mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
9ccd309dbc
New leads/v1 sebuf service with two POST RPCs:
- SubmitContact → /api/leads/v1/submit-contact
- RegisterInterest → /api/leads/v1/register-interest
Handler logic ported 1:1 from api/contact.js + api/register-interest.js:
- Turnstile verification (desktop sources bypass, preserved)
- Honeypot (website field) silently accepts without upstream calls
- Free-email-domain gate on SubmitContact (422 ApiError)
- validateEmail (disposable/offensive/typo-TLD/MX) on RegisterInterest
- Convex writes via ConvexHttpClient (contactMessages:submit, registerInterest:register)
- Resend notification + confirmation emails (HTML templates unchanged)
Shared helpers moved to server/_shared/:
- turnstile.ts (getClientIp + verifyTurnstile)
- email-validation.ts (disposable/offensive/MX checks)
Rate limits preserved via ENDPOINT_RATE_POLICIES:
- submit-contact: 3/hour per IP (was in-memory 3/hr)
- register-interest: 5/hour per IP (was in-memory 5/hr; desktop
sources previously capped at 2/hr via shared in-memory map —
now 5/hr like everyone else, accepting the small regression in
exchange for Upstash-backed global limiting)
Callers updated:
- pro-test/src/App.tsx contact form → new submit-contact path
- src-tauri/sidecar/local-api-server.mjs cloud-fallback rewrites
/api/register-interest → /api/leads/v1/register-interest when
proxying; keeps local path for older desktop builds
- src/services/runtime.ts isKeyFreeApiTarget allows both old and
new paths through the WORLDMONITOR_API_KEY-optional gate
Tests:
- tests/contact-handler.test.mjs rewritten to call submitContact
handler directly; asserts on ValidationError / ApiError
- tests/email-validation.test.mjs + tests/turnstile.test.mjs
point at the new server/_shared/ modules
Deleted: api/contact.js, api/register-interest.js, api/_ip-rate-limit.js,
api/_turnstile.js, api/_email-validation.js, api/_turnstile.test.mjs.
Manifest entries removed (58 → 56). Docs updated (api-platform,
api-commerce, usage-rate-limits).
Verified: npm run typecheck + typecheck:api + lint:api-contract
(88 files / 56 entries) + lint:boundaries pass; full test:data
(5852 tests) passes; make generate is zero-diff.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
50 lines
1.4 KiB
TypeScript
50 lines
1.4 KiB
TypeScript
const TURNSTILE_VERIFY_URL = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
|
|
|
|
export function getClientIp(request: Request): string {
|
|
return (
|
|
request.headers.get('x-real-ip') ||
|
|
request.headers.get('cf-connecting-ip') ||
|
|
request.headers.get('x-forwarded-for')?.split(',')[0]?.trim() ||
|
|
'unknown'
|
|
);
|
|
}
|
|
|
|
export type TurnstileMissingSecretPolicy = 'allow' | 'allow-in-development' | 'deny';
|
|
|
|
export interface VerifyTurnstileArgs {
|
|
token: string;
|
|
ip: string;
|
|
logPrefix?: string;
|
|
missingSecretPolicy?: TurnstileMissingSecretPolicy;
|
|
}
|
|
|
|
export async function verifyTurnstile({
|
|
token,
|
|
ip,
|
|
logPrefix = '[turnstile]',
|
|
missingSecretPolicy = 'allow',
|
|
}: VerifyTurnstileArgs): Promise<boolean> {
|
|
const secret = process.env.TURNSTILE_SECRET_KEY;
|
|
if (!secret) {
|
|
if (missingSecretPolicy === 'allow') return true;
|
|
|
|
const isDevelopment = (process.env.VERCEL_ENV ?? 'development') === 'development';
|
|
if (isDevelopment) return true;
|
|
|
|
console.error(`${logPrefix} TURNSTILE_SECRET_KEY not set in production, rejecting`);
|
|
return false;
|
|
}
|
|
|
|
try {
|
|
const res = await fetch(TURNSTILE_VERIFY_URL, {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
body: new URLSearchParams({ secret, response: token, remoteip: ip }),
|
|
});
|
|
const data = (await res.json()) as { success?: boolean };
|
|
return data.success === true;
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|