123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- # frozen_string_literal: true
- module CaptchaConcern
- extend ActiveSupport::Concern
- include Hcaptcha::Adapters::ViewMethods
- included do
- helper_method :render_captcha
- end
- def captcha_available?
- ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present?
- end
- def captcha_enabled?
- captcha_available? && Setting.captcha_enabled
- end
- def captcha_user_bypass?
- false
- end
- def captcha_required?
- captcha_enabled? && !captcha_user_bypass?
- end
- def check_captcha!
- return true unless captcha_required?
- if verify_hcaptcha
- true
- else
- if block_given?
- message = flash[:hcaptcha_error]
- flash.delete(:hcaptcha_error)
- yield message
- end
- false
- end
- end
- def extend_csp_for_captcha!
- policy = request.content_security_policy&.clone
- return unless captcha_required? && policy.present?
- %w(script_src frame_src style_src connect_src).each do |directive|
- values = policy.send(directive)
- values << 'https://hcaptcha.com' unless values.include?('https://hcaptcha.com') || values.include?('https:')
- values << 'https://*.hcaptcha.com' unless values.include?('https://*.hcaptcha.com') || values.include?('https:')
- policy.send(directive, *values)
- end
- request.content_security_policy = policy
- end
- def render_captcha
- return unless captcha_required?
- hcaptcha_tags
- end
- end
|