ModySolutions
diff --git a/‎app/Traits/Migrate.php‎ ‎app/Features/Migrate.php‎app/Traits/Migrate.php renamed to app/Features/Migrate.php
Lines changed: 1 addition & 1 deletion b/‎app/Traits/Migrate.php‎ ‎app/Features/Migrate.php‎app/Traits/Migrate.php renamed to app/Features/Migrate.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Features/Recaptcha.php‎
Lines changed: 32 additions & 0 deletions b/‎app/Features/Recaptcha.php‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎app/Hooks/Auth/Ajax.php‎
Lines changed: 10 additions & 2 deletions b/‎app/Hooks/Auth/Ajax.php‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎app/Hooks/Migrations/Cron.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Hooks/Migrations/Cron.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Hooks/Security.php‎
Lines changed: 58 additions & 19 deletions b/‎app/Hooks/Security.php‎
Lines changed: 58 additions & 19 deletions
diff --git a/‎app/Hooks/Sites/Routes.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Hooks/Sites/Routes.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/application.php‎
Lines changed: 6 additions & 2 deletions b/‎config/application.php‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎config/webpack.config.js‎
Lines changed: 15 additions & 3 deletions b/‎config/webpack.config.js‎
Lines changed: 15 additions & 3 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 0 deletions b/‎package.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pnpm-lock.yaml‎
Lines changed: 9 additions & 0 deletions b/‎pnpm-lock.yaml‎
Lines changed: 9 additions & 0 deletions
@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Traits;
+namespace App\Features;
 
 use Roots\WPConfig\Config;
 use function Env\env;
 
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Features;
+
+use Roots\WPConfig\Config;
+
+trait Recaptcha {
+    public static function validate_recaptcha() : void {
+        $recaptcha_token = $_POST['token'] ?? '';
+        $recaptcha_secret = Config::get('RECAPTCHA_SECRET');
+
+        if($recaptcha_secret && $recaptcha_token) {
+            $response = wp_remote_get(add_query_arg(array(
+                'secret' => $recaptcha_secret,
+                'response' => $recaptcha_token,
+            ), 'https://www.google.com/recaptcha/api/siteverify'));
+            $body = wp_remote_retrieve_body($response);
+            $result = json_decode($body);
+
+            if (!$result->success || $result->score < 0.5) {
+                wp_send_json_error(
+                    array(
+                        'success' => false,
+                        'message' => __('Incorrect email or password.', APP_THEME_LOCALE),
+                        'result' => $result,
+                    ),
+                    400
+                );
+            }
+        }
+    }
+}
@@ -2,18 +2,22 @@
 
 namespace App\Hooks\Auth;
 
+use App\Features\Recaptcha;
 use App\Hooks\Queue\Post;
 use Ramsey\Uuid\Uuid;
 use Roots\WPConfig\Config;
 use Timber\Timber;
 use function Env\env;
 
 class Ajax {
+    use Recaptcha;
     public static function sign_in(): void {
         if (!defined('DOING_AJAX') || !DOING_AJAX) {
             wp_send_json_error(array('message' => __('Invalid request.', APP_THEME_LOCALE)));
         }
 
+        self::validate_recaptcha();
+
         $email = isset($_POST['email']) ? sanitize_email($_POST['email']) : '';
         $password = $_POST['password'] ?? '';
         $remember_me = !!$_POST['remember_me'];
@@ -22,8 +26,6 @@ public static function sign_in(): void {
             wp_send_json_error(array('message' => __('Email and password are required.', APP_THEME_LOCALE)));
         }
 
-        app_log('sign_in: testing');
-
         $userdata = get_user_by('email', $email);
 
         if (!$userdata) {
@@ -105,6 +107,8 @@ public static function sign_up(): void {
             ]);
         }
 
+        self::validate_recaptcha();
+
         $email = sanitize_email($_POST['email']);
 
         if (!is_email($email)) {
@@ -203,6 +207,8 @@ public static function forgot_password(): void {
             ]);
         }
 
+        self::validate_recaptcha();
+
         $email = sanitize_email($_POST['email']);
 
         if (!is_email($email)) {
@@ -280,6 +286,8 @@ public static function reset_password(): void {
             ]);
         }
 
+        self::validate_recaptcha();
+
         $key = sanitize_text_field($_POST['key']);
         $email = sanitize_user($_POST['email']);
         $password = $_POST['password'];
 
@@ -2,7 +2,7 @@
 
 namespace App\Hooks\Migrations;
 
-use App\Traits\Migrate;
+use App\Features\Migrate;
 
 class Cron {
     use Migrate;
 
@@ -2,39 +2,78 @@
 
 namespace App\Hooks;
 
+use Roots\WPConfig\Config;
+use Timber\Timber;
+
 class Security {
-	public static function init() : void {
+    public static function init(): void {
         add_action('rest_api_init', self::cors_headers(...));
+        add_action('wp_head', array(Security::class, 'add_recaptcha'));
 
         remove_action('wp_head', 'rest_output_link_wp_head', 10);
         remove_action('wp_head', 'wp_oembed_add_discovery_links', 10);
         remove_action('template_redirect', 'rest_output_link_header', 10);
 
-        remove_action( 'admin_init', '_maybe_update_core' );
-        remove_action( 'wp_version_check', 'wp_version_check' );
+        remove_action('admin_init', '_maybe_update_core');
+        remove_action('wp_version_check', 'wp_version_check');
 
-        remove_action( 'load-plugins.php', 'wp_update_plugins' );
-        remove_action( 'load-update.php', 'wp_update_plugins' );
-        remove_action( 'load-update-core.php', 'wp_update_plugins' );
-        remove_action( 'admin_init', '_maybe_update_plugins' );
-        remove_action( 'wp_update_plugins', 'wp_update_plugins' );
+        remove_action('load-plugins.php', 'wp_update_plugins');
+        remove_action('load-update.php', 'wp_update_plugins');
+        remove_action('load-update-core.php', 'wp_update_plugins');
+        remove_action('admin_init', '_maybe_update_plugins');
+        remove_action('wp_update_plugins', 'wp_update_plugins');
 
-        remove_action( 'load-themes.php', 'wp_update_themes' );
-        remove_action( 'load-update.php', 'wp_update_themes' );
-        remove_action( 'load-update-core.php', 'wp_update_themes' );
-        remove_action( 'admin_init', '_maybe_update_themes' );
-        remove_action( 'wp_update_themes', 'wp_update_themes' );
+        remove_action('load-themes.php', 'wp_update_themes');
+        remove_action('load-update.php', 'wp_update_themes');
+        remove_action('load-update-core.php', 'wp_update_themes');
+        remove_action('admin_init', '_maybe_update_themes');
+        remove_action('wp_update_themes', 'wp_update_themes');
 
-        remove_action( 'update_option_WPLANG', 'wp_clean_update_cache', 10, 0 );
-        remove_action( 'wp_maybe_auto_update', 'wp_maybe_auto_update' );
-        remove_action( 'init', 'wp_schedule_update_checks' );
-        remove_action( 'wp_delete_temp_updater_backups', 'wp_delete_all_temp_backups' );
-	}
+        remove_action('update_option_WPLANG', 'wp_clean_update_cache', 10, 0);
+        remove_action('wp_maybe_auto_update', 'wp_maybe_auto_update');
+        remove_action('init', 'wp_schedule_update_checks');
+        remove_action('wp_delete_temp_updater_backups', 'wp_delete_all_temp_backups');
+    }
 
-    public static function cors_headers() : void {
+    public static function cors_headers(): void {
         header("Access-Control-Allow-Origin: https://*.modycloud.test");
         header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
         header("Access-Control-Allow-Headers: Authorization, Content-Type");
         header("Access-Control-Allow-Credentials: true");
     }
+
+    public static function add_recaptcha(): void {
+        if ( is_singular() ) {
+            global $post;
+            $blocks = parse_blocks( $post->post_content );
+            if( $blocks && is_array( $blocks ) ){
+
+                $add_script = function() {
+                    $recaptcha_site_key = Config::get('RECAPTCHA_KEY');
+                    $recaptcha_site_secret = Config::get('RECAPTCHA_SECRET');
+
+                    if(!$recaptcha_site_key || !$recaptcha_site_secret) {
+                        return;
+                    }
+
+                    echo Timber::compile('@app/components/tags/script.twig', [
+                        'src' => add_query_arg([
+                            'render' => $recaptcha_site_key,
+                        ], 'https://www.google.com/recaptcha/api.js'),
+                        'defer' => true,
+                    ]);
+                };
+
+                $protected_pages = array(
+                    'app/auth'
+                );
+                foreach( $blocks as $block ){
+                    if( in_array($block['blockName'], $protected_pages )){
+                        $add_script();
+                        return;
+                    }
+                }
+            }
+        }
+    }
 }
@@ -2,7 +2,7 @@
 
 namespace App\Hooks\Sites;
 
-use App\Traits\Migrate;
+use App\Features\Migrate;
 
 class Routes {
     use Migrate;
 
@@ -183,9 +183,12 @@ function app_get_subdomain(): string
 Config::define('APP_PROTOCOL', env('APP_PROTOCOL') ?? 'http://');
 Config::define('APP_PATH', $root_dir . '/app');
 Config::define('APP_THEME_DOMAIN', 'app');
+Config::define('APP_MAIN_API_USER', env('APP_MAIN_API_USER'));
+Config::define('APP_MAIN_API_KEY', env('APP_MAIN_API_KEY'));
 
 Config::define('ROOT_DIR', $webroot_dir);
 Config::define('SRC_PATH', $root_dir . '/resources');
+define('SRC_PATH', $root_dir . '/resources');
 Config::define('LOGS_PATH', $root_dir . '/logs');
 
 Config::define('MC_SITES_PATH', __DIR__ . '/sites');
@@ -196,8 +199,6 @@ function app_get_subdomain(): string
 Config::define('MC_MIGRATIONS_PATH', $root_dir . '/app/migrations');
 Config::define('MC_PLUGINS_PATH', $webroot_dir . '/content/plugins');
 Config::define('MC_APP_PASSWD_NAME', 'app.passwd.mody.cloud');
-Config::define('APP_MAIN_API_USER', env('APP_MAIN_API_USER'));
-Config::define('APP_MAIN_API_KEY', env('APP_MAIN_API_KEY'));
 
 Config::define('DEFAULT_DB_HOST', '127.0.0.1');
 Config::define('CHILD_SITE', env('CHILD_SITE') ?? false);
@@ -209,6 +210,9 @@ function app_get_subdomain(): string
 
 Config::define('SPACE_NAME', env('SPACE_NAME') ?? null);
 Config::define('APP_CHILD_SITES_TOKEN', env('APP_CHILD_SITES_TOKEN') ?? null);
+
+Config::define('RECAPTCHA_KEY', env('RECAPTCHA_KEY') ?? null);
+Config::define('RECAPTCHA_SECRET', env('RECAPTCHA_SECRET') ?? null);
 /**
  * Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer
  * See https://codex.wordpress.org/Function_Reference/is_ssl#Notes
 
@@ -1,7 +1,15 @@
 const path = require('path');
 const defaults = require('@wordpress/scripts/config/webpack.config.js');
+const webpack = require('webpack')
+const dotenv = require('dotenv')
 
-module.exports = {
+const env = dotenv.config().parsed
+const envKeys = Object.keys(env).reduce((prev, next) => {
+    prev[`process.env.${next}`] = JSON.stringify(env[next])
+    return prev
+}, {})
+
+module.exports = (env) => ({
     ...defaults,
     entry: {
         'app': path.resolve(process.cwd(), 'resources/scripts', 'app.js'),
@@ -45,5 +53,9 @@ module.exports = {
                 },
             },
         ]
-    }
-};
+    },
+    plugins: [
+        ...defaults.plugins,
+        new webpack.DefinePlugin(envKeys)
+    ]
+});
@@ -32,6 +32,7 @@
     "aos": "^2.3.4",
     "babel-loader": "^9.2.1",
     "css-loader": "^7.1.2",
+    "dotenv": "^16.4.7",
     "gettext-parser": "^8.0.0",
     "glob": "^11.0.1",
     "react-router-dom": "^7.1.1",