feat: Add user leaderboard API, Cloudflare Turnstile integration, and support ticket categorization.

2025-12-28 13:47:06 -05:00 · 2025-12-27 15:41:10 -05:00
parent 137b9b8cb9
commit aa56c46c27
11 changed files with 656 additions and 428 deletions
--- a/backend/apps/accounts/mixins.py
+++ b/backend/apps/accounts/mixins.py
@@ -1,35 +1,44 @@
-import requests
-from django.conf import settings
+"""
+Mixins for authentication views.
+"""
 from django.core.exceptions import ValidationError

+from apps.core.utils.turnstile import validate_turnstile_token, get_client_ip
+

 class TurnstileMixin:
    """
    Mixin to handle Cloudflare Turnstile validation.
-    Bypasses validation when DEBUG is True.
+    Works with both form POST data and JSON request bodies.
    """

    def validate_turnstile(self, request):
        """
        Validate the Turnstile response token.
-        Skips validation when DEBUG is True.
+        
+        The token can be provided as:
+        - 'cf-turnstile-response' in POST data (form submission)
+        - 'turnstile_token' in JSON body (API request)
        """
-        if settings.DEBUG:
-            return
-
-        token = request.POST.get("cf-turnstile-response")
-        if not token:
-            raise ValidationError("Please complete the Turnstile challenge.")
-
-        # Verify the token with Cloudflare
-        data = {
-            "secret": settings.TURNSTILE_SECRET_KEY,
-            "response": token,
-            "remoteip": request.META.get("REMOTE_ADDR"),
-        }
-
-        response = requests.post(settings.TURNSTILE_VERIFY_URL, data=data, timeout=60)
-        result = response.json()
-
-        if not result.get("success"):
-            raise ValidationError("Turnstile validation failed. Please try again.")
+        # Try to get token from various sources
+        token = None
+        
+        # Check POST data (form submissions)
+        if hasattr(request, 'POST'):
+            token = request.POST.get("cf-turnstile-response")
+        
+        # Check JSON body (API requests)
+        if not token and hasattr(request, 'data'):
+            data = getattr(request, 'data', {})
+            if hasattr(data, 'get'):
+                token = data.get('turnstile_token') or data.get('cf-turnstile-response')
+        
+        # Get client IP
+        ip = get_client_ip(request)
+        
+        # Validate the token
+        result = validate_turnstile_token(token, ip)
+        
+        if not result.get('success'):
+            error_msg = result.get('error', 'Captcha verification failed. Please try again.')
+            raise ValidationError(error_msg)