patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

security: remove development bypass tokens from production code

Browse source
This commit is contained in:
Patrick Britton 2026-02-17 00:52:29 -06:00
parent 83317e8e0f
commit 95be179a38
2 changed files with 0 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
go-backend/internal/services/altcha_service.go
View file

@ -23,10 +23,6 @@ func NewAltchaService(secretKey string) *AltchaService {
// VerifyToken validates an ALTCHA token using the official library
func (s *AltchaService) VerifyToken(token, remoteIP string) (*AltchaResponse, error) {
// Allow bypass token for development
if token == "BYPASS_DEV_MODE" {
return &AltchaResponse{Verified: true}, nil
}
if s.secretKey == "" {
// If no secret key is configured, skip verification (for development)

4
go-backend/internal/services/turnstile_service.go
View file

@ -35,10 +35,6 @@ func NewTurnstileService(secretKey string) *TurnstileService {
// VerifyToken validates a Turnstile token with Cloudflare
func (s *TurnstileService) VerifyToken(token, remoteIP string) (*TurnstileResponse, error) {
// Allow bypass token for development (Flutter web)
if token == "BYPASS_DEV_MODE" {
return &TurnstileResponse{Success: true}, nil
}
if s.secretKey == "" {
// If no secret key is configured, skip verification (for development)