Setup cloudflare turnstile support (#268)

* Setup cloudflare turnstile support

* Fix staging vs prod build

* Fix coderabbit

Author: devksingh4

.env.development

@@ -2,4 +2,5 @@ NEXT_PUBLIC_RUN_ENV=dev
 NEXT_PUBLIC_TICKETING_BASE_URL='https://xclhkh0duc.execute-api.us-east-1.amazonaws.com/default'
 NEXT_PUBLIC_MEMBERSHIP_BASE_URL='https://infra-membership-api.aws.qa.acmuiuc.org'
 NEXT_PUBLIC_MERCH_API_BASE_URL='https://merchapi.acm.illinois.edu'
-NEXT_PUBLIC_EVENTS_API_BASE_URL='https://core.aws.qa.acmuiuc.org'
+NEXT_PUBLIC_CORE_API_BASE_URL='https://core.aws.qa.acmuiuc.org'
+NEXT_PUBLIC_TURNSTILE_SITE_KEY='1x00000000000000000000AA'

.env.production .env.prod.env.production renamed to .env.prod

@@ -2,4 +2,5 @@ NEXT_PUBLIC_RUN_ENV=prod
 NEXT_PUBLIC_TICKETING_BASE_URL='https://ticketing.aws.acmuiuc.org'
 NEXT_PUBLIC_MEMBERSHIP_BASE_URL='https://infra-membership-api.aws.acmuiuc.org'
 NEXT_PUBLIC_MERCH_API_BASE_URL='https://merchapi.acm.illinois.edu'
-NEXT_PUBLIC_EVENTS_API_BASE_URL='https://core.acm.illinois.edu'
+NEXT_PUBLIC_CORE_API_BASE_URL='https://core.acm.illinois.edu'
+NEXT_PUBLIC_TURNSTILE_SITE_KEY='0x4AAAAAACLtNvWF7VjCKZfe'

.env.staging

@@ -2,4 +2,5 @@ NEXT_PUBLIC_RUN_ENV=dev
 NEXT_PUBLIC_TICKETING_BASE_URL='https://xclhkh0duc.execute-api.us-east-1.amazonaws.com/default'
 NEXT_PUBLIC_MEMBERSHIP_BASE_URL='https://infra-membership-api.aws.qa.acmuiuc.org'
 NEXT_PUBLIC_MERCH_API_BASE_URL='https://merchapi.acm.illinois.edu'
-NEXT_PUBLIC_EVENTS_API_BASE_URL='https://core.acm.illinois.edu'
+NEXT_PUBLIC_CORE_API_BASE_URL='https://core.acm.illinois.edu'
+NEXT_PUBLIC_TURNSTILE_SITE_KEY='1x00000000000000000000AA'

.github/workflows/deploy.yml

@@ -37,7 +37,12 @@ jobs:
         run: yarn -D
 
       - name: Build website
-        run: yarn build
+        run: |
+          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
+            yarn build:prod
+          else
+            yarn build:staging
+          fi
 
       - name: Deploy to Cloudflare
         id: deploy

package.json

@@ -6,8 +6,10 @@
   "scripts": {
     "dev": "next dev",
     "start": "yarn dev",
-    "dev:events": "cross-env NEXT_PUBLIC_EVENTS_API_BASE_URL=https://infra-events-api.aws.qa.acmuiuc.org && next dev",
-    "build": "next build && cp src/_redirects build/_redirects",
+    "build:dev": "env-cmd -f .env.development next build && yarn postbuild",
+    "build:prod": "env-cmd -f .env.prod next build && yarn postbuild",
+    "build:staging": "env-cmd -f .env.staging next build && yarn postbuild",
+    "postbuild": "cp src/_redirects build/_redirects",
     "serve": "serve build",
     "lint": "next lint",
     "storybook": "storybook dev -p 6006",
@@ -19,6 +21,7 @@
     "@azure/msal-browser": "^4.15.0",
     "@azure/msal-react": "^3.0.15",
     "@heroui/react": "2.7.6",
+    "@marsidev/react-turnstile": "^1.4.1",
     "axios": "^0.28.0",
     "framer-motion": "^10.17.9",
     "lottie-react": "^2.3.1",
@@ -47,6 +50,7 @@
     "@types/react-dom": "^18",
     "autoprefixer": "^10.4.16",
     "cross-env": "^7.0.3",
+    "env-cmd": "^11.0.0",
     "eslint": "^8",
     "eslint-config-next": "^14.2.5",
     "eslint-config-prettier": "^10.1.2",
@@ -63,4 +67,4 @@
     "jackspeak": "2.1.1"
   },
   "packageManager": "yarn@1.22.19"
-}
+}

src/app/(main)/calendar/page.tsx

@@ -33,7 +33,7 @@ const Calendar = () => {
   const [validOrganizations, setValidOrganizations] =
     useState<string[]>(OrganizationList);
   useEffect(() => {
-    const baseurl = process.env.NEXT_PUBLIC_EVENTS_API_BASE_URL;
+    const baseurl = process.env.NEXT_PUBLIC_CORE_API_BASE_URL;
     if (!baseurl) {
       return setAllEvents([]);
     }

src/app/(membership)/admin/sync/page.tsx

@@ -30,7 +30,6 @@ interface ErrorCode {
   message: string;
 }
 
-const baseUrl = process.env.NEXT_PUBLIC_EVENTS_API_BASE_URL;
 const WrappedSync = () => {
   return (
     <Suspense>

src/app/(membership)/check-membership/page.tsx

@@ -31,14 +31,8 @@ interface ErrorCode {
   message: string;
 }
 
-enum InputStatus {
-  EMPTY,
-  INVALID,
-  VALID,
-}
-
-const baseUrl = process.env.NEXT_PUBLIC_EVENTS_API_BASE_URL;
-const walletApiBaseUrl = process.env.NEXT_PUBLIC_EVENTS_API_BASE_URL;
+const baseUrl = process.env.NEXT_PUBLIC_CORE_API_BASE_URL;
+const walletApiBaseUrl = process.env.NEXT_PUBLIC_CORE_API_BASE_URL;
 
 const Payment = () => {
   const [netId, setNetId] = useState('');

src/app/(membership)/membership/page.tsx

@@ -38,7 +38,7 @@ enum InputStatus {
   VALID,
 }
 
-const baseUrl = process.env.NEXT_PUBLIC_EVENTS_API_BASE_URL;
+const baseUrl = process.env.NEXT_PUBLIC_CORE_API_BASE_URL;
 const WrappedPayment = () => {
   return (
     <Suspense>

src/app/(membership)/merch/page.tsx

@@ -25,6 +25,7 @@ import Layout from '../MembershipLayout';
 import { IPublicClientApplication, AccountInfo } from '@azure/msal-browser';
 import { getUserAccessToken, initMsalClient } from '@/utils/msal';
 import { syncIdentity } from '@/utils/api';
+import { Turnstile } from '@marsidev/react-turnstile';
 
 const decimalHelper = (num: number) => {
   if (Number.isInteger(num)) {
@@ -47,7 +48,11 @@ enum InputStatus {
 }
 
 const baseUrl = process.env.NEXT_PUBLIC_MERCH_API_BASE_URL;
-const coreBaseUrl = process.env.NEXT_PUBLIC_EVENTS_API_BASE_URL;
+const coreBaseUrl = process.env.NEXT_PUBLIC_CORE_API_BASE_URL;
+const turnstileSiteKey = process.env.NEXT_PUBLIC_TURNSTILE_SITE_KEY;
+if (!turnstileSiteKey) {
+  throw new Error("Turnstile site key missing.")
+}
 
 const WrappedMerchItem = () => {
   return (
@@ -61,6 +66,7 @@ const MerchItem = () => {
   const itemid = useSearchParams().get('id') || '';
   const [merchList, setMerchList] = useState<Record<string, any>>({});
   const [pca, setPca] = useState<IPublicClientApplication | null>(null);
+  const [token, setToken] = React.useState<string>()
 
   // Form State
   const [email, setEmail] = useState('');
@@ -79,6 +85,14 @@ const MerchItem = () => {
 
   const modalErrorMessage = useDisclosure();
   const [errorMessage, setErrorMessage] = useState<ErrorCode | null>(null);
+  const clearTurnstileToken = () => setToken(undefined);
+  const turnstileWidget = (id: string) => <Turnstile
+    id={id}
+    siteKey={turnstileSiteKey}
+    onSuccess={setToken}
+    onExpire={clearTurnstileToken}
+    onError={clearTurnstileToken}
+  />;
 
   useEffect(() => {
     (async () => {
@@ -243,27 +257,48 @@ const MerchItem = () => {
     if (!pca) {
       setErrorMessage({ code: 403, message: 'Authentication service is not initialized.' });
       modalErrorMessage.onOpen();
+      setIsLoading(false);
+      return;
+    }
+
+    if (!token) {
+      setErrorMessage({ code: 400, message: 'Please complete the security verification.' });
+      modalErrorMessage.onOpen();
+      setIsLoading(false);
       return;
     }
 
     const accessToken = await getUserAccessToken(pca);
     if (!accessToken) {
       setErrorMessage({ code: 403, message: 'Failed to retrieve authentication token.' });
       modalErrorMessage.onOpen();
+      setIsLoading(false);
       return;
     }
 
     await syncIdentity(accessToken);
 
     const url = `${baseUrl}/api/v1/checkout/session?itemid=${itemid}&size=${size}&quantity=${quantity}`;
-    axios.get(url, { headers: { 'x-uiuc-token': accessToken } })
+    axios.get(url, {
+      headers: {
+        'x-uiuc-token': accessToken,
+        'x-turnstile-token': token,
+      }
+    })
       .then(response => window.location.replace(response.data))
       .catch(handleApiError);
   };
 
   const purchaseHandler = async () => {
     setIsLoading(true);
 
+    if (!token) {
+      setErrorMessage({ code: 400, message: 'Please complete the security verification.' });
+      modalErrorMessage.onOpen();
+      setIsLoading(false);
+      return;
+    }
+
     if (selectedTab === 'illinois') {
       if (!pca || !user) {
         setErrorMessage({ code: 403, message: 'You must be logged in to purchase with Illinois Checkout.' });
@@ -275,7 +310,11 @@ const MerchItem = () => {
     } else { // Guest flow
       // Non-Illinois email, use guest checkout
       const url = `${baseUrl}/api/v1/checkout/session?itemid=${itemid}&size=${size}&quantity=${quantity}&email=${email}`;
-      axios.get(url) // No auth token needed
+      axios.get(url, {
+        headers: {
+          'x-turnstile-token': token,
+        }
+      })
         .then(response => window.location.replace(response.data))
         .catch(handleApiError);
     }
@@ -431,6 +470,7 @@ const MerchItem = () => {
                           color={inputQuantityStatus === InputStatus.INVALID ? 'danger' : 'default'}
                           errorMessage={inputQuantityStatus === InputStatus.INVALID && 'Invalid Quantity'}
                         />
+                        {turnstileWidget('wid1')}
                         <Button
                           color="primary" size="lg"
                           isDisabled={!isFormValidated || isLoading || totalCapacity() === 0}
@@ -479,6 +519,7 @@ const MerchItem = () => {
                       color={inputQuantityStatus === InputStatus.INVALID ? 'danger' : 'default'}
                       errorMessage={inputQuantityStatus === InputStatus.INVALID && 'Invalid Quantity'}
                     />
+                    {turnstileWidget('wid2')}
                     <Button
                       color="primary" size="lg"
                       isDisabled={!isFormValidated || isLoading || totalCapacity() === 0}