Brunobrno/vontor-cz
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

turnstile is working - keep SSL turned of on dev

Browse Source
This commit is contained in:
David Bruno Vontor
2026-06-11 11:35:36 +02:00
parent 192143bfb6
commit 5ca62497b1
12 changed files with 245 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/vontor_cz/settings.py
View File

@@ -958,6 +958,9 @@ GOPAY_GATEWAY_URL = os.getenv("GOPAY_GATEWAY_URL", "https://gw.sandbox.gopay.com
# New: absolute URL that GoPay calls (publicly reachable)
GOPAY_NOTIFICATION_URL = os.getenv("GOPAY_NOTIFICATION_URL", "http://localhost:8000/api/payments/gopay/webhook")
# --- Cloudflare Turnstile ---
CLOUDFLARE_TURNSTILE_SECRET_KEY = os.getenv("SECRET_KEY_TURNSTILE", "")
# -------------------------------------DOWNLOADER LIMITS------------------------------------
DOWNLOADER_MAX_SIZE_MB = int(os.getenv("DOWNLOADER_MAX_SIZE_MB", "200")) # Raspberry Pi safe cap
DOWNLOADER_MAX_SIZE_BYTES = DOWNLOADER_MAX_SIZE_MB * 1024 * 1024

33
backend/vontor_cz/turnstile.py Normal file
View File

@@ -0,0 +1,33 @@
import logging
import requests
from django.conf import settings
logger = logging.getLogger(__name__)
SITEVERIFY_URL = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
def verify_turnstile(token: str, remote_ip: str | None = None) -> bool:
"""
Verify a Cloudflare Turnstile token against the siteverify API.
Returns True if valid, False otherwise.
If CLOUDFLARE_TURNSTILE_SECRET_KEY is not configured, skips verification (dev bypass).
"""
secret = getattr(settings, "CLOUDFLARE_TURNSTILE_SECRET_KEY", "")
if not secret:
logger.debug("Turnstile: no secret key configured, skipping verification.")
return True
payload = {"secret": secret, "response": token}
if remote_ip:
payload["remoteip"] = remote_ip
try:
resp = requests.post(SITEVERIFY_URL, data=payload, timeout=5)
result = resp.json()
if not result.get("success"):
logger.warning("Turnstile verification failed: %s", result.get("error-codes"))
return bool(result.get("success"))
except Exception as e:
logger.error("Turnstile: siteverify request failed: %s", e)
return False