Dont allow caching captcha response (#4381)

Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
This commit is contained in:
Nutomic 2024-01-19 16:41:05 +01:00 committed by GitHub
parent b58da11fb7
commit 516db012bf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -1,5 +1,13 @@
use crate::captcha_as_wav_base64;
use actix_web::web::{Data, Json};
use actix_web::{
http::{
header::{CacheControl, CacheDirective},
StatusCode,
},
web::{Data, Json},
HttpResponse,
HttpResponseBuilder,
};
use captcha::{gen, Difficulty};
use lemmy_api_common::{
context::LemmyContext,
@ -12,13 +20,13 @@ use lemmy_db_schema::source::{
use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))]
pub async fn get_captcha(
context: Data<LemmyContext>,
) -> Result<Json<GetCaptchaResponse>, LemmyError> {
pub async fn get_captcha(context: Data<LemmyContext>) -> Result<HttpResponse, LemmyError> {
let local_site = LocalSite::read(&mut context.pool()).await?;
let mut res = HttpResponseBuilder::new(StatusCode::OK);
res.insert_header(CacheControl(vec![CacheDirective::NoStore]));
if !local_site.captcha_enabled {
return Ok(Json(GetCaptchaResponse { ok: None }));
return Ok(res.json(Json(GetCaptchaResponse { ok: None })));
}
let captcha = gen(match local_site.captcha_difficulty.as_str() {
@ -37,11 +45,12 @@ pub async fn get_captcha(
// Stores the captcha item in the db
let captcha = CaptchaAnswer::insert(&mut context.pool(), &captcha_form).await?;
Ok(Json(GetCaptchaResponse {
let json = Json(GetCaptchaResponse {
ok: Some(CaptchaResponse {
png,
wav,
uuid: captcha.uuid.to_string(),
}),
}))
});
Ok(res.json(json))
}