internal/api/server.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log/slog"
@@ -20,14 +21,9 @@ type Server struct {
 	baseUrl	string
 	port	string
 	client	client.Client
-	config	config.Config
 }
 
 func (s *Server) Run(ctx context.Context) {
-	if s.config.Debug {
-		slog.SetLogLoggerLevel(slog.LevelDebug)
-	}
-
 	r := chi.NewRouter()
 
 	r.Use(middleware.Logger)
@@ -40,7 +36,8 @@ func (s *Server) Run(ctx context.Context) {
 	})
 	r.Get(s.baseUrl+"/request", s.requestHandler)
 	r.Post(s.baseUrl+"/verify", s.submitHandler)
-
+	r.Post(s.baseUrl+"/verify-spam-filter", s.submitSpamFilterHandler)
+	
 	logger.Info(ctx, "altcha server listening on port "+s.port)
 	if err := http.ListenAndServe(":"+s.port, r); err != nil {
 		logger.Error(ctx, err.Error())
@@ -51,55 +48,101 @@ func (s *Server) requestHandler(w http.ResponseWriter, r *http.Request) {
 	challenge, err := s.client.Generate()
 
 	if err != nil {
-		slog.Debug("Failed to create challenge,", "error", err)
 		http.Error(w, fmt.Sprintf("Failed to create challenge : %s", err), http.StatusInternalServerError)
+		slog.Error(err.Error())
 		return
 	}
 
-	w.Header().Set("Content-Type", "application/json")
+	writeJSON(w, challenge)
-	err = json.NewEncoder(w).Encode(challenge)
-	if err != nil {
-		slog.Debug("Failed to encode JSON", "error", err)
-		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
-		return
-	}
 }
 
 func (s *Server) submitHandler(w http.ResponseWriter, r *http.Request) {
-	var payload map[string]interface{}
+	if r.Method != http.MethodPost {
-	err := json.NewDecoder(r.Body).Decode(&payload)
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
-	if err != nil {
-		slog.Debug("Failed to parse Altcha payload,", "error", err)
-		http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest)
-		return
-	}
-	
-	verified, err := s.client.VerifySolution(payload)
-	
-	if err != nil {
-		slog.Debug("Invalid Altcha payload", "error", err)
-		http.Error(w, "Invalid Altcha payload,", http.StatusBadRequest)
 		return
 	}
 
-	if !verified {
+	formData := r.FormValue("altcha")
-		slog.Debug("Invalid solution")
+	if formData == "" {
-		http.Error(w, "Invalid solution,", http.StatusBadRequest)
+		 http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
-		return
+		 return
 	}
-	
+
-	w.Header().Set("Content-Type", "application/json")
+	decodedPayload, err := base64.StdEncoding.DecodeString(formData)
-	err = json.NewEncoder(w).Encode(map[string]interface{}{
-		"success":	true,
-		"data":		payload,
-	})
 	if err != nil {
-		if s.config.Debug {
+		http.Error(w, "Failed to decode Altcha payload", http.StatusBadRequest)
-			slog.Debug("Failed to encode JSON", "error", err)
-		}
-		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
 		return
 	}
+
+	var payload map[string]interface{}
+	if err := json.Unmarshal(decodedPayload, &payload); err != nil {
+		http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest)
+		return
+	}
+
+	verified, err := s.client.VerifySolution(payload)
+	
+	if err != nil || !verified {
+		http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
+		return
+	}
+
+	writeJSON(w, map[string]interface{}{
+		"success":	true,
+		"data":		formData,
+	})
+}
+
+func (s *Server) submitSpamFilterHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	formData, err := formToMap(r)
+	if err != nil {
+		http.Error(w, "Cannot read form data", http.StatusBadRequest)
+		slog.Error(err.Error())
+		return
+	}
+
+	payload := r.FormValue("altcha")
+	if payload == "" {
+		http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
+		return
+	}
+
+	verified, verificationData, err := s.client.VerifyServerSignature(payload)
+	if err != nil || !verified {
+		http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
+		slog.Error(err.Error())
+		return
+	}
+
+	if verificationData.Verified && verificationData.Expire > time.Now().Unix() {
+		if verificationData.Classification == "BAD" {
+			http.Error(w, "Classified as spam", http.StatusBadRequest)
+			return
+		}
+
+		if verificationData.FieldsHash != "" {
+			verified, err := s.client.VerifyFieldsHash(formData, verificationData.Fields, verificationData.FieldsHash)
+			if err != nil || !verified {
+				http.Error(w, "Invalid fields hash", http.StatusBadRequest)
+				slog.Error(err.Error())
+				return
+			}
+		}
+
+		writeJSON(w, map[string]interface{}{
+			"success":			true,
+			"data":				formData,
+			"verificationData":	verificationData,
+		})
+		return
+	}
+
+	http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
 }
 
 func corsMiddleware(next http.Handler) http.Handler {
@@ -117,6 +160,21 @@ func corsMiddleware(next http.Handler) http.Handler {
 	})
 }
 
+func writeJSON(w http.ResponseWriter, data interface{}) {
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(data); err != nil {
+		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
+	}
+}
+
+func formToMap(r *http.Request) (map[string][]string, error) {
+	if err := r.ParseForm(); err != nil {
+		return nil, err
+	}
+
+	return r.Form, nil
+}
+
 func NewServer(cfg config.Config) (*Server, error) {
 	expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
 	if err != nil {
@@ -133,6 +191,5 @@ func NewServer(cfg config.Config) (*Server, error) {
 		baseUrl: cfg.BaseUrl,
 		port:	cfg.Port,
 		client:	*client,
-		config: cfg,
 	}, nil
 }

internal/command/main.go

@@ -2,6 +2,7 @@ package command
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"sort"
 
@@ -16,6 +17,27 @@ func Main(commands ...*cli.Command) {
 		Name: 		"altcha-server",
 		Usage:		"create challenges and validate solutions for atlcha captcha",
 		Commands: commands,
+		Flags: []cli.Flag{
+			&cli.BoolFlag{
+				Name:		"debug",
+				EnvVars:	[]string{"ALTCHA_DEBUG"},
+				Value: 		false,
+			},
+		},
+	}
+
+	app.ExitErrHandler = func (ctx *cli.Context, err error) {
+		if err == nil {
+			return
+		}
+
+		debug := ctx.Bool("debug")
+
+		if !debug {
+			fmt.Printf("[ERROR] %v\n", err)
+		} else {
+			fmt.Printf("%+v", err)
+		}
 	}
 
 	sort.Sort(cli.FlagsByName(app.Flags))

internal/command/run.go

@@ -2,6 +2,7 @@ package command
 
 import (
 	"forge.cadoles.com/cadoles/altcha-server/internal/api"
+	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
@@ -9,9 +10,12 @@ import (
 )
 
 func RunCommand() *cli.Command {
+	flags := common.Flags()
+	
 	return &cli.Command{
 		Name:	"run",
 		Usage:	"run the atlcha api server",
+		Flags:	flags,
 		Action:	func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {

internal/command/solve.go

@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
+	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
@@ -12,9 +13,12 @@ import (
 )
 
 func SolveCommand() *cli.Command {
+	flags := common.Flags()
+
 	return &cli.Command{
 		Name:		"solve",
 		Usage:		"solve the challenge and return the solution",
+		Flags:		flags,
 		Args: 		true,
 		ArgsUsage:	"[CHALLENGE] [SALT]",
 		Action:	func(ctx *cli.Context) error {

internal/command/verify.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
+	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/altcha-org/altcha-lib-go"
 	"github.com/caarlos0/env/v11"
@@ -14,9 +15,12 @@ import (
 )
 
 func VerifyCommand() *cli.Command {
+	flags := common.Flags()
+
 	return &cli.Command{
 		Name:	"verify",
 		Usage:	"verify the solution",
+		Flags:	flags,
 		Args:	true,
 		ArgsUsage: "[challenge] [salt] [signature] [solution]",
 		Action: func(ctx *cli.Context) error {

internal/config/config.go

@@ -9,5 +9,4 @@ type Config struct {
 	Salt		string	`env:"ALTCHA_SALT"`
 	Expire		string	`env:"ALTCHA_EXPIRE" envDefault:"600"`
 	CheckExpire	bool	`env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"`
-	Debug		bool	`env:"ALTCHA_DEBUG" envDefault:"false"`
 }