recaptcha.refactoring

Author: seebi

simon_aksw_org/recaptcha.py

@@ -0,0 +1,33 @@
+"""Re-Captcha v2 validation"""
+
+import httpx
+from pydantic import BaseModel
+
+API_VERIFY_URL = "https://www.google.com/recaptcha/api/siteverify"
+
+
+class ValidationResponse(BaseModel):
+    """Response Token Validation Response
+
+    {'success': True, 'challenge_ts': '2026-03-08T21:48:08Z', 'hostname': 'localhost'}
+    """
+
+    success: bool
+
+
+class ResponseToken:
+    """Response token"""
+
+    def __init__(self, token: str, secret_key: str):
+        self.token = token
+        self.secret_key = secret_key
+
+    async def is_valid(self) -> bool:
+        """Check if response token is valid"""
+        async with httpx.AsyncClient() as client:
+            response = await client.post(
+                url=API_VERIFY_URL,
+                data={"secret": self.secret_key, "response": self.token},
+            )
+        validation = ValidationResponse(**response.json())
+        return validation.success

simon_aksw_org/routers/home.py

@@ -5,9 +5,10 @@
 import httpx
 from fastapi import APIRouter, Form
 from starlette.requests import Request
-from starlette.responses import HTMLResponse, RedirectResponse, Response
+from starlette.responses import HTMLResponse
 
 from simon_aksw_org.messages import get_messages, save_message
+from simon_aksw_org.recaptcha import ResponseToken
 from simon_aksw_org.settings import Settings, get_settings
 
 
@@ -35,10 +36,9 @@ async def homepage(request: Request) -> HTMLResponse:
     """Homepage"""
     settings = get_settings()
     context = PageContext(settings)
-    response: HTMLResponse = settings.templates.TemplateResponse(
+    return settings.templates.TemplateResponse(
         request=request, name="home.html", context={"context": context}
     )
-    return response
 
 
 @router.post("/", include_in_schema=False)
@@ -47,25 +47,22 @@ async def submit_statement(
     name: Annotated[str, Form()],
     message: Annotated[str, Form()],
     g_recaptcha_response: Annotated[str, Form(alias="g-recaptcha-response")] = "",
-) -> Response:
+) -> HTMLResponse:
     """Process condolence form submission"""
     settings = get_settings()
+    settings.logger.info(f"{name} submitted a message ... captcha: {g_recaptcha_response}")
+    context = PageContext(settings)
+    response_token = ResponseToken(
+        token=g_recaptcha_response, secret_key=settings.recaptcha_secret_key.get_secret_value()
+    )
 
-    async with httpx.AsyncClient() as client:
-        resp = await client.post(
-            "https://www.google.com/recaptcha/api/siteverify",
-            data={
-                "secret": settings.recaptcha_secret_key.get_secret_value(),
-                "response": g_recaptcha_response,
-            },
-        )
-    if not resp.json().get("success"):
-        context = PageContext(
-            settings, error="reCAPTCHA-Überprüfung fehlgeschlagen. Bitte versuchen Sie es erneut."
-        )
-        return settings.templates.TemplateResponse(
-            request=request, name="home.html", context={"context": context}, status_code=400
-        )
+    if await response_token.is_valid():
+        save_message(name=name, text=message, data_dir=settings.data_dir)
+        status_code = httpx.codes.CREATED
+    else:
+        context.error = "reCAPTCHA validation failed"
+        status_code = httpx.codes.BAD_REQUEST
 
-    save_message(name=name, text=message, data_dir=settings.data_dir)
-    return RedirectResponse(url="/", status_code=303)
+    return settings.templates.TemplateResponse(
+        request=request, name="home.html", context={"context": context}, status_code=status_code
+    )