmentAllowsBypass = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
-  
-  // Layer 2: Check if admin has enabled bypass
-  const adminEnabledBypass = getSettingValue('auth.captcha_bypass_enabled', false) === true || 
-                             getSettingValue('auth.captcha_bypass_enabled', false) === 'true';
-  
-  // Both layers must allow bypass
-  const bypassEnabled = environmentAllowsBypass && adminEnabledBypass;
+  // Single layer: Check if environment allows bypass
+  const bypassEnabled = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
   
   // Log warning if bypass is active
   useEffect(() => {
     if (bypassEnabled && typeof window !== 'undefined') {
       console.warn(
         '⚠️ CAPTCHA BYPASS IS ACTIVE\n' +
-        'This should only be enabled in development/preview environments.\n' +
-        'Verify VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
+        'CAPTCHA verification is disabled via VITE_ALLOW_CAPTCHA_BYPASS=true\n' +
+        'This should ONLY be enabled in development/preview environments.\n' +
+        'Ensure VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
       );
     }
   }, [bypassEnabled]);
@@ -28,7 +19,5 @@ export function useCaptchaBypass() {
   return {
     bypassEnabled,
     requireCaptcha: !bypassEnabled,
-    environmentAllowsBypass,
-    adminEnabledBypass
   };
 }
diff --git a/src/pages/AdminSettings.tsx b/src/pages/AdminSettings.tsx
index 9b504d86..5a999c4f 100644
--- a/src/pages/AdminSettings.tsx
+++ b/src/pages/AdminSettings.tsx
@@ -24,8 +24,7 @@ export default function AdminSettings() {
     error, 
     updateSetting, 
     isUpdating,
-    getSettingsByCategory,
-    getCaptchaBypassEnabled
+    getSettingsByCategory
   } = useAdminSettings();
 
   if (roleLoading || isLoading) {
@@ -436,15 +435,11 @@ export default function AdminSettings() {
         </div>
 
         <Tabs defaultValue="moderation" className="space-y-6">
-          <TabsList className="grid w-full grid-cols-6">
+          <TabsList className="grid w-full grid-cols-5">
             <TabsTrigger value="moderation" className="flex items-center gap-2">
               <Shield className="w-4 h-4" />
               <span className="hidden sm:inline">Moderation</span>
             </TabsTrigger>
-            <TabsTrigger value="auth" className="flex items-center gap-2">
-              <Lock className="w-4 h-4" />
-              <span className="hidden sm:inline">Auth</span>
-            </TabsTrigger>
             <TabsTrigger value="user_management" className="flex items-center gap-2">
               <Users className="w-4 h-4" />
               <span className="hidden sm:inline">Users</span>
@@ -493,50 +488,6 @@ export default function AdminSettings() {
             </Card>
           </TabsContent>
 
-          <TabsContent value="auth">
-            <Card>
-              <CardHeader>
-                <CardTitle className="flex items-center gap-2">
-                  <Lock className="w-5 h-5" />
-                  Authentication Settings
-                </CardTitle>
-                <CardDescription>
-                  Configure authentication security, CAPTCHA, and login settings
-                </CardDescription>
-              </CardHeader>
-              <CardContent className="space-y-4">
-                {getCaptchaBypassEnabled() && (
-                  <Card className="bg-yellow-50 dark:bg-yellow-900/20 border-yellow-300">
-                    <CardContent className="pt-6">
-                      <div className="flex items-start gap-3">
-                        <AlertTriangle className="w-5 h-5 text-yellow-600 dark:text-yellow-400 mt-0.5" />
-                        <div className="space-y-1">
-                          <p className="font-medium text-yellow-800 dark:text-yellow-200">
-                            CAPTCHA Bypass is Currently Enabled
-                          </p>
-                          <p className="text-sm text-yellow-700 dark:text-yellow-300">
-                            Authentication requests will not require CAPTCHA verification. 
-                            This should ONLY be enabled in development environments.
-                          </p>
-                        </div>
-                      </div>
-                    </CardContent>
-                  </Card>
-                )}
-                {getSettingsByCategory('auth').length > 0 ? (
-                  getSettingsByCategory('auth').map((setting) => (
-                    <SettingInput key={setting.id} setting={setting} />
-                  ))
-                ) : (
-                  <div className="text-center py-8 text-muted-foreground">
-                    <Lock className="w-12 h-12 mx-auto mb-4 opacity-50" />
-                    <p>No authentication settings configured yet.</p>
-                  </div>
-                )}
-              </CardContent>
-            </Card>
-          </TabsContent>
-
           <TabsContent value="user_management">
             <Card>
               <CardHeader>