package api import ( "encoding/json" "fmt" "net/http" "strings" ) func verifyCaptcha(secret, response string) error { verifyURL := "https://hcaptcha.com/siteverify" body := strings.NewReader("secret=" + secret + "&response=" + response) req, err := http.NewRequest("POST", verifyURL, body) if err != nil { return err } req.Header.Set("Content-Type", "application/x-www-form-urlencoded") client := &http.Client{} resp, err := client.Do(req) if err != nil { return err } jsonResponse := struct { Success bool `json:"success"` }{} err = json.NewDecoder(resp.Body).Decode(&jsonResponse) if err != nil { return err } if !jsonResponse.Success { return fmt.Errorf("hcaptcha verification failed") } defer resp.Body.Close() return nil } func CaptchaArgsContinuation(context *RequestContext, req *http.Request, resp http.ResponseWriter) ContinuationChain { return func(success Continuation, failure Continuation) ContinuationChain { (*context.TemplateData)["HcaptchaArgs"] = HcaptchaArgs{ SiteKey: context.Args.HcaptchaSiteKey, } return success(context, req, resp) } } func CaptchaVerificationContinuation(context *RequestContext, req *http.Request, resp http.ResponseWriter) ContinuationChain { return func(success Continuation, failure Continuation) ContinuationChain { hCaptchaResponse := req.FormValue("h-captcha-response") secretKey := context.Args.HcaptchaSecret err := verifyCaptcha(secretKey, hCaptchaResponse) if err != nil { (*context.TemplateData)["FormError"] = FormError{ Errors: []string{"hCaptcha verification failed"}, } resp.WriteHeader(http.StatusBadRequest) return failure(context, req, resp) } return success(context, req, resp) } }