Integrated hCaptcha.

src/auth.js

@@ -5,6 +5,7 @@ import fs from 'fs/promises';
 import { createAvatar } from '@dicebear/core';
 import { shapes } from '@dicebear/collection';
 import { faker } from '@faker-js/faker';
+import { verify } from 'hcaptcha';
 
 import { knexOwner as knex } from './knex.js';
 import redis from './redis.js';
@@ -105,6 +106,15 @@ export async function signup(credentials, userIp) {
 		throw new HttpError('Password must be 3 characters or longer', 400);
 	}
 
+	if (config.auth.captcha.enabled) {
+		const captchaVerification = await verify(config.auth.captcha.secretKey, credentials.captcha);
+
+		if (!captchaVerification.success) {
+			logger.warn(`Invalid sign-up CAPTCHA from '${curatedUsername}' (${credentials.email}, ${userIp})`);
+			throw new HttpError('Invalid CAPTCHA', 400);
+		}
+	}
+
 	const existingUser = await knex('users')
 		.where(knex.raw('lower(username)'), curatedUsername.toLowerCase())
 		.orWhere(knex.raw('lower(email)'), credentials.email.toLowerCase())
@@ -134,7 +144,7 @@ export async function signup(credentials, userIp) {
 		primary: true,
 	});
 
-	logger.verbose(`Signup from '${curatedUsername}' (${userId}, ${credentials.email}, ${userIp})`);
+	logger.info(`Signup from '${curatedUsername}' (${userId}, ${credentials.email}, ${userIp})`);
 
 	await generateAvatar({
 		id: userId,

src/web/main.js

@@ -45,6 +45,10 @@ export default async function mainHandler(req, res, next) {
 			psa: config.psa,
 			links: config.links,
 			socials,
+			captcha: {
+				enabled: config.auth.captcha.enabled,
+				siteKey: config.auth.captcha.siteKey,
+			},
 		},
 		meta: {
 			now: new Date().toISOString(),