pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 08:31:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Refactor: Simplify CAPTCHA bypass logic

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-11 00:47:34 +00:00
parent 21acbb948c
commit 3f08dcb203
4 changed files with 10 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.env.example
View File

@@ -15,9 +15,9 @@ VITE_TURNSTILE_SITE_KEY=your-turnstile-site-key
VITE_CLOUDFLARE_ACCOUNT_HASH=your-cloudflare-account-hash
# CAPTCHA Bypass Control (Development/Preview Only)
# This acts as a safety gate - even if admins enable bypass in settings,
# it will only work if this is set to 'true'
# MUST be 'false' or unset in production
# Set to 'true' to bypass CAPTCHA verification during authentication
# This is controlled ONLY via environment variable for simplicity
# MUST be 'false' or unset in production for security
VITE_ALLOW_CAPTCHA_BYPASS=false
# Novu Configuration

6
src/hooks/useAdminSettings.ts
View File

@@ -78,11 +78,6 @@ export function useAdminSettings() {
return settings?.filter(s => s.category === category) || [];
};
const getCaptchaBypassEnabled = (): boolean => {
const value = getSettingValue('auth.captcha_bypass_enabled', 'false');
const cleanValue = typeof value === 'string' ? value.replace(/"/g, '') : value;
return cleanValue === 'true' || cleanValue === true;
};
const updateSetting = async (key: string, value: any) => {
return updateSettingMutation.mutateAsync({ key, value });
@@ -185,6 +180,5 @@ export function useAdminSettings() {
getAutoRefreshStrategy,
getPreserveInteractionState,
getUseRealtimeQueue,
getCaptchaBypassEnabled,
};
}

21
src/hooks/useCaptchaBypass.ts
View File

@@ -1,26 +1,17 @@
import { useEffect } from 'react';
import { useAdminSettings } from './useAdminSettings';
export function useCaptchaBypass() {
const { getSettingValue } = useAdminSettings();
// Layer 1: Check if environment allows bypass
const environmentAllowsBypass = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
// Layer 2: Check if admin has enabled bypass
const adminEnabledBypass = getSettingValue('auth.captcha_bypass_enabled', false) === true ||
getSettingValue('auth.captcha_bypass_enabled', false) === 'true';
// Both layers must allow bypass
const bypassEnabled = environmentAllowsBypass && adminEnabledBypass;
// Single layer: Check if environment allows bypass
const bypassEnabled = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
// Log warning if bypass is active
useEffect(() => {
if (bypassEnabled && typeof window !== 'undefined') {
console.warn(
'⚠️ CAPTCHA BYPASS IS ACTIVE\n' +
'This should only be enabled in development/preview environments.\n' +
'Verify VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
'CAPTCHA verification is disabled via VITE_ALLOW_CAPTCHA_BYPASS=true\n' +
'This should ONLY be enabled in development/preview environments.\n' +
'Ensure VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
);
}
}, [bypassEnabled]);
@@ -28,7 +19,5 @@ export function useCaptchaBypass() {
return {
bypassEnabled,
requireCaptcha: !bypassEnabled,
environmentAllowsBypass,
adminEnabledBypass
};
}

53
src/pages/AdminSettings.tsx
View File

@@ -24,8 +24,7 @@ export default function AdminSettings() {
error,
updateSetting,
isUpdating,
getSettingsByCategory,
getCaptchaBypassEnabled
getSettingsByCategory
} = useAdminSettings();
if (roleLoading || isLoading) {
@@ -436,15 +435,11 @@ export default function AdminSettings() {
</div>
<Tabs defaultValue="moderation" className="space-y-6">
<TabsList className="grid w-full grid-cols-6">
<TabsList className="grid w-full grid-cols-5">
<TabsTrigger value="moderation" className="flex items-center gap-2">
<Shield className="w-4 h-4" />
<span className="hidden sm:inline">Moderation</span>
</TabsTrigger>
<TabsTrigger value="auth" className="flex items-center gap-2">
<Lock className="w-4 h-4" />
<span className="hidden sm:inline">Auth</span>
</TabsTrigger>
<TabsTrigger value="user_management" className="flex items-center gap-2">
<Users className="w-4 h-4" />
<span className="hidden sm:inline">Users</span>
@@ -493,50 +488,6 @@ export default function AdminSettings() {
</Card>
</TabsContent>
<TabsContent value="auth">
<Card>
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Lock className="w-5 h-5" />
Authentication Settings
</CardTitle>
<CardDescription>
Configure authentication security, CAPTCHA, and login settings
</CardDescription>
</CardHeader>
<CardContent className="space-y-4">
{getCaptchaBypassEnabled() && (
<Card className="bg-yellow-50 dark:bg-yellow-900/20 border-yellow-300">
<CardContent className="pt-6">
<div className="flex items-start gap-3">
<AlertTriangle className="w-5 h-5 text-yellow-600 dark:text-yellow-400 mt-0.5" />
<div className="space-y-1">
<p className="font-medium text-yellow-800 dark:text-yellow-200">
CAPTCHA Bypass is Currently Enabled
</p>
<p className="text-sm text-yellow-700 dark:text-yellow-300">
Authentication requests will not require CAPTCHA verification.
This should ONLY be enabled in development environments.
</p>
</div>
</div>
</CardContent>
</Card>
)}
{getSettingsByCategory('auth').length > 0 ? (
getSettingsByCategory('auth').map((setting) => (
<SettingInput key={setting.id} setting={setting} />
))
) : (
<div className="text-center py-8 text-muted-foreground">
<Lock className="w-12 h-12 mx-auto mb-4 opacity-50" />
<p>No authentication settings configured yet.</p>
</div>
)}
</CardContent>
</Card>
</TabsContent>
<TabsContent value="user_management">
<Card>
<CardHeader>