mirror of
https://github.com/lkddi/Xboard.git
synced 2026-04-03 18:40:52 +08:00
5b295dbec3
- Add HasPluginConfig trait and PluginController base class - Integrate guest_comm_config hook in CommController for plugin frontend config injection - Add user creation functionality to UserService and fix null value handling - Enhance AbstractPlugin.getConfig() with key parameter support - Multiple service layer optimizations and architecture improvements
112 lines
3.1 KiB
PHP
112 lines
3.1 KiB
PHP
<?php
|
|
|
|
namespace App\Services;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Http;
|
|
use ReCaptcha\ReCaptcha;
|
|
|
|
class CaptchaService
|
|
{
|
|
/**
|
|
* 验证人机验证码
|
|
*
|
|
* @param Request $request 请求对象
|
|
* @return array [是否通过, 错误消息]
|
|
*/
|
|
public function verify(Request $request): array
|
|
{
|
|
if (!(int) admin_setting('captcha_enable', 0)) {
|
|
return [true, null];
|
|
}
|
|
|
|
$captchaType = admin_setting('captcha_type', 'recaptcha');
|
|
|
|
return match ($captchaType) {
|
|
'turnstile' => $this->verifyTurnstile($request),
|
|
'recaptcha-v3' => $this->verifyRecaptchaV3($request),
|
|
'recaptcha' => $this->verifyRecaptcha($request),
|
|
default => [false, [400, __('Invalid captcha type')]]
|
|
};
|
|
}
|
|
|
|
/**
|
|
* 验证 Cloudflare Turnstile
|
|
*
|
|
* @param Request $request
|
|
* @return array
|
|
*/
|
|
private function verifyTurnstile(Request $request): array
|
|
{
|
|
$turnstileToken = $request->input('turnstile_token');
|
|
if (!$turnstileToken) {
|
|
return [false, [400, __('Invalid code is incorrect')]];
|
|
}
|
|
|
|
$response = Http::post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
|
|
'secret' => admin_setting('turnstile_secret_key'),
|
|
'response' => $turnstileToken,
|
|
'remoteip' => $request->ip()
|
|
]);
|
|
|
|
$result = $response->json();
|
|
if (!$result['success']) {
|
|
return [false, [400, __('Invalid code is incorrect')]];
|
|
}
|
|
|
|
return [true, null];
|
|
}
|
|
|
|
/**
|
|
* 验证 Google reCAPTCHA v3
|
|
*
|
|
* @param Request $request
|
|
* @return array
|
|
*/
|
|
private function verifyRecaptchaV3(Request $request): array
|
|
{
|
|
$recaptchaV3Token = $request->input('recaptcha_v3_token');
|
|
if (!$recaptchaV3Token) {
|
|
return [false, [400, __('Invalid code is incorrect')]];
|
|
}
|
|
|
|
$recaptcha = new ReCaptcha(admin_setting('recaptcha_v3_secret_key'));
|
|
$recaptchaResp = $recaptcha->verify($recaptchaV3Token, $request->ip());
|
|
|
|
if (!$recaptchaResp->isSuccess()) {
|
|
return [false, [400, __('Invalid code is incorrect')]];
|
|
}
|
|
|
|
// 检查分数阈值(如果有的话)
|
|
$score = $recaptchaResp->getScore();
|
|
$threshold = admin_setting('recaptcha_v3_score_threshold', 0.5);
|
|
if ($score < $threshold) {
|
|
return [false, [400, __('Invalid code is incorrect')]];
|
|
}
|
|
|
|
return [true, null];
|
|
}
|
|
|
|
/**
|
|
* 验证 Google reCAPTCHA v2
|
|
*
|
|
* @param Request $request
|
|
* @return array
|
|
*/
|
|
private function verifyRecaptcha(Request $request): array
|
|
{
|
|
$recaptchaData = $request->input('recaptcha_data');
|
|
if (!$recaptchaData) {
|
|
return [false, [400, __('Invalid code is incorrect')]];
|
|
}
|
|
|
|
$recaptcha = new ReCaptcha(admin_setting('recaptcha_key'));
|
|
$recaptchaResp = $recaptcha->verify($recaptchaData);
|
|
|
|
if (!$recaptchaResp->isSuccess()) {
|
|
return [false, [400, __('Invalid code is incorrect')]];
|
|
}
|
|
|
|
return [true, null];
|
|
}
|
|
}
|