Merge branch 'develop' into feature-nobot

Add nobot app to protect links from bots:wq
2021-04-14 17:00:08 +03:00 · 2019-06-08 17:27:48 +03:00
12 changed files with 144 additions and 0 deletions
@@ -0,0 +1,4 @@
+from django.contrib import admin
+from nobotapp.models import CaptchaUrl
+
+admin.site.register(CaptchaUrl)
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class NobotappConfig(AppConfig):
+    name = 'nobotapp'
@@ -0,0 +1,21 @@
+# Generated by Django 2.2.2 on 2019-06-08 08:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CaptchaUrl',
+            fields=[
+                ('slug', models.SlugField(primary_key=True, serialize=False)),
+                ('destination', models.URLField()),
+            ],
+        ),
+    ]
@@ -0,0 +1,9 @@
+from django.db import models
+
+
+class CaptchaUrl(models.Model):
+    slug = models.SlugField(primary_key=True)
+    destination = models.URLField()
+
+    def __str__(self):
+        return "[Redirect {} -> {}]".format(self.slug, self.destination)
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Are you a robot?</title>
+        <script
+			  src="https://code.jquery.com/jquery-3.4.1.min.js"
+			  integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
+			  crossorigin="anonymous"></script>
+        <script src="https://www.google.com/recaptcha/api.js?render={{ site_key }}"></script>
+        <script>
+       
+        function getCookie(name) {
+            var cookieValue = null;
+            if (document.cookie && document.cookie !== '') {
+                var cookies = document.cookie.split(';');
+                for (var i = 0; i < cookies.length; i++) {
+                    var cookie = jQuery.trim(cookies[i]);
+                    // Does this cookie string begin with the name we want?
+                    if (cookie.substring(0, name.length + 1) === (name + '=')) {
+                        cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                        break;
+                    }
+                }
+            }
+            return cookieValue;
+        }
+        var csrftoken = getCookie('csrftoken');
+
+        function csrfSafeMethod(method) {
+            // these HTTP methods do not require CSRF protection
+            return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+        }
+        $.ajaxSetup({
+            beforeSend: function(xhr, settings) {
+                if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+                    xhr.setRequestHeader("X-CSRFToken", csrftoken);
+                }
+            }
+        });
+
+        grecaptcha.ready(function() {
+            grecaptcha.execute('{{ site_key }}', {action: '{{ object.slug }}'}).then(function(token) {
+               $.post("",{'token':token},function(resp){
+                   window.location = resp;
+               });
+            });
+        });
+        </script>
+    </head>
+    <body>
+        <H1>Are you a robot?</H1>
+        <p>We need to make sure you are not a robot before proceeding to {{ object.slug }}</p>
+        <div class="g-recaptcha" data-sitekey="{{ site_key }}"></div>
+    </body>
+</html>
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
@@ -0,0 +1,7 @@
+from django.urls import path
+from nobotapp.views import CaptchaRedirect
+
+
+urlpatterns = [
+    path('<slug>', CaptchaRedirect.as_view())
+]
@@ -0,0 +1,38 @@
+import json
+import requests
+from django.shortcuts import get_object_or_404
+from django.http import HttpResponse
+from django.conf import settings
+from django.views.generic.detail import DetailView
+from nobotapp.models import CaptchaUrl
+
+
+class CaptchaRedirect(DetailView):
+    template_name = "captcha.html"
+    model = CaptchaUrl
+
+    def get_context_data(self, **kwargs):
+        context_data = super().get_context_data(**kwargs)
+        context_data['site_key'] = settings.GOOGLE_RECAPTCHA_SITE_KEY
+        return context_data
+
+    def post(self, request, slug):
+        obj = get_object_or_404(CaptchaUrl, slug=slug)
+        try:
+            token = request.POST['token']
+        except KeyError:
+            return HttpResponse(status=403)
+
+        request_data = {
+            'secret': settings.GOOGLE_RECAPTCHA_SECRET_KEY,
+            'response': token
+        }
+        resp = requests.post(
+            'https://www.google.com/recaptcha/api/siteverify',
+            data=request_data)
+
+        data = json.loads(resp.content)
+        if not data['success']:
+            return HttpResponse(status=403)
+
+        return HttpResponse(obj.destination)
@@ -97,6 +97,7 @@ INSTALLED_APPS = [
    'phonenumber_field',
    'import_export',
    'django_filters',
+    'nobotapp',
 ]

 IMPORT_EXPORT_USE_TRANSACTIONS = True
@@ -26,6 +26,7 @@ urlpatterns = [
    url(r'^api/', include(router.urls)),
    url(r'^api/api-token-auth/', obtain_jwt_token),
    url(r'^api/api-token-verify/', verify_jwt_token),
+    url('nb/', include("nobotapp.urls")),
    # git revision
    url(r'^about', about_view),
    url(r'^jwt_nginx', nginx_jwt_resp),
Author	SHA1	Message	Date
Aarni Halinen	8bea6a34a6	Merge branch 'develop' into feature-nobot	2021-04-14 17:00:08 +03:00
okalintu	3b48012e4f	Add nobot app to protect links from bots:wq	2019-06-08 17:27:48 +03:00