Dont allow caching captcha response (#4381)
Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
This commit is contained in:
parent
b58da11fb7
commit
516db012bf
1 changed files with 16 additions and 7 deletions
|
@ -1,5 +1,13 @@
|
||||||
use crate::captcha_as_wav_base64;
|
use crate::captcha_as_wav_base64;
|
||||||
use actix_web::web::{Data, Json};
|
use actix_web::{
|
||||||
|
http::{
|
||||||
|
header::{CacheControl, CacheDirective},
|
||||||
|
StatusCode,
|
||||||
|
},
|
||||||
|
web::{Data, Json},
|
||||||
|
HttpResponse,
|
||||||
|
HttpResponseBuilder,
|
||||||
|
};
|
||||||
use captcha::{gen, Difficulty};
|
use captcha::{gen, Difficulty};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
|
@ -12,13 +20,13 @@ use lemmy_db_schema::source::{
|
||||||
use lemmy_utils::error::LemmyError;
|
use lemmy_utils::error::LemmyError;
|
||||||
|
|
||||||
#[tracing::instrument(skip(context))]
|
#[tracing::instrument(skip(context))]
|
||||||
pub async fn get_captcha(
|
pub async fn get_captcha(context: Data<LemmyContext>) -> Result<HttpResponse, LemmyError> {
|
||||||
context: Data<LemmyContext>,
|
|
||||||
) -> Result<Json<GetCaptchaResponse>, LemmyError> {
|
|
||||||
let local_site = LocalSite::read(&mut context.pool()).await?;
|
let local_site = LocalSite::read(&mut context.pool()).await?;
|
||||||
|
let mut res = HttpResponseBuilder::new(StatusCode::OK);
|
||||||
|
res.insert_header(CacheControl(vec![CacheDirective::NoStore]));
|
||||||
|
|
||||||
if !local_site.captcha_enabled {
|
if !local_site.captcha_enabled {
|
||||||
return Ok(Json(GetCaptchaResponse { ok: None }));
|
return Ok(res.json(Json(GetCaptchaResponse { ok: None })));
|
||||||
}
|
}
|
||||||
|
|
||||||
let captcha = gen(match local_site.captcha_difficulty.as_str() {
|
let captcha = gen(match local_site.captcha_difficulty.as_str() {
|
||||||
|
@ -37,11 +45,12 @@ pub async fn get_captcha(
|
||||||
// Stores the captcha item in the db
|
// Stores the captcha item in the db
|
||||||
let captcha = CaptchaAnswer::insert(&mut context.pool(), &captcha_form).await?;
|
let captcha = CaptchaAnswer::insert(&mut context.pool(), &captcha_form).await?;
|
||||||
|
|
||||||
Ok(Json(GetCaptchaResponse {
|
let json = Json(GetCaptchaResponse {
|
||||||
ok: Some(CaptchaResponse {
|
ok: Some(CaptchaResponse {
|
||||||
png,
|
png,
|
||||||
wav,
|
wav,
|
||||||
uuid: captcha.uuid.to_string(),
|
uuid: captcha.uuid.to_string(),
|
||||||
}),
|
}),
|
||||||
}))
|
});
|
||||||
|
Ok(res.json(json))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue