mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-20 06:11:11 -05:00
Refactor: Simplify CAPTCHA bypass logic
This commit is contained in:
gpt-engineer-app[bot]
@@ -15,9 +15,9 @@ VITE_TURNSTILE_SITE_KEY=your-turnstile-site-key
|
|||||||
VITE_CLOUDFLARE_ACCOUNT_HASH=your-cloudflare-account-hash
|
VITE_CLOUDFLARE_ACCOUNT_HASH=your-cloudflare-account-hash
|
||||||
|
|
||||||
# CAPTCHA Bypass Control (Development/Preview Only)
|
# CAPTCHA Bypass Control (Development/Preview Only)
|
||||||
# This acts as a safety gate - even if admins enable bypass in settings,
|
# Set to 'true' to bypass CAPTCHA verification during authentication
|
||||||
# it will only work if this is set to 'true'
|
# This is controlled ONLY via environment variable for simplicity
|
||||||
# MUST be 'false' or unset in production
|
# MUST be 'false' or unset in production for security
|
||||||
VITE_ALLOW_CAPTCHA_BYPASS=false
|
VITE_ALLOW_CAPTCHA_BYPASS=false
|
||||||
|
|
||||||
# Novu Configuration
|
# Novu Configuration
|
||||||
|
|||||||
@@ -78,11 +78,6 @@ export function useAdminSettings() {
|
|||||||
return settings?.filter(s => s.category === category) || [];
|
return settings?.filter(s => s.category === category) || [];
|
||||||
};
|
};
|
||||||
|
|
||||||
const getCaptchaBypassEnabled = (): boolean => {
|
|
||||||
const value = getSettingValue('auth.captcha_bypass_enabled', 'false');
|
|
||||||
const cleanValue = typeof value === 'string' ? value.replace(/"/g, '') : value;
|
|
||||||
return cleanValue === 'true' || cleanValue === true;
|
|
||||||
};
|
|
||||||
|
|
||||||
const updateSetting = async (key: string, value: any) => {
|
const updateSetting = async (key: string, value: any) => {
|
||||||
return updateSettingMutation.mutateAsync({ key, value });
|
return updateSettingMutation.mutateAsync({ key, value });
|
||||||
@@ -185,6 +180,5 @@ export function useAdminSettings() {
|
|||||||
getAutoRefreshStrategy,
|
getAutoRefreshStrategy,
|
||||||
getPreserveInteractionState,
|
getPreserveInteractionState,
|
||||||
getUseRealtimeQueue,
|
getUseRealtimeQueue,
|
||||||
getCaptchaBypassEnabled,
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -1,26 +1,17 @@
|
|||||||
import { useEffect } from 'react';
|
import { useEffect } from 'react';
|
||||||
import { useAdminSettings } from './useAdminSettings';
|
|
||||||
|
|
||||||
export function useCaptchaBypass() {
|
export function useCaptchaBypass() {
|
||||||
const { getSettingValue } = useAdminSettings();
|
// Single layer: Check if environment allows bypass
|
||||||
|
const bypassEnabled = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
|
||||||
// Layer 1: Check if environment allows bypass
|
|
||||||
const environmentAllowsBypass = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
|
|
||||||
|
|
||||||
// Layer 2: Check if admin has enabled bypass
|
|
||||||
const adminEnabledBypass = getSettingValue('auth.captcha_bypass_enabled', false) === true ||
|
|
||||||
getSettingValue('auth.captcha_bypass_enabled', false) === 'true';
|
|
||||||
|
|
||||||
// Both layers must allow bypass
|
|
||||||
const bypassEnabled = environmentAllowsBypass && adminEnabledBypass;
|
|
||||||
|
|
||||||
// Log warning if bypass is active
|
// Log warning if bypass is active
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
if (bypassEnabled && typeof window !== 'undefined') {
|
if (bypassEnabled && typeof window !== 'undefined') {
|
||||||
console.warn(
|
console.warn(
|
||||||
'⚠️ CAPTCHA BYPASS IS ACTIVE\n' +
|
'⚠️ CAPTCHA BYPASS IS ACTIVE\n' +
|
||||||
'This should only be enabled in development/preview environments.\n' +
|
'CAPTCHA verification is disabled via VITE_ALLOW_CAPTCHA_BYPASS=true\n' +
|
||||||
'Verify VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
|
'This should ONLY be enabled in development/preview environments.\n' +
|
||||||
|
'Ensure VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}, [bypassEnabled]);
|
}, [bypassEnabled]);
|
||||||
@@ -28,7 +19,5 @@ export function useCaptchaBypass() {
|
|||||||
return {
|
return {
|
||||||
bypassEnabled,
|
bypassEnabled,
|
||||||
requireCaptcha: !bypassEnabled,
|
requireCaptcha: !bypassEnabled,
|
||||||
environmentAllowsBypass,
|
|
||||||
adminEnabledBypass
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -24,8 +24,7 @@ export default function AdminSettings() {
|
|||||||
error,
|
error,
|
||||||
updateSetting,
|
updateSetting,
|
||||||
isUpdating,
|
isUpdating,
|
||||||
getSettingsByCategory,
|
getSettingsByCategory
|
||||||
getCaptchaBypassEnabled
|
|
||||||
} = useAdminSettings();
|
} = useAdminSettings();
|
||||||
|
|
||||||
if (roleLoading || isLoading) {
|
if (roleLoading || isLoading) {
|
||||||
@@ -436,15 +435,11 @@ export default function AdminSettings() {
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<Tabs defaultValue="moderation" className="space-y-6">
|
<Tabs defaultValue="moderation" className="space-y-6">
|
||||||
<TabsList className="grid w-full grid-cols-6">
|
<TabsList className="grid w-full grid-cols-5">
|
||||||
<TabsTrigger value="moderation" className="flex items-center gap-2">
|
<TabsTrigger value="moderation" className="flex items-center gap-2">
|
||||||
<Shield className="w-4 h-4" />
|
<Shield className="w-4 h-4" />
|
||||||
<span className="hidden sm:inline">Moderation</span>
|
<span className="hidden sm:inline">Moderation</span>
|
||||||
</TabsTrigger>
|
</TabsTrigger>
|
||||||
<TabsTrigger value="auth" className="flex items-center gap-2">
|
|
||||||
<Lock className="w-4 h-4" />
|
|
||||||
<span className="hidden sm:inline">Auth</span>
|
|
||||||
</TabsTrigger>
|
|
||||||
<TabsTrigger value="user_management" className="flex items-center gap-2">
|
<TabsTrigger value="user_management" className="flex items-center gap-2">
|
||||||
<Users className="w-4 h-4" />
|
<Users className="w-4 h-4" />
|
||||||
<span className="hidden sm:inline">Users</span>
|
<span className="hidden sm:inline">Users</span>
|
||||||
@@ -493,50 +488,6 @@ export default function AdminSettings() {
|
|||||||
</Card>
|
</Card>
|
||||||
</TabsContent>
|
</TabsContent>
|
||||||
|
|
||||||
<TabsContent value="auth">
|
|
||||||
<Card>
|
|
||||||
<CardHeader>
|
|
||||||
<CardTitle className="flex items-center gap-2">
|
|
||||||
<Lock className="w-5 h-5" />
|
|
||||||
Authentication Settings
|
|
||||||
</CardTitle>
|
|
||||||
<CardDescription>
|
|
||||||
Configure authentication security, CAPTCHA, and login settings
|
|
||||||
</CardDescription>
|
|
||||||
</CardHeader>
|
|
||||||
<CardContent className="space-y-4">
|
|
||||||
{getCaptchaBypassEnabled() && (
|
|
||||||
<Card className="bg-yellow-50 dark:bg-yellow-900/20 border-yellow-300">
|
|
||||||
<CardContent className="pt-6">
|
|
||||||
<div className="flex items-start gap-3">
|
|
||||||
<AlertTriangle className="w-5 h-5 text-yellow-600 dark:text-yellow-400 mt-0.5" />
|
|
||||||
<div className="space-y-1">
|
|
||||||
<p className="font-medium text-yellow-800 dark:text-yellow-200">
|
|
||||||
CAPTCHA Bypass is Currently Enabled
|
|
||||||
</p>
|
|
||||||
<p className="text-sm text-yellow-700 dark:text-yellow-300">
|
|
||||||
Authentication requests will not require CAPTCHA verification.
|
|
||||||
This should ONLY be enabled in development environments.
|
|
||||||
</p>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</CardContent>
|
|
||||||
</Card>
|
|
||||||
)}
|
|
||||||
{getSettingsByCategory('auth').length > 0 ? (
|
|
||||||
getSettingsByCategory('auth').map((setting) => (
|
|
||||||
<SettingInput key={setting.id} setting={setting} />
|
|
||||||
))
|
|
||||||
) : (
|
|
||||||
<div className="text-center py-8 text-muted-foreground">
|
|
||||||
<Lock className="w-12 h-12 mx-auto mb-4 opacity-50" />
|
|
||||||
<p>No authentication settings configured yet.</p>
|
|
||||||
</div>
|
|
||||||
)}
|
|
||||||
</CardContent>
|
|
||||||
</Card>
|
|
||||||
</TabsContent>
|
|
||||||
|
|
||||||
<TabsContent value="user_management">
|
<TabsContent value="user_management">
|
||||||
<Card>
|
<Card>
|
||||||
<CardHeader>
|
<CardHeader>
|
||||||
|
|||||||
Reference in New Issue
Block a user