fixed some thangs, implemented cloudflare turnstile

accounts/mixins.py

@@ -0,0 +1,28 @@
+import requests
+from django.conf import settings
+from django.core.exceptions import ValidationError
+
+class TurnstileMixin:
+    """
+    Mixin to handle Cloudflare Turnstile validation.
+    """
+    def validate_turnstile(self, request):
+        """
+        Validate the Turnstile response token.
+        """
+        token = request.POST.get('cf-turnstile-response')
+        if not token:
+            raise ValidationError('Please complete the Turnstile challenge.')
+
+        # Verify the token with Cloudflare
+        data = {
+            'secret': settings.TURNSTILE_SECRET_KEY,
+            'response': token,
+            'remoteip': request.META.get('REMOTE_ADDR'),
+        }
+
+        response = requests.post(settings.TURNSTILE_VERIFY_URL, data=data)
+        result = response.json()
+
+        if not result.get('success'):
+            raise ValidationError('Turnstile validation failed. Please try again.')

accounts/templatetags/turnstile_tags.py

@@ -0,0 +1,14 @@
+from django import template
+from django.conf import settings
+
+register = template.Library()
+
+@register.inclusion_tag('accounts/turnstile_widget.html')
+def turnstile_widget():
+    """
+    Template tag to render the Cloudflare Turnstile widget.
+    Usage: {% load turnstile_tags %}{% turnstile_widget %}
+    """
+    return {
+        'site_key': settings.TURNSTILE_SITE_KEY
+    }

accounts/urls.py

@@ -1,13 +1,17 @@
 from django.urls import path
 from django.contrib.auth import views as auth_views
+from allauth.account.views import LogoutView
 from . import views
 
 app_name = 'accounts'
 
 urlpatterns = [
+    # Override allauth's login and signup views with our Turnstile-enabled versions
+    path('login/', views.CustomLoginView.as_view(), name='account_login'),
+    path('signup/', views.CustomSignupView.as_view(), name='account_signup'),
+    
     # Authentication views
-    path('login/', auth_views.LoginView.as_view(template_name='accounts/login.html'), name='login'),
-    path('logout/', auth_views.LogoutView.as_view(), name='logout'),
+    path('logout/', LogoutView.as_view(), name='logout'),
     path('password_change/', auth_views.PasswordChangeView.as_view(), name='password_change'),
     path('password_change/done/', auth_views.PasswordChangeDoneView.as_view(), name='password_change_done'),
     path('password_reset/', auth_views.PasswordResetView.as_view(), name='password_reset'),

accounts/views.py

@@ -4,6 +4,7 @@ from django.shortcuts import get_object_or_404, redirect, render
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib import messages
+from django.core.exceptions import ValidationError
 from allauth.socialaccount.providers.google.views import GoogleOAuth2Adapter
 from allauth.socialaccount.providers.discord.views import DiscordOAuth2Adapter
 from allauth.socialaccount.providers.oauth2.client import OAuth2Client
@@ -20,9 +21,29 @@ from django.urls import reverse
 from accounts.models import User, PasswordReset
 from reviews.models import Review
 from email_service.services import EmailService
+from allauth.account.views import LoginView, SignupView
+from .mixins import TurnstileMixin
 
 User = get_user_model()
 
+class CustomLoginView(TurnstileMixin, LoginView):
+    def form_valid(self, form):
+        try:
+            self.validate_turnstile(self.request)
+        except ValidationError as e:
+            form.add_error(None, str(e))
+            return self.form_invalid(form)
+        return super().form_valid(form)
+
+class CustomSignupView(TurnstileMixin, SignupView):
+    def form_valid(self, form):
+        try:
+            self.validate_turnstile(self.request)
+        except ValidationError as e:
+            form.add_error(None, str(e))
+            return self.form_invalid(form)
+        return super().form_valid(form)
+
 @login_required
 def user_redirect_view(request):
     """Redirect /user/ to the logged-in user's profile"""