updated app for captcha

bin/slackin

@@ -24,8 +24,9 @@ var flags = args.parse(process.argv, {
 var org = args.sub[0] || process.env.SLACK_SUBDOMAIN
 var token = args.sub[1] || process.env.SLACK_API_TOKEN
 
-var gcaptcha_secret = args.sub[2] || process.env.SLACK_SUBDOMAIN
-var gcaptcha_sitekey = args.sub[3] || process.env.SLACK_API_TOKEN
+var gcaptcha_secret = args.sub[2] || process.env.GOOGLE_CAPTCHA_SECRET
+var gcaptcha_sitekey = args.sub[3] || process.env.GOOGLE_CAPTCHA_SITEKEY
+
 
 
 if (flags.help) {
@@ -45,7 +46,6 @@ var port = flags.port
 var hostname = flags.hostname
 
 slackin(flags).listen(port, hostname, function (err) {
-  console.log("FLAGS: ", flags);
   if (err) throw err
   if (!flags.silent) console.log('%s – listening on %s:%d', new Date, hostname, port)
 })

dist/index.js

@@ -31,6 +31,10 @@ var _cors = require('cors');
 
 var _cors2 = _interopRequireDefault(_cors);
 
+var _superagent = require('superagent');
+
+var _superagent2 = _interopRequireDefault(_superagent);
+
 var _slack = require('./slack');
 
 var _slack2 = _interopRequireDefault(_slack);
@@ -58,12 +62,16 @@ var _log2 = _interopRequireDefault(_log);
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
 // our code
-// es6 runtime requirements
+
+
+// their code
 function slackin(_ref) {
   var token = _ref.token;
   var _ref$interval = _ref.interval;
   var interval = _ref$interval === undefined ? 5000 : _ref$interval;
   var org = _ref.org;
+  var gcaptcha_secret = _ref.gcaptcha_secret;
+  var gcaptcha_sitekey = _ref.gcaptcha_sitekey;
   var css = _ref.css;
   var coc = _ref.coc;
   var _ref$cors = _ref.cors;
@@ -77,6 +85,8 @@ function slackin(_ref) {
   // must haves
   if (!token) throw new Error('Must provide a `token`.');
   if (!org) throw new Error('Must provide an `org`.');
+  if (!gcaptcha_secret) throw new Error('Must provide a `gcaptcha_secret`.');
+  if (!gcaptcha_sitekey) throw new Error('Must provide an `gcaptcha_sitekey`.');
 
   if (channels) {
     // convert to an array
@@ -123,7 +133,7 @@ function slackin(_ref) {
     var total = _slack$users.total;
 
     if (!name) return res.send(404);
-    var page = (0, _vd2.default)('html', (0, _vd2.default)('head', (0, _vd2.default)('title', 'Join ', name, ' on Slack!'), (0, _vd2.default)('meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,user-scalable=no"'), (0, _vd2.default)('link rel="shortcut icon" href=https://slack.global.ssl.fastly.net/272a/img/icons/favicon-32.png'), css && (0, _vd2.default)('link rel=stylesheet', { href: css })), (0, _splash2.default)({ coc: coc, path: path, css: css, name: name, org: org, logo: logo, channels: channels, active: active, total: total }));
+    var page = (0, _vd2.default)('html', (0, _vd2.default)('head', (0, _vd2.default)('title', 'Join ', name, ' on Slack!'), (0, _vd2.default)("script src=https://www.google.com/recaptcha/api.js"), (0, _vd2.default)('meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,user-scalable=no"'), (0, _vd2.default)('link rel="shortcut icon" href=https://slack.global.ssl.fastly.net/272a/img/icons/favicon-32.png'), css && (0, _vd2.default)('link rel=stylesheet', { href: css })), (0, _splash2.default)({ coc: coc, path: path, css: css, name: name, org: org, logo: logo, channels: channels, active: active, total: total, gcaptcha_sitekey: gcaptcha_sitekey }));
     res.type('html');
     res.send(page.toHTML());
   });
@@ -165,11 +175,16 @@ function slackin(_ref) {
     }
 
     var email = req.body.email;
+    var captcha_response = req.body.captcha_response;
 
     if (!email) {
       return res.status(400).json({ msg: 'No email provided' });
     }
 
+    if (captcha_response == undefined || !captcha_response.length) {
+      return res.status(400).send({ msg: 'Invalid captcha' });
+    }
+
     if (!(0, _emailRegex2.default)().test(email)) {
       return res.status(400).json({ msg: 'Invalid email' });
     }
@@ -178,17 +193,46 @@ function slackin(_ref) {
       return res.status(400).json({ msg: 'Agreement to CoC is mandatory' });
     }
 
-    (0, _slackInvite2.default)({ token: token, org: org, email: email, channel: chanId }, function (err) {
+    /////////////////////////////////////////////////////////////////////////
+
+
+    var captcha_data = {
+      secret: gcaptcha_secret,
+      response: captcha_response,
+      remoteip: req.connection.remoteAddress
+    };
+
+    var captcha_callback = function captcha_callback(err, resp) {
+
       if (err) {
-        if (err.message === 'Sending you to Slack...') {
-          return res.status(303).json({ msg: err.message, redirectUrl: 'https://' + org + '.slack.com' });
-        }
+        return res.status(400).send({ msg: err });
+      } else {
+
+        if (resp.body.success) {
+
+          var _chanId = slack.channel ? slack.channel.id : null;
+
+          (0, _slackInvite2.default)({ token: token, org: org, email: email, channel: _chanId }, function (err) {
+            if (err) {
+              if (err.message === 'Sending you to Slack...') {
+                return res.status(303).json({ msg: err.message, redirectUrl: 'https://' + org + '.slack.com' });
+              }
+
+              return res.status(400).json({ msg: err.message });
+            }
 
-        return res.status(400).json({ msg: err.message });
+            res.status(200).json({ msg: 'WOOT. Check your email!' });
+          });
+        } else {
+
+          if (err) {
+            return res.status(400).send({ msg: "Captcha check failed" });
+          }
+        }
       }
+    };
 
-      res.status(200).json({ msg: 'WOOT. Check your email!' });
-    });
+    _superagent2.default.post('https://www.google.com/recaptcha/api/siteverify').type('form').send(captcha_data).end(captcha_callback);
   });
 
   // iframe
@@ -239,6 +283,4 @@ function slackin(_ref) {
   });
 
   return srv;
-}
-
-// their code
+} // es6 runtime requirements

dist/splash.js

@@ -22,6 +22,7 @@ function splash(_ref) {
   var channels = _ref.channels;
   var large = _ref.large;
   var iframe = _ref.iframe;
+  var gcaptcha_sitekey = _ref.gcaptcha_sitekey;
 
   var div = (0, _vd2.default)('.splash', !iframe && (0, _vd2.default)('.logos', logo && (0, _vd2.default)('.logo.org'), (0, _vd2.default)('.logo.slack')), (0, _vd2.default)('p', 'Join ', (0, _vd2.default)('b', name),
   // mention single single-channel inline
@@ -31,7 +32,7 @@ function splash(_ref) {
     return (0, _vd2.default)('option', { value: channel, text: channel });
   }))
   // otherwise a fixed channel
-  : (0, _vd2.default)('input type=hidden name=channel', { value: channels[0] })), (0, _vd2.default)('input.form-item type=email name=email [email protected] ' + (!iframe ? 'autofocus' : '')), coc && (0, _vd2.default)('.coc', (0, _vd2.default)('label', (0, _vd2.default)('input type=checkbox name=coc value=1'), 'I agree to the ', (0, _vd2.default)('a', { href: coc, target: '_blank' }, 'Code of Conduct'), '.')), (0, _vd2.default)('button.loading', 'Get my Invite')), (0, _vd2.default)('p.signin', 'or ', (0, _vd2.default)('a href=https://' + org + '.slack.com target=_top', 'sign in'), '.'), !iframe && (0, _vd2.default)('footer', 'powered by ', (0, _vd2.default)('a href=http://rauchg.com/slackin target=_blank', 'slackin')), style({ logo: logo, active: active, large: large, iframe: iframe }),
+  : (0, _vd2.default)('input type=hidden name=channel', { value: channels[0] })), (0, _vd2.default)('input.form-item type=email name=email [email protected] ' + (!iframe ? 'autofocus' : '')), (0, _vd2.default)('br'), (0, _vd2.default)('div class="g-recaptcha" data-sitekey="' + gcaptcha_sitekey + '"'), coc && (0, _vd2.default)('.coc', (0, _vd2.default)('label', (0, _vd2.default)('input type=checkbox name=coc value=1'), 'I agree to the ', (0, _vd2.default)('a', { href: coc, target: '_blank' }, 'Code of Conduct'), '.')), (0, _vd2.default)('button.loading', 'Get my Invite')), (0, _vd2.default)('p.signin', 'or ', (0, _vd2.default)('a href=https://' + org + '.slack.com target=_top', 'sign in'), '.'), !iframe && (0, _vd2.default)('footer', 'powered by ', (0, _vd2.default)('a href=http://rauchg.com/slackin target=_blank', 'slackin')), style({ logo: logo, active: active, large: large, iframe: iframe }),
   // xxx: single build
   (0, _vd2.default)('script', '\n      data = {};\n      data.path = ' + JSON.stringify(path) + ';\n    '), (0, _vd2.default)('script src=https://cdn.socket.io/socket.io-1.4.4.js'), (0, _vd2.default)('script src=' + path + 'assets/superagent.js'), (0, _vd2.default)('script src=' + path + 'assets/client.js'));
   return div;

lib/index.js

@@ -9,6 +9,7 @@ import { Server as http } from 'http'
 import remail from 'email-regex'
 import dom from 'vd'
 import cors from 'cors'
+import request from 'superagent';
 
 // our code
 import Slack from './slack'
@@ -22,6 +23,8 @@ export default function slackin ({
   token,
   interval = 5000, // jshint ignore:line
   org,
+  gcaptcha_secret,
+  gcaptcha_sitekey,
   css,
   coc,
   cors: useCors = false,
@@ -32,6 +35,8 @@ export default function slackin ({
   // must haves
   if (!token) throw new Error('Must provide a `token`.')
   if (!org) throw new Error('Must provide an `org`.')
+  if (!gcaptcha_secret) throw new Error('Must provide a `gcaptcha_secret`.')
+  if (!gcaptcha_sitekey) throw new Error('Must provide an `gcaptcha_sitekey`.')
 
   if (channels) {
     // convert to an array
@@ -78,11 +83,12 @@ export default function slackin ({
         dom('title',
           'Join ', name, ' on Slack!'
         ),
+        dom("script src=https://www.google.com/recaptcha/api.js"),
         dom('meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,user-scalable=no"'),
         dom('link rel="shortcut icon" href=https://slack.global.ssl.fastly.net/272a/img/icons/favicon-32.png'),
         css && dom('link rel=stylesheet', { href: css })
       ),
-      splash({ coc, path, css, name, org, logo, channels, active, total })
+      splash({ coc, path, css, name, org, logo, channels, active, total, gcaptcha_sitekey})
     )
     res.type('html')
     res.send(page.toHTML())
@@ -124,13 +130,20 @@ export default function slackin ({
     }
 
     let email = req.body.email
+    let captcha_response = req.body.captcha_response;
 
     if (!email) {
       return res
       .status(400)
       .json({ msg: 'No email provided' })
     }
 
+    if(captcha_response == undefined || !captcha_response.length){
+      return res
+      .status(400)
+      .send({ msg: 'Invalid captcha' });
+    }
+
     if (!remail().test(email)) {
       return res
       .status(400)
@@ -143,23 +156,67 @@ export default function slackin ({
       .json({ msg: 'Agreement to CoC is mandatory' })
     }
 
-    invite({ token, org, email, channel: chanId }, err => {
-      if (err) {
-        if (err.message === `Sending you to Slack...`) {
-          return res
-          .status(303)
-          .json({ msg: err.message, redirectUrl: `https://${org}.slack.com` })
-        }
+    /////////////////////////////////////////////////////////////////////////
+
 
+    const captcha_data = {
+      secret: gcaptcha_secret,
+      response: captcha_response,
+      remoteip: req.connection.remoteAddress
+    }
+
+
+    const captcha_callback = (err, resp) => {
+
+      if (err) {
         return res
         .status(400)
-        .json({ msg: err.message })
+        .send({ msg: err });
+
+      }else{
+
+        if(resp.body.success){
+
+          let chanId = slack.channel ? slack.channel.id : null;
+
+          invite({ token, org, email, channel: chanId }, err => {
+            if (err) {
+              if (err.message === `Sending you to Slack...`) {
+                return res
+                .status(303)
+                .json({ msg: err.message, redirectUrl: `https://${org}.slack.com` })
+              }
+
+              return res
+              .status(400)
+              .json({ msg: err.message })
+            }
+
+            res
+            .status(200)
+            .json({ msg: 'WOOT. Check your email!' })
+          });
+
+        }else{
+
+          if (err) {
+            return res
+            .status(400)
+            .send({ msg: "Captcha check failed" });
+          }
+        }
+
       }
 
-      res
-      .status(200)
-      .json({ msg: 'WOOT. Check your email!' })
-    })
+    }
+
+
+    request.post('https://www.google.com/recaptcha/api/siteverify')
+    .type('form')
+    .send(captcha_data)
+    .end(captcha_callback);
+
+
   })
 
   // iframe

lib/splash.js

@@ -1,6 +1,6 @@
 import dom from 'vd'
 
-export default function splash ({ path, name, org, coc, logo, active, total, channels, large, iframe }){
+export default function splash ({ path, name, org, coc, logo, active, total, channels, large, iframe, gcaptcha_sitekey }){
   let div = dom('.splash',
     !iframe && dom('.logos',
       logo && dom('.logo.org'),
@@ -34,6 +34,8 @@ export default function splash ({ path, name, org, coc, logo, active, total, cha
       ),
       dom('input.form-item type=email name=email [email protected] '
         + (!iframe ? 'autofocus' : '')),
+      dom('br'),
+      dom(`div class="g-recaptcha" data-sitekey="${gcaptcha_sitekey}"`),
       coc && dom('.coc',
         dom('label',
           dom('input type=checkbox name=coc value=1'),