feat: add registration and authentication

backend/src/turnstile.ts

@@ -0,0 +1,33 @@
+import { config } from "./config";
+
+export async function verifyTurnstileToken(token: string, remoteIp?: string): Promise<boolean> {
+  if (config.turnstile.bypassToken && token === config.turnstile.bypassToken) {
+    return true;
+  }
+  if (!config.turnstile.secretKey) {
+    return false;
+  }
+
+  const body = new URLSearchParams();
+  body.set("secret", config.turnstile.secretKey);
+  body.set("response", token);
+  if (remoteIp) {
+    body.set("remoteip", remoteIp);
+  }
+
+  try {
+    const response = await fetch("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body,
+      signal: AbortSignal.timeout(5_000),
+    });
+    if (!response.ok) {
+      return false;
+    }
+    const payload = (await response.json()) as { success?: boolean };
+    return payload.success === true;
+  } catch {
+    return false;
+  }
+}