From fb92e5fb682df82a265030ae93bf0707f1e2d966 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:11:28 +0200
Subject: [PATCH] config.php: rework captcha configuration

---
 inc/config.php           | 75 ++++++++++++++++++----------------------
 inc/context.php          | 28 +++++++++------
 post.php                 | 10 ++++--
 templates/header.html    |  4 +--
 templates/main.js        |  6 ++--
 templates/post_form.html | 18 +++++-----
 6 files changed, 72 insertions(+), 69 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 79181790..89ea333a 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -351,48 +351,39 @@
 	//);
 	$config['simple_spam'] = false;
 
-	/*
-	 * If not flase, the captcha is dynamically injected on the client if the web server set the `captcha-required`
-	 * cookie to 1. The configuration value should be set the IP for which the captcha should be verified.
-	 *
-	 * Example:
-	 * $config['dynamic_captcha'] = '127.0.0.1'; // Verify the captcha for users sending posts from the loopback address.
-	 */
-	$config['dynamic_captcha'] = false;
-
-	// Enable reCaptcha to make spam even harder. Rarely necessary.
-	$config['recaptcha'] = false;
-
-	// Public and private key pair from https://www.google.com/recaptcha/admin/create
-	$config['recaptcha_public'] = '6LcXTcUSAAAAAKBxyFWIt2SO8jwx4W7wcSMRoN3f';
-	$config['recaptcha_private'] = '6LcXTcUSAAAAAOGVbVdhmEM1_SyRF4xTKe8jbzf_';
-
-	// Enable hCaptcha as an alternative to reCAPTCHA.
-	$config['hcaptcha'] = false;
-
-	// Public and private key pair for using hCaptcha.
-	$config['hcaptcha_public'] = '7a4b21e0-dc53-46f2-a9f8-91d2e74b63a0';
-	$config['hcaptcha_private'] = '0x4e9A01bE637b51dC41a7Ea9865C3fDe4aB72Cf17';
-
-	// Enable Custom Captcha you need to change a couple of settings
-	//Read more at: /inc/captcha/readme.md
-	$config['captcha'] = array();
-
-	// Enable custom captcha provider
-	$config['captcha']['enabled'] = false;
-
-	//New thread captcha
- 	//Require solving a captcha to post a thread.
- 	//Default off.
- 	$config['new_thread_capt'] = false;
-
-	// Custom captcha get provider path (if not working get the absolute path aka your url.)
-	$config['captcha']['provider_get'] = '../inc/captcha/entrypoint.php';
-	// Custom captcha check provider path
-	$config['captcha']['provider_check'] = '../inc/captcha/entrypoint.php';
-
-	// Custom captcha extra field (eg. charset)
-	$config['captcha']['extra'] = 'abcdefghijklmnopqrstuvwxyz';
+	$config['captcha'] = [
+		// Can be false, 'recaptcha', 'hcaptcha' or 'secureimage'.
+		'provider' => false,
+		/*
+		 * If not false, the captcha is dynamically injected on the client if the web server set the `captcha-required`
+		 * cookie to 1. The configuration value should be set the IP for which the captcha should be verified.
+		 *
+		 * Example:
+		 *
+		 * // Verify the captcha for users sending posts from the loopback address.
+		 * $config['captcha']['dynamic'] = '127.0.0.1';
+		 */
+		'dynamic' => false,
+		'recaptcha' => [
+			'sitekey' => '6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI',
+			'secret' => '6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe',
+		],
+		'hcaptcha' => [
+			'sitekey' => '10000000-ffff-ffff-ffff-000000000001',
+			'secret' => '0x0000000000000000000000000000000000000000',
+		],
+		// Enable the secureimage captcha you need to change a couple of settings. Read more at: /inc/captcha/readme.md
+		'secureimage' => [
+			// Custom captcha get provider path (if not working get the absolute path aka your url).
+			'provider_get' => '../inc/captcha/entrypoint.php',
+			// Custom captcha check provider path
+			'provider_check' => '../inc/captcha/entrypoint.php',
+			// Custom captcha extra field (eg. charset)
+			'extra' => 'abcdefghijklmnopqrstuvwxyz',
+			// New thread captcha. Require solving a captcha to post a thread.
+			'new_thread_capt' => false
+		]
+	];
 
 	// Ability to lock a board for normal users and still allow mods to post.  Could also be useful for making an archive board
 	$config['board_locked'] = false;
diff --git a/inc/context.php b/inc/context.php
index 30c9804e..23165377 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -61,21 +61,29 @@ function build_context(array $config): Context {
 		RemoteCaptchaQuery::class => function($c) {
 			$config = $c->get('config');
 			$http = $c->get(HttpDriver::class);
-			if ($config['recaptcha']) {
-				return new ReCaptchaQuery($http, $config['recaptcha_private']);
-			} elseif ($config['hcaptcha']) {
-				return new HCaptchaQuery($http, $config['hcaptcha_private'], $config['hcaptcha_public']);
-			} else {
-				throw new RuntimeException('No remote captcha service available');
+			switch ($config['captcha']['provider']) {
+				case 'recaptcha':
+					return new ReCaptchaQuery($http, $config['captcha']['recaptcha']['secret']);
+				case 'hcaptcha':
+					return new HCaptchaQuery(
+						$http,
+						$config['captcha']['hcaptcha']['secret'],
+						$config['captcha']['hcaptcha']['sitekey']
+					);
+				default:
+					throw new RuntimeException('No remote captcha service available');
 			}
 		},
 		NativeCaptchaQuery::class => function($c) {
-			$http = $c->get(HttpDriver::class);
 			$config = $c->get('config');
-			return new NativeCaptchaQuery($http,
+			if ($config['captcha']['provider'] !== 'secureimage') {
+				throw new RuntimeException('No native captcha service available');
+			}
+			return new NativeCaptchaQuery(
+				$c->get(HttpDriver::class),
 				$config['domain'],
-				$config['captcha']['provider_check'],
-				$config['captcha']['extra']
+				$config['captcha']['secureimage']['provider_check'],
+				$config['captcha']['secureimage']['extra']
 			);
 		}
 	]);
diff --git a/post.php b/post.php
index ea5b1ccf..f937f06c 100644
--- a/post.php
+++ b/post.php
@@ -629,8 +629,13 @@ if (isset($_POST['delete'])) {
 
 		// Check for CAPTCHA right after opening the board so the "return" link is in there.
 		try {
+			$provider = $config['captcha']['provider'];
+			$new_thread_capt = $config['captcha']['secureimage']['new_thread_capt'];
+			$dynamic = $config['captcha']['dynamic'];
+
 			// With our custom captcha provider
-			if ($config['captcha']['enabled'] || ($post['op'] && $config['new_thread_capt'])) {
+			if (($provider === 'secureimage' && !$new_thread_capt)
+				|| ($provider === 'secureimage' && $new_thread_capt && $post['op'])) {
 				$query = $context->get(NativeCaptchaQuery::class);
 				$success = $query->verify($_POST['captcha_text'], $_POST['captcha_cookie']);
 
@@ -648,8 +653,7 @@ if (isset($_POST['delete'])) {
 				}
 			}
 			// Remote 3rd party captchas.
-			elseif (($config['recaptcha'] || $config['hcaptcha'])
-				&& (!$config['dynamic_captcha'] || $config['dynamic_captcha'] === $_SERVER['REMOTE_ADDR'])) {
+			elseif ($provider && (!$dynamic || $dynamic === $_SERVER['REMOTE_ADDR'])) {
 				$query = $content->get(RemoteCaptchaQuery::class);
 				$field = $query->responseField();
 
diff --git a/templates/header.html b/templates/header.html
index d35fabb9..f72b752a 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -20,7 +20,7 @@
                         <script type="text/javascript" src="/js/mod/mod_snippets.js"></script>
                         {% endif %}
                 {% endif %}
-                {% if config.recaptcha %}<script src="//www.recaptcha.net/recaptcha/api.js"></script>
+                {% if config.captcha.provider == 'recaptcha' %}<script src="//www.recaptcha.net/recaptcha/api.js"></script>
                 <style type="text/css">{% verbatim %}
                         #recaptcha_area {
                                 float: none !important;
@@ -50,6 +50,6 @@
                                 padding: 0 !important;
                         }
                 {% endverbatim %}</style>{% endif %}
-                {% if config.hcaptcha %}
+                {% if config.captcha.provider.hcaptcha %}
                 <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
                 {% endif %}
diff --git a/templates/main.js b/templates/main.js
index e0819622..f956f5cf 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -223,15 +223,15 @@ function getCookie(cookie_name) {
 }
 
 {% endraw %}
-{% if config.dynamic_captcha %}
+{% if config.captcha.dynamic %}
 function is_dynamic_captcha_enabled() {
 	let cookie = get_cookie('require-captcha');
 	return cookie === '1';
 }
 
 function get_captcha_pub_key() {
-{% if config.recaptcha %}
-	return "{{ config.recaptcha_public }}";
+{% if config.captcha.provider === 'recaptcha' %}
+	return "{{ config.captcha.recaptcha.sitekey }}";
 {% else %}
 	return null;
 {% endif %}
diff --git a/templates/post_form.html b/templates/post_form.html
index 8220107b..19c69cfb 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -72,8 +72,8 @@
 				{% endif %}
 			</td>
 		</tr>
-		{% if config.recaptcha %}
-		{% if config.dynamic_captcha %}
+		{% if config.captcha.provider == 'recaptcha' %}
+		{% if config.captcha.dynamic %}
 		<tr id="captcha" style="display: none;">
 		{% else %}
 		<tr>
@@ -83,19 +83,19 @@
 				{{ antibot.html() }}
 			</th>
 			<td>
-				<div class="g-recaptcha" data-sitekey="{{ config.recaptcha_public }}"></div>
+				<div class="g-recaptcha" data-sitekey="{{ config.captcha.recaptcha.sitekey }}"></div>
 				{{ antibot.html() }}
 			</td>
 		</tr>
 		{% endif %}
-		{% if config.hcaptcha %}
+		{% if config.captcha.provider == 'hcaptcha' %}
 		<tr>
 			<th>
 				{% trans %}Verification{% endtrans %}
 				{{ antibot.html() }}
 			</th>
 			<td>
-				<div class="h-captcha" data-sitekey="{{ config.hcaptcha_public }}"></div>
+				<div class="h-captcha" data-sitekey="{{ config.captcha.hcaptcha.sitekey }}"></div>
 				{{ antibot.html() }}
 			</td>
 		</tr>
@@ -106,11 +106,11 @@
 				{% trans %}Verification{% endtrans %}
 			</th>
 			<td>
-				<script>load_captcha("{{ config.captcha.provider_get }}", "{{ config.captcha.extra }}");</script>
+				<script>load_captcha("{{ config.captcha.secureimage.provider_get }}", "{{ config.secureimage.captcha.extra }}");</script>
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.provider_get }}?mode=get&raw=1">
+						<img src="/{{ config.captcha.secureimage.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
 			</td>
@@ -122,11 +122,11 @@
                                 {% trans %}Verification{% endtrans %}
                         </th>
                         <td>
-                                <script>load_captcha("{{ config.captcha.provider_get }}", "{{ config.captcha.extra }}");</script>
+                                <script>load_captcha("{{ config.captcha.secureimage.provider_get }}", "{{ config.captcha.secureimage.extra }}");</script>
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.provider_get }}?mode=get&raw=1">
+						<img src="/{{ config.captcha.secureimage.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
                         </td>