verbose captcha logs

.github/workflows/docker.yml

@@ -8,16 +8,16 @@ jobs:
     steps:
       - name: Extract branch name
         shell: bash
-        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
         id: extract_branch
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           push: true
           tags: joystream/faucet:${{ steps.extract_branch.outputs.branch }}

src/app.ts

@@ -96,7 +96,7 @@ app.get('/status', async (req, res) => {
 })
 
 app.post('/register', async (req, res) => {
-  log(`register request for ${req.body.handle} from ${req.ip}`)
+  log(`Register request from=${req.ip} handle=${req.body.handle} captchaToken=${req.body.captchaToken}`)
   metrics.register_attempt.inc(1)
 
   await joy.init
@@ -172,6 +172,7 @@ app.post('/register', async (req, res) => {
     } finally {
       processingRequest.unlock()
       stopTimer()
+      log('request handled')
     }
   })
 })

src/captcha.ts

@@ -1,4 +1,4 @@
-import { error } from './debug'
+import { log, error } from './debug'
 import { HCAPTCHA_ENDPOINT, HCAPTCHA_SECRET } from './config'
 import fetch from 'node-fetch'
 
@@ -10,13 +10,23 @@ export type CaptchaResponse = {
   'error-codes'?: string[] // optional: any error codes
 }
 
+const observedTokens = new Set()
+
 export async function verifyCaptcha(
   token: string
 ): Promise<true | undefined | string[]> {
   if (!HCAPTCHA_SECRET) {
     return true
   }
 
+  log('Verifying Captcha token:', token)
+  if (observedTokens.has(token)) {
+    log('Captcha token already used')
+    return ['token-already-used']
+  } else {
+    observedTokens.add(token)
+  }
+
   const formData = new URLSearchParams()
   formData.append('secret', HCAPTCHA_SECRET)
   formData.append('response', token)
@@ -31,12 +41,14 @@ export async function verifyCaptcha(
     })
     const data = (await response.json()) as CaptchaResponse
     if (data.success) {
+      log('Captcha valid:', data.hostname, data.challenge_ts)
       return true
     } else {
+      log('Captcha invalid:', data['error-codes'])
       return data['error-codes']
     }
   } catch (e) {
     error('Captcha verification error:', e)
-    return ['Unexpected error']
+    return ['unexpected-error']
   }
 }

src/register.ts

@@ -100,17 +100,19 @@ export async function register(
         },
         403
       )
-      log(`Too many failed auth attempts from ${ip}`)
+      log('Too many failed auth attempts from', ip)
       return
     } else {
       authLimiter.clear(`${ip}-auth`)
       canBypass = true
+      log('Request authorized to bypass captcha', ip)
     }
   }
 
   // verify captcha if enabled
   if (HCAPTCHA_ENABLED && !canBypass) {
     if (!captchaToken) {
+      log('No captcha sent with request')
       callback(
         {
           error: 'MissingCaptchaToken',
@@ -121,7 +123,6 @@ export async function register(
     } else {
       const captchaResult = await verifyCaptcha(captchaToken)
       if (captchaResult !== true) {
-        log('captcha verification failed')
         callback(
           {
             error: 'InvalidCaptchaToken',
@@ -140,7 +141,7 @@ export async function register(
   try {
     decodeAddress(account)
   } catch (err) {
-    log('invalid address supplied')
+    log('Invalid address', account)
     callback(
       {
         error: 'InvalidAddress',
@@ -152,6 +153,7 @@ export async function register(
 
   // Ensure nonce = 0 and balance = 0 for account
   if (!(await joy.isFreshAccount(account))) {
+    log('Account is not fresh', account)
     callback(
       {
         error: 'OnlyNewAccountsCanBeUsedForScreenedMembers',
@@ -165,6 +167,7 @@ export async function register(
   const maxHandleLength = new BN(MAX_HANDLE_LENGTH)
 
   if (maxHandleLength.ltn(handle.length)) {
+    log('Handle too long', handle.length)
     callback(
       {
         error: 'HandleTooLong',
@@ -175,6 +178,7 @@ export async function register(
   }
 
   if (minHandleLength.gtn(handle.length)) {
+    log('Handle too short', handle.length)
     callback(
       {
         error: 'HandleTooShort',
@@ -186,7 +190,7 @@ export async function register(
 
   // Ensure handle is unique
   if (await joy.handleIsAlreadyRegistered(handle)) {
-    log('handle already registered')
+    log('Handle already registered')
     callback(
       {
         error: 'HandleAlreadyRegistered',
@@ -247,7 +251,7 @@ export async function register(
     // apply global api call limit
     const wasBlockedGlobal = await globalLimiter.limit(GLOBAL_REGISTER_ID)
     if (wasBlockedGlobal) {
-      log('global throttled')
+      log('Global throttled')
       return callback({ error: 'TooManyRequests' }, 429)
     }
   }