src/turnstile.rs

use cot::db::{Database, query};

use crate::models::Setting;

/// Read `turnstile_site_key` from Settings. Returns empty string if not configured.
pub async fn get_site_key(db: &Database) -> cot::Result<String> {
    let key = "turnstile_site_key".to_string();
    Ok(query!(Setting, $key == key)
        .get(db)
        .await?
        .map(|s| s.value)
        .unwrap_or_default())
}

/// Verify a Turnstile token against Cloudflare.
/// Returns `true` if verification succeeds, or if no secret key is configured (passthrough).
pub async fn verify(db: &Database, token: Option<&str>) -> cot::Result<bool> {
    let secret_key_name = "turnstile_secret_key".to_string();
    let secret_key = query!(Setting, $key == secret_key_name)
        .get(db)
        .await?
        .map(|s| s.value)
        .filter(|s| !s.is_empty());

    let Some(secret) = secret_key else {
        return Ok(true);
    };

    let token = token.unwrap_or("");
    let client = reqwest::Client::new();
    let resp = client
        .post("https://challenges.cloudflare.com/turnstile/v0/siteverify")
        .json(&serde_json::json!({
            "secret": secret,
            "response": token
        }))
        .send()
        .await;

    Ok(match resp {
        Ok(r) => r
            .json::<serde_json::Value>()
            .await
            .map(|v| v["success"].as_bool() == Some(true))
            .unwrap_or(false),
        Err(_) => false,
    })
}
Added claudflare Turnstile captcha support 2026-05-18 22:12:54 +03:00			`use cot::db::{Database, query};`

			`use crate::models::Setting;`

			/// Read `turnstile_site_key` from Settings. Returns empty string if not configured.
			`pub async fn get_site_key(db: &Database) -> cot::Result<String> {`
			`let key = "turnstile_site_key".to_string();`
			`Ok(query!(Setting, $key == key)`
			`.get(db)`
			`.await?`
			`.map(\|s\| s.value)`
			`.unwrap_or_default())`
			`}`

			`/// Verify a Turnstile token against Cloudflare.`
			/// Returns `true` if verification succeeds, or if no secret key is configured (passthrough).
			`pub async fn verify(db: &Database, token: Option<&str>) -> cot::Result<bool> {`
			`let secret_key_name = "turnstile_secret_key".to_string();`
			`let secret_key = query!(Setting, $key == secret_key_name)`
			`.get(db)`
			`.await?`
			`.map(\|s\| s.value)`
			`.filter(\|s\| !s.is_empty());`

			`let Some(secret) = secret_key else {`
			`return Ok(true);`
			`};`

			`let token = token.unwrap_or("");`
			`let client = reqwest::Client::new();`
			`let resp = client`
			`.post("https://challenges.cloudflare.com/turnstile/v0/siteverify")`
			`.json(&serde_json::json!({`
			`"secret": secret,`
			`"response": token`
			`}))`
			`.send()`
			`.await;`

			`Ok(match resp {`
			`Ok(r) => r`
			`.json::<serde_json::Value>()`
			`.await`
			`.map(\|v\| v["success"].as_bool() == Some(true))`
			`.unwrap_or(false),`
			`Err(_) => false,`
			`})`
			`}`