patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Visible Turnstile widget with refresh button, always verify on backend

Browse source
This commit is contained in:
Patrick Britton 2026-02-06 10:31:05 -06:00
parent de5ad23763
commit 766392e5b0
2 changed files with 48 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
admin/src/app/login/page.tsx
View file

@ -13,63 +13,64 @@ export default function LoginPage() {
const [error, setError] = useState(''); const [error, setError] = useState('');
const [loading, setLoading] = useState(false); const [loading, setLoading] = useState(false);
const [turnstileToken, setTurnstileToken] = useState(''); const [turnstileToken, setTurnstileToken] = useState('');
const [turnstileReady, setTurnstileReady] = useState(false);
const turnstileRef = useRef<HTMLDivElement>(null); const turnstileRef = useRef<HTMLDivElement>(null);
const widgetIdRef = useRef<string | null>(null); const widgetIdRef = useRef<string | null>(null);
const tokenRef = useRef('');
const { login } = useAuth(); const { login } = useAuth();
const router = useRouter(); const router = useRouter();
// Keep ref in sync with state so the submit handler always has the latest value
useEffect(() => { tokenRef.current = turnstileToken; }, [turnstileToken]);
const renderTurnstile = useCallback(() => { const renderTurnstile = useCallback(() => {
if (!TURNSTILE_SITE_KEY || !turnstileRef.current || !(window as any).turnstile) return; if (!TURNSTILE_SITE_KEY || !turnstileRef.current || !(window as any).turnstile) return;
// Clean up previous widget if exists
if (widgetIdRef.current) { if (widgetIdRef.current) {
try { (window as any).turnstile.remove(widgetIdRef.current); } catch {} try { (window as any).turnstile.remove(widgetIdRef.current); } catch {}
} }
widgetIdRef.current = (window as any).turnstile.render(turnstileRef.current, { widgetIdRef.current = (window as any).turnstile.render(turnstileRef.current, {
sitekey: TURNSTILE_SITE_KEY, sitekey: TURNSTILE_SITE_KEY,
size: 'invisible', size: 'normal',
callback: (token: string) => setTurnstileToken(token), theme: 'light',
'error-callback': () => setTurnstileToken(''), callback: (token: string) => { setTurnstileToken(token); tokenRef.current = token; setTurnstileReady(true); },
'expired-callback': () => setTurnstileToken(''), 'error-callback': () => { setTurnstileToken(''); tokenRef.current = ''; setTurnstileReady(false); },
'expired-callback': () => { setTurnstileToken(''); tokenRef.current = ''; setTurnstileReady(false); },
}); });
}, []); }, []);
useEffect(() => { useEffect(() => {
// If script already loaded (e.g. SPA navigation), render immediately
if ((window as any).turnstile && TURNSTILE_SITE_KEY) { if ((window as any).turnstile && TURNSTILE_SITE_KEY) {
renderTurnstile(); renderTurnstile();
} }
}, [renderTurnstile]); }, [renderTurnstile]);
const refreshTurnstile = () => {
setTurnstileToken('');
tokenRef.current = '';
setTurnstileReady(false);
setError('');
if (widgetIdRef.current && (window as any).turnstile) {
(window as any).turnstile.reset(widgetIdRef.current);
}
};
const handleSubmit = async (e: React.FormEvent) => { const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault(); e.preventDefault();
setError(''); setError('');
if (TURNSTILE_SITE_KEY && !tokenRef.current) {
setError('Please complete the security check first.');
return;
}
setLoading(true); setLoading(true);
try { try {
// If Turnstile is configured but token is empty, execute the challenge await login(email, password, tokenRef.current);
if (TURNSTILE_SITE_KEY && !turnstileToken && widgetIdRef.current) {
(window as any).turnstile.execute(widgetIdRef.current);
// Wait briefly for the invisible challenge to resolve
await new Promise<void>((resolve, reject) => {
let attempts = 0;
const check = setInterval(() => {
attempts++;
if (turnstileToken || attempts > 50) {
clearInterval(check);
resolve();
}
}, 100);
});
}
await login(email, password, turnstileToken);
router.push('/'); router.push('/');
} catch (err: any) { } catch (err: any) {
setError(err.message || 'Login failed. Check your credentials.'); setError(err.message || 'Login failed. Check your credentials.');
// Reset turnstile for retry // Reset turnstile for retry
if (widgetIdRef.current && (window as any).turnstile) { refreshTurnstile();
(window as any).turnstile.reset(widgetIdRef.current);
setTurnstileToken('');
}
} finally { } finally {
setLoading(false); setLoading(false);
} }
@ -124,9 +125,24 @@ export default function LoginPage() {
required required
/> />
</div> </div>
{/* Invisible Turnstile widget container */} {/* Visible Turnstile widget */}
<div ref={turnstileRef} /> {TURNSTILE_SITE_KEY && (
<button type="submit" className="btn-primary w-full" disabled={loading}> <div className="flex flex-col items-center gap-2">
<div ref={turnstileRef} />
<button
type="button"
onClick={refreshTurnstile}
className="text-xs text-gray-400 hover:text-gray-600 underline"
>
Refresh verification
</button>
</div>
)}
<button
type="submit"
className="btn-primary w-full"
disabled={loading || (!!TURNSTILE_SITE_KEY && !turnstileReady)}
>
{loading ? 'Signing in...' : 'Sign In'} {loading ? 'Signing in...' : 'Sign In'}
</button> </button>
</form> </form>

4
go-backend/internal/handlers/admin_handler.go
View file

@ -66,8 +66,8 @@ func (h *AdminHandler) AdminLogin(c *gin.Context) {
} }
req.Email = strings.ToLower(strings.TrimSpace(req.Email)) req.Email = strings.ToLower(strings.TrimSpace(req.Email))
// Verify Turnstile token (invisible mode) — only if both secret and token are present // Verify Turnstile token
if h.turnstileSecret != "" && req.TurnstileToken != "" { if h.turnstileSecret != "" {
turnstileService := services.NewTurnstileService(h.turnstileSecret) turnstileService := services.NewTurnstileService(h.turnstileSecret)
remoteIP := c.ClientIP() remoteIP := c.ClientIP()
turnstileResp, err := turnstileService.VerifyToken(req.TurnstileToken, remoteIP) turnstileResp, err := turnstileService.VerifyToken(req.TurnstileToken, remoteIP)