docs: update for Turnstile

GZTimeWalker · Sep 2, 2023 · 042620c · 042620c
1 parent ccf64b7
commit 042620c
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 23 deletions.
diff --git a/docs/pages/config/appsettings.zh.mdx b/docs/pages/config/appsettings.zh.mdx
@@ -72,11 +72,14 @@ import { Callout } from "nextra-theme-docs";
     "Password": "",
     "ServerAddress": ""
   },
-  "GoogleRecaptcha": {
-    "VerifyAPIAddress": "https://www.recaptcha.net/recaptcha/api/siteverify",
-    "Sitekey": "",
-    "Secretkey": "",
-    "RecaptchaThreshold": "0.5"
+  "CaptchaConfig": {
+    "Provider": "None",
+    "SiteKey": "...",
+    "SecretKey": "...",
+    "GoogleRecaptcha": {
+      "VerifyAPIAddress": "https://www.recaptcha.net/recaptcha/api/siteverify",
+      "RecaptchaThreshold": "0.5"
+    }
   },
   "ForwardedOptions": {
     "ForwardedHeaders": 5, // a flag enum, see following link
@@ -185,13 +188,19 @@ GZCTF 仅支持 PostgreSQL 作为数据库，不支持 MySQL 等其他数据库
 
 </Callout>
 
-### GoogleRecaptcha
+### CaptchaConfig
+
+此处配置验证码相关信息，用于注册、找回账号和登录时的验证码验证，可选项。
+
+- **Provider:** 验证码提供商，可选 `None`、`GoogleRecaptcha` 或 `CloudflareTurnstile`
+- **SiteKey:** 验证码 Sitekey
+- **SecretKey:** 验证码 Secretkey
+
+#### GoogleRecaptcha
 
-此处配置 Google Recaptcha 的相关信息，用于注册时的验证码验证，可选项。
+配置 Google Recaptcha 的相关信息，用于注册时的验证码验证，可选项。
 
 - **VerifyAPIAddress:** Google Recaptcha 验证 API 地址
-- **Sitekey:** Google Recaptcha 站点密钥
-- **Secretkey:** Google Recaptcha 服务器密钥
 - **RecaptchaThreshold:** Google Recaptcha 阈值，用于判断验证码是否有效
 
 ### ForwardedOptions

diff --git a/docs/pages/quick-start.zh.mdx b/docs/pages/quick-start.zh.mdx
@@ -63,12 +63,15 @@ GZCTF 的安全性和前端功能（如操作剪贴板）依赖于 HTTPS，此
        "Password": "",
        "ServerAddress": ""
      },
-     "GoogleRecaptcha": {
-       "VerifyAPIAddress": "https://www.recaptcha.net/recaptcha/api/siteverify",
-       "Sitekey": "",
-       "Secretkey": "",
-       "RecaptchaThreshold": "0.5"
-     },
+    "CaptchaConfig": {
+      "Provider": "None",
+      "SiteKey": "<Your SITE_KEY>",
+      "SecretKey": "<Your SECRET_KEY>",
+      "GoogleRecaptcha": {
+        "VerifyAPIAddress": "https://www.recaptcha.net/recaptcha/api/siteverify",
+        "RecaptchaThreshold": "0.5"
+      }
+    },
      "ForwardedOptions": {
        "ForwardedHeaders": 5,
        "ForwardLimit": 1,

diff --git a/src/GZCTF/Controllers/AccountController.cs b/src/GZCTF/Controllers/AccountController.cs
@@ -243,6 +243,7 @@ public async Task<IActionResult> Verify([FromBody] AccountVerifyModel model)
     /// 使用此接口登录账户
     /// </remarks>
     /// <param name="model"></param>
+    /// <param name="token"></param>
     /// <response code="200">用户成功登录</response>
     /// <response code="400">校验失败</response>
     /// <response code="401">用户名或密码错误</response>

diff --git a/src/GZCTF/Extensions/CaptchaExtension.cs b/src/GZCTF/Extensions/CaptchaExtension.cs
@@ -46,7 +46,7 @@ public sealed class GoogleRecaptchaExtension(IOptions<CaptchaConfig>? options) :
 
     public override async Task<bool> VerifyAsync(ModelWithCaptcha model, HttpContext context, CancellationToken token = default)
     {
-        if (_config is null || string.IsNullOrWhiteSpace(_config.Secretkey))
+        if (_config is null || string.IsNullOrWhiteSpace(_config.SecretKey))
             return true;
 
         if (string.IsNullOrEmpty(model.Challenge) || context.Connection.RemoteIpAddress is null)
@@ -55,7 +55,7 @@ public override async Task<bool> VerifyAsync(ModelWithCaptcha model, HttpContext
         var ip = context.Connection.RemoteIpAddress;
         var api = _config.GoogleRecaptcha.VerifyAPIAddress;
 
-        var result = await _httpClient.GetAsync($"{api}?secret={_config.Secretkey}&response={token}&remoteip={ip}", token);
+        var result = await _httpClient.GetAsync($"{api}?secret={_config.SecretKey}&response={token}&remoteip={ip}", token);
         var res = await result.Content.ReadFromJsonAsync<RecaptchaResponseModel>(cancellationToken: token);
 
         return res is not null && res.Success && res.Score >= _config.GoogleRecaptcha.RecaptchaThreshold;
@@ -68,7 +68,7 @@ public sealed class CloudflareTurnstile(IOptions<CaptchaConfig>? options) : Capt
 
     public override async Task<bool> VerifyAsync(ModelWithCaptcha model, HttpContext context, CancellationToken token = default)
     {
-        if (_config is null || string.IsNullOrWhiteSpace(_config.Secretkey))
+        if (_config is null || string.IsNullOrWhiteSpace(_config.SecretKey))
             return true;
 
         if (string.IsNullOrEmpty(model.Challenge) || context.Connection.RemoteIpAddress is null)
@@ -78,7 +78,7 @@ public override async Task<bool> VerifyAsync(ModelWithCaptcha model, HttpContext
 
         TurnstileRequestModel req = new()
         {
-            Secret = _config.Secretkey,
+            Secret = _config.SecretKey,
             Response = model.Challenge,
             RemoteIP = ip.ToString()
         };

diff --git a/src/GZCTF/Models/Internal/Configs.cs b/src/GZCTF/Models/Internal/Configs.cs
@@ -158,7 +158,7 @@ public enum CaptchaProvider
 public class CaptchaConfig
 {
     public CaptchaProvider Provider { get; set; }
-    public string? Secretkey { get; set; }
+    public string? SecretKey { get; set; }
     public string? SiteKey { get; set; }
 
     public GoogleRecaptchaConfig GoogleRecaptcha { get; set; } = new();

diff --git a/src/GZCTF/Properties/launchSettings.json b/src/GZCTF/Properties/launchSettings.json
@@ -3,10 +3,9 @@
     "GZCTF": {
       "commandName": "Project",
       "launchBrowser": true,
-      "applicationUrl": "http://localhost:55000",
+      "applicationUrl": "http://localhost:20461",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.SpaProxy"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }