turnstile is working - keep SSL turned of on dev

2026-06-11 11:35:36 +02:00
parent 192143bfb6
commit 5ca62497b1
12 changed files with 245 additions and 79 deletions
--- a/backend/vontor_cz/turnstile.py
+++ b/backend/vontor_cz/turnstile.py
@@ -0,0 +1,33 @@
+import logging
+import requests
+from django.conf import settings
+
+logger = logging.getLogger(__name__)
+
+SITEVERIFY_URL = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+
+
+def verify_turnstile(token: str, remote_ip: str | None = None) -> bool:
+    """
+    Verify a Cloudflare Turnstile token against the siteverify API.
+    Returns True if valid, False otherwise.
+    If CLOUDFLARE_TURNSTILE_SECRET_KEY is not configured, skips verification (dev bypass).
+    """
+    secret = getattr(settings, "CLOUDFLARE_TURNSTILE_SECRET_KEY", "")
+    if not secret:
+        logger.debug("Turnstile: no secret key configured, skipping verification.")
+        return True
+
+    payload = {"secret": secret, "response": token}
+    if remote_ip:
+        payload["remoteip"] = remote_ip
+
+    try:
+        resp = requests.post(SITEVERIFY_URL, data=payload, timeout=5)
+        result = resp.json()
+        if not result.get("success"):
+            logger.warning("Turnstile verification failed: %s", result.get("error-codes"))
+        return bool(result.get("success"))
+    except Exception as e:
+        logger.error("Turnstile: siteverify request failed: %s", e)
+        return False