Brunobrno/vontor-cz
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitize envs, optimize Dockerfile, Turnstile

Browse Source 
Redact sensitive AWS keys in backend/.env.example and add VITE_TURNSTILE_SITE_KEY and VITE_USE_TURNSTILE to frontend/.env.example. Optimize backend Dockerfile by installing Python requirements immediately after copying requirements.txt (enables Docker cache) and remove the duplicate later install. Update turnstile verification to skip checks when USE_SSL is disabled (dev/non-HTTPS) and keep the existing no-secret bypass; add debug logging for the SSL bypass.
This commit is contained in:
David Bruno Vontor
2026-06-11 14:04:23 +02:00
parent 5ca62497b1
commit f4c4a8bfd1
4 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/vontor_cz/turnstile.py
View File

@@ -11,8 +11,13 @@ def verify_turnstile(token: str, remote_ip: str | None = None) -> bool:
"""
Verify a Cloudflare Turnstile token against the siteverify API.
Returns True if valid, False otherwise.
If CLOUDFLARE_TURNSTILE_SECRET_KEY is not configured, skips verification (dev bypass).
Skips verification when SSL is disabled (non-HTTPS env) or when
CLOUDFLARE_TURNSTILE_SECRET_KEY is not configured.
"""
if not getattr(settings, "USE_SSL", False):
logger.debug("Turnstile: SSL disabled, skipping verification.")
return True
secret = getattr(settings, "CLOUDFLARE_TURNSTILE_SECRET_KEY", "")
if not secret:
logger.debug("Turnstile: no secret key configured, skipping verification.")