School subscription captcha first iteration

errors/errors.go

@@ -53,4 +53,9 @@ var (
 		TemplateName: "error_questions_order_is_empty",
 		Err:          errors.New(i18n.Errors["questionsOrderIsEmpty"]["it"]),
 	}
+
+	WrongCaptcha = &Error{
+		TemplateName: "error_wrong_captcha",
+		Err:          errors.New(i18n.Errors["wrongCaptcha"]["it"]),
+	}
 )

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/auth0/go-jwt-middleware v0.0.0-20190805220309-36081240882b
 	github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b // indirect
 	github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee // indirect
+	github.com/dchest/captcha v0.0.0-20170622155422-6a29415a8364
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dgryski/go-gk v0.0.0-20140819190930-201884a44051 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
@@ -44,6 +45,7 @@ require (
 	golang.org/x/image v0.0.0-20200119044424-58c23975cae1 // indirect
 	golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa // indirect
 	golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 // indirect
+	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/russross/blackfriday.v2 v2.0.0
 	gopkg.in/yaml.v2 v2.2.4

go.sum

@@ -33,6 +33,8 @@ github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee h1:BnPxIde0gjtTnc9
 github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/captcha v0.0.0-20170622155422-6a29415a8364 h1:U+BMqUt8LFgyrF0/NKgPZdr1sGZ3j6uBECpOGcISpFI=
+github.com/dchest/captcha v0.0.0-20170622155422-6a29415a8364/go.mod h1:QGrK8vMWWHQYQ3QU9bw9Y9OPNfxccGzfb41qjvVeXtY=
 github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3 h1:tkum0XDgfR0jcVVXuTsYv/erY2NnEDqwRojbxR1rBYA=
 github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
@@ -273,6 +275,7 @@ google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1 h1:QzqyMA1tlu6CgqCDUtU9V+ZKhLFT2dkJuANu5QaxI3I=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -286,6 +289,8 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
+gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

handlers/handlers.go

@@ -22,6 +22,8 @@ import (
 	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
+
+	"github.com/dchest/captcha"
 )
 
 type handlerFuncWithError func(http.ResponseWriter, *http.Request) error
@@ -175,6 +177,10 @@ func NewHandlers(config *config.ConfigT, renderer map[string]renderer.Renderer,
 
 	r.Handle("/subscribe", handlers.Login(handlers.Database, handlers.CookieStore, []byte(config.Keys.JWTSigningKey)))
 
+	// Captcha
+
+	r.Handle("/captcha/{img}", captcha.Server(captcha.StdWidth, captcha.StdHeight))
+
 	// Home
 
 	r.Handle("/", handlers.JWTCookieMiddleware.Handler(handlers.Recover(handlers.Home())))

i18n/i18n.go

@@ -44,5 +44,8 @@ var (
 		"categoryExists": map[string]string{
 			"it": "Esiste già un partecipante di questa categoria.",
 		},
+		"wrongCaptcha": map[string]string{
+			"it": "Il numero inserito non corrisponde all'immagine.",
+		},
 	}
 )

orm/school.go

@@ -9,6 +9,7 @@ import (
 	"git.andreafazzi.eu/andrea/oef/errors"
 	"git.andreafazzi.eu/andrea/oef/mail"
 	"git.andreafazzi.eu/andrea/oef/renderer"
+	"github.com/dchest/captcha"
 	"github.com/jinzhu/gorm"
 )
 
@@ -63,6 +64,9 @@ type School struct {
 	SelectedRegion map[uint]string `gorm:"-"`
 	AllRegions     []*Region       `gorm:"-"`
 
+	CaptchaID       string `gorm:"-",schema:"-"`
+	CaptchaSolution string `gorm:"-",schema:"-"`
+
 	mailSender *mail.MailSender
 }
 
@@ -175,6 +179,11 @@ func (model *School) Create(db *Database, args map[string]string, w http.Respons
 
 		return school, nil
 	} else {
+		if isSubscriber(r) {
+			if !captcha.VerifyString(r.FormValue("CaptchaID"), r.FormValue("CaptchaSolution")) {
+				return nil, errors.WrongCaptcha
+			}
+		}
 		school := new(School)
 		err := renderer.Decode(school, r)
 		if err != nil {

renderer/funcmap.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"git.andreafazzi.eu/andrea/oef/i18n"
+	"github.com/dchest/captcha"
 	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/jinzhu/inflection"
 	yml "gopkg.in/yaml.v2"
@@ -26,6 +27,7 @@ const (
 
 var (
 	funcMap = template.FuncMap{
+		"genCaptcha":     genCaptcha,
 		"markdown":       markdown,
 		"version":        version,
 		"toInt":          toInt,
@@ -72,6 +74,10 @@ var (
 	}
 )
 
+func genCaptcha() string {
+	return captcha.New()
+}
+
 func markdown(text string) string {
 	unsafe := blackfriday.Run([]byte(text))
 	return string(bluemonday.UGCPolicy().SanitizeBytes(unsafe))

src/index.js

@@ -1,5 +1,6 @@
 import './style.css'
 
+
 $(function () {
 
     setInterval(function() {
@@ -12,6 +13,12 @@ $(function () {
 	$("#timeleft").html(timeleft)
     }, 1000);
 
+    $("#reloadCaptcha").on("click",function(eventObject) {
+	image = eventObject.currentTarget;
+	
+	setSrcQuery(document.getElementById('image'), "reload=" + (new Date()).getTime());
+    });
+    
     $("#myInput").on("keyup", function(eventObject) {
 	
 	var input, filter, ul, li, a, i;

templates/error_category_exists.html.tpl

@@ -1,4 +1,4 @@
 {{ define "content" }}
-{{$options := `title: "Errore nella creazione/aggiornamento di un partecipante"`}}
+{{$options := `title: "Errore durante l'iscrizione della scuola"`}}
 {{template "error" dict "options" ($options|yaml) "data" .Data}}
 {{end}}

templates/error_wrong_captcha.html.tpl

@@ -0,0 +1,4 @@
+{{ define "content" }}
+{{$options := `title: "Errore durante l'iscrizione di una scuola"`}}
+{{template "error" dict "options" ($options|yaml) "data" .Data}}
+{{end}}

templates/schools_add_update.html.tpl

@@ -102,6 +102,17 @@
   </div>
   
   {{if .Claims|isSubscriber}}
+  {{$captcha := genCaptcha}}
+  <div class="form-group">
+    <img class="border" id="captcha_img" src="/captcha/{{$captcha}}.png" alt="Immagine CAPTCHA">
+    <button type="button" onclick="reload()" class="btn btn-outline-success"><i class="fa fa-redo"></i></button>
+  </div>
+  <div class="form-group">
+    {{$options := ` { name: "CaptchaSolution",id: "school_captcha_solution",placeholder: "Inserire i numeri visualizzati nell'immagine",type: "text",required: "true"} `}}
+    {{template "input" dict "options" ($options|yaml)}}
+    <input type="hidden" name="CaptchaID" value="{{$captcha}}">
+  </div>
+  
   {{$options := ` { saveTitle: "Invia iscrizione", model: "School" } `}} 
   {{template "submit_cancel_buttons" dict "options" ($options|yaml) "id" (.Data|field "ID") "update" $update}}
   {{else}}
@@ -115,5 +126,21 @@
 
   </form>
 
+<script>
+  function setSrcQuery(e, q) {
+      var src  = e.src;
+      var p = src.indexOf('?');
+      if (p >= 0) {
+	  src = src.substr(0, p);
+      }
+      e.src = src + "?" + q
+  }
+
+  function reload() {
+      setSrcQuery(document.getElementById('captcha_img'), "reload=" + (new Date()).getTime());
+      return false;
+  }
+</script>
+
 </div>
 {{ end }}