34 lines
925 B
TypeScript
34 lines
925 B
TypeScript
import { config } from "./config";
|
|
|
|
export async function verifyTurnstileToken(token: string, remoteIp?: string): Promise<boolean> {
|
|
if (config.turnstile.bypassToken && token === config.turnstile.bypassToken) {
|
|
return true;
|
|
}
|
|
if (!config.turnstile.secretKey) {
|
|
return false;
|
|
}
|
|
|
|
const body = new URLSearchParams();
|
|
body.set("secret", config.turnstile.secretKey);
|
|
body.set("response", token);
|
|
if (remoteIp) {
|
|
body.set("remoteip", remoteIp);
|
|
}
|
|
|
|
try {
|
|
const response = await fetch("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
body,
|
|
signal: AbortSignal.timeout(5_000),
|
|
});
|
|
if (!response.ok) {
|
|
return false;
|
|
}
|
|
const payload = (await response.json()) as { success?: boolean };
|
|
return payload.success === true;
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|