From 3b48012e4f12ed09e93d26e834f19dd7076dfc37 Mon Sep 17 00:00:00 2001
From: okalintu <ilkka.oks4nen@gmail.com>
Date: Sat, 8 Jun 2019 17:12:59 +0300
Subject: [PATCH] Add nobot app to protect links from bots:wq

---
 nobotapp/__init__.py                |  0
 nobotapp/admin.py                   |  4 +++
 nobotapp/apps.py                    |  5 +++
 nobotapp/migrations/0001_initial.py | 21 +++++++++++
 nobotapp/migrations/__init__.py     |  0
 nobotapp/models.py                  |  9 +++++
 nobotapp/templates/captcha.html     | 55 +++++++++++++++++++++++++++++
 nobotapp/tests.py                   |  3 ++
 nobotapp/urls.py                    |  7 ++++
 nobotapp/views.py                   | 38 ++++++++++++++++++++
 sikweb/base.py                      |  1 +
 webapp/urls.py                      |  1 +
 12 files changed, 144 insertions(+)
 create mode 100644 nobotapp/__init__.py
 create mode 100644 nobotapp/admin.py
 create mode 100644 nobotapp/apps.py
 create mode 100644 nobotapp/migrations/0001_initial.py
 create mode 100644 nobotapp/migrations/__init__.py
 create mode 100644 nobotapp/models.py
 create mode 100644 nobotapp/templates/captcha.html
 create mode 100644 nobotapp/tests.py
 create mode 100644 nobotapp/urls.py
 create mode 100644 nobotapp/views.py

diff --git a/nobotapp/__init__.py b/nobotapp/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/nobotapp/admin.py b/nobotapp/admin.py
new file mode 100644
index 0000000..9288c6e
--- /dev/null
+++ b/nobotapp/admin.py
@@ -0,0 +1,4 @@
+from django.contrib import admin
+from nobotapp.models import CaptchaUrl
+
+admin.site.register(CaptchaUrl)
diff --git a/nobotapp/apps.py b/nobotapp/apps.py
new file mode 100644
index 0000000..e9c5386
--- /dev/null
+++ b/nobotapp/apps.py
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class NobotappConfig(AppConfig):
+    name = 'nobotapp'
diff --git a/nobotapp/migrations/0001_initial.py b/nobotapp/migrations/0001_initial.py
new file mode 100644
index 0000000..7f587af
--- /dev/null
+++ b/nobotapp/migrations/0001_initial.py
@@ -0,0 +1,21 @@
+# Generated by Django 2.2.2 on 2019-06-08 08:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CaptchaUrl',
+            fields=[
+                ('slug', models.SlugField(primary_key=True, serialize=False)),
+                ('destination', models.URLField()),
+            ],
+        ),
+    ]
diff --git a/nobotapp/migrations/__init__.py b/nobotapp/migrations/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/nobotapp/models.py b/nobotapp/models.py
new file mode 100644
index 0000000..f8ddcec
--- /dev/null
+++ b/nobotapp/models.py
@@ -0,0 +1,9 @@
+from django.db import models
+
+
+class CaptchaUrl(models.Model):
+    slug = models.SlugField(primary_key=True)
+    destination = models.URLField()
+
+    def __str__(self):
+        return "[Redirect {} -> {}]".format(self.slug, self.destination)
diff --git a/nobotapp/templates/captcha.html b/nobotapp/templates/captcha.html
new file mode 100644
index 0000000..0157166
--- /dev/null
+++ b/nobotapp/templates/captcha.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Are you a robot?</title>
+        <script
+			  src="https://code.jquery.com/jquery-3.4.1.min.js"
+			  integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
+			  crossorigin="anonymous"></script>
+        <script src="https://www.google.com/recaptcha/api.js?render={{ site_key }}"></script>
+        <script>
+       
+        function getCookie(name) {
+            var cookieValue = null;
+            if (document.cookie && document.cookie !== '') {
+                var cookies = document.cookie.split(';');
+                for (var i = 0; i < cookies.length; i++) {
+                    var cookie = jQuery.trim(cookies[i]);
+                    // Does this cookie string begin with the name we want?
+                    if (cookie.substring(0, name.length + 1) === (name + '=')) {
+                        cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                        break;
+                    }
+                }
+            }
+            return cookieValue;
+        }
+        var csrftoken = getCookie('csrftoken');
+
+        function csrfSafeMethod(method) {
+            // these HTTP methods do not require CSRF protection
+            return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+        }
+        $.ajaxSetup({
+            beforeSend: function(xhr, settings) {
+                if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+                    xhr.setRequestHeader("X-CSRFToken", csrftoken);
+                }
+            }
+        });
+
+        grecaptcha.ready(function() {
+            grecaptcha.execute('{{ site_key }}', {action: '{{ object.slug }}'}).then(function(token) {
+               $.post("",{'token':token},function(resp){
+                   window.location = resp;
+               });
+            });
+        });
+        </script>
+    </head>
+    <body>
+        <H1>Are you a robot?</H1>
+        <p>We need to make sure you are not a robot before proceeding to {{ object.slug }}</p>
+        <div class="g-recaptcha" data-sitekey="{{ site_key }}"></div>
+    </body>
+</html>
\ No newline at end of file
diff --git a/nobotapp/tests.py b/nobotapp/tests.py
new file mode 100644
index 0000000..7ce503c
--- /dev/null
+++ b/nobotapp/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/nobotapp/urls.py b/nobotapp/urls.py
new file mode 100644
index 0000000..1f6bd51
--- /dev/null
+++ b/nobotapp/urls.py
@@ -0,0 +1,7 @@
+from django.urls import path
+from nobotapp.views import CaptchaRedirect
+
+
+urlpatterns = [
+    path('<slug>', CaptchaRedirect.as_view())
+]
diff --git a/nobotapp/views.py b/nobotapp/views.py
new file mode 100644
index 0000000..a99d326
--- /dev/null
+++ b/nobotapp/views.py
@@ -0,0 +1,38 @@
+import json
+import requests
+from django.shortcuts import get_object_or_404
+from django.http import HttpResponse
+from django.conf import settings
+from django.views.generic.detail import DetailView
+from nobotapp.models import CaptchaUrl
+
+
+class CaptchaRedirect(DetailView):
+    template_name = "captcha.html"
+    model = CaptchaUrl
+
+    def get_context_data(self, **kwargs):
+        context_data = super().get_context_data(**kwargs)
+        context_data['site_key'] = settings.GOOGLE_RECAPTCHA_SITE_KEY
+        return context_data
+
+    def post(self, request, slug):
+        obj = get_object_or_404(CaptchaUrl, slug=slug)
+        try:
+            token = request.POST['token']
+        except KeyError:
+            return HttpResponse(status=403)
+
+        request_data = {
+            'secret': settings.GOOGLE_RECAPTCHA_SECRET_KEY,
+            'response': token
+        }
+        resp = requests.post(
+            'https://www.google.com/recaptcha/api/siteverify',
+            data=request_data)
+
+        data = json.loads(resp.content)
+        if not data['success']:
+            return HttpResponse(status=403)
+
+        return HttpResponse(obj.destination)
diff --git a/sikweb/base.py b/sikweb/base.py
index ba33914..f3b330b 100644
--- a/sikweb/base.py
+++ b/sikweb/base.py
@@ -105,6 +105,7 @@ INSTALLED_APPS = [
     'phonenumber_field',
     'import_export',
     'django_filters',
+    'nobotapp',
 ]
 
 IMPORT_EXPORT_USE_TRANSACTIONS = True
diff --git a/webapp/urls.py b/webapp/urls.py
index f3bfa44..60d3b4f 100644
--- a/webapp/urls.py
+++ b/webapp/urls.py
@@ -41,6 +41,7 @@ urlpatterns = [
     url(r'^api/', include(router.urls)),
     url(r'^api/api-token-auth/', obtain_jwt_token),
     url(r'^api/api-token-verify/', verify_jwt_token),
+    url('nb/', include("nobotapp.urls")),
 
     # login stuff
     # url(r'^login$', login_view),