fix(server/utils): update recaptcha guard

- use actual form field (it's not "g-recaptcha-response") - switch from useFetch to axios - use "application/x-www-form-urlencoded" as content type
2023-12-29 18:04:33 -05:00 · 2023-12-29 18:04:33 -05:00 · f611c56c39
commit f611c56c39
parent d4ae55a25b
1 changed files with 11 additions and 6 deletions
--- a/lib/server/middlewareButNotReally/index.ts
+++ b/lib/server/middlewareButNotReally/index.ts
@ -3,6 +3,7 @@ import { messages } from "@server/constants";
 import { IStory } from "@models/stories";
 import { isFicmasHidden } from "@functions";
 import { IDraft } from "@models/stories/draft";
 import axios from "axios";
 export function isIdNan(ev: H3Event<EventHandlerRequest>) {
 	const id = parseInt(getRouterParam(ev, "id")!);
 	if (Number.isNaN(id)) {
@ -61,17 +62,21 @@ export async function storyCheck(
 export async function captcha(ev: H3Event<EventHandlerRequest>) {
 	const body = await readBody(ev);
-	let { data: cres }: { data: any } = await useFetch(
+	let { data: cres }: { data: any } = await axios.post(
 		"https://www.google.com/recaptcha/api/siteverify",
 		{
-			method: "post",
+			secret: useRuntimeConfig().captcha.secret,
-			body: {
+			response: body["recaptcha"],
-				secret: useRuntimeConfig().captcha.secret,
+		},
-				response: body["g-recaptcha-response"],
+		{
 			headers: {
 				"Content-Type": "application/x-www-form-urlencoded",
 			},
 		},
 	);
-	if (!cres.value.success) {
+
 	console.log(cres);
 	if (!cres?.success) {
 		throw createError({
 			statusCode: 400,
 			message: "bad recaptcha",