#80 config global callback function captcha (#81)

* config global callback function captcha

* remove redundant code

* gitleaks ignore

* fix site key for gitleaks

* config

.env.sample

@@ -21,4 +21,5 @@ ENCODE_KEY=1g2h3j4k5g6h7o8z
 TYPE_ENCODE=AES
 EMAIL_SERVER=tranquangg.1108@gmail.com
 PASSWORD_EMAIL_SERVER=qsnt yxbi yjud fcpf
-RECAPTCHA_SECRET_KEY=6LfblD0qAAAAAO2lT_e5JwmxUFJ55uCpxPrdwk0T
+RECAPTCHA_SECRET_KEY=6LfblD0qAAAAAO2lT_e5JwmxUFJ55uCpxPrdwk0T
+RECAPTCHA_SITE_KEY=6LfblD0qAAAAAC1k-Zd8GfiyXmKjNWBV4xMC1BNP

gitleaks.toml

@@ -18,5 +18,6 @@ useDefault = true
 description = "global allow list"
 paths = [
   '''target''',
-  '''test/application.yml'''
+  '''test\.application.yml''',
+  '''\.env.sample'''
 ]

src/main/java/com/fjb/sunrise/controllers/AuthController.java

@@ -9,6 +9,7 @@
 import com.fjb.sunrise.utils.Constants;
 import java.time.LocalDateTime;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -21,6 +22,10 @@
 @RequestMapping("/auth")
 @RequiredArgsConstructor
 public class AuthController {
+
+    @Value("${default.recaptcha-site-key}")
+    private String recaptchaSiteKey;
+
     private final UserService userService;
     private final EmailService emailService;
     private final ReCaptchaService reCaptchaService;
@@ -32,6 +37,7 @@ public ModelAndView indexLogin(@RequestParam(value = "error", required = false)
         modelAndView.setViewName(Constants.ApiConstant.AUTH_VIEW);
         modelAndView.addObject(Constants.ApiConstant.LOGIN_OBJECT, new LoginRequest());
         modelAndView.addObject(Constants.ApiConstant.REGISTER_OBJECT, new RegisterRequest());
+        modelAndView.addObject("recaptchaSiteKey", recaptchaSiteKey);
         if (error != null) {
             modelAndView.addObject(Constants.ApiConstant.ERROR_MESSAGE_OBJECT, "Đăng nhập không thành công!");
         }
@@ -44,6 +50,7 @@ public ModelAndView indexRegister() {
         modelAndView.setViewName(Constants.ApiConstant.AUTH_VIEW);
         modelAndView.addObject(Constants.ApiConstant.LOGIN_OBJECT, new LoginRequest());
         modelAndView.addObject(Constants.ApiConstant.REGISTER_OBJECT, new RegisterRequest());
+        modelAndView.addObject("recaptchaSiteKey", recaptchaSiteKey);
         return modelAndView;
     }
 

src/main/resources/application.yml

@@ -63,4 +63,5 @@ default:
   admin-create-key: ${ADMIN_CREATE_KEY}
   encode-key: ${ENCODE_KEY}
   type-encode: ${TYPE_ENCODE}
-  recaptcha-secret-key: ${RECAPTCHA_SECRET_KEY}
+  recaptcha-secret-key: ${RECAPTCHA_SECRET_KEY}
+  recaptcha-site-key: ${RECAPTCHA_SITE_KEY}

src/main/resources/static/bootstrapv5/js/auth/action.js

@@ -1,11 +1,6 @@
 const boxRegister = document.getElementById("box-register");
 const boxLogin = document.getElementById("box-login");
 
-let CaptchaCallback = function() {
-    grecaptcha.render('recaptcha-register', {'sitekey' : '6LfblD0qAAAAAC1k-Zd8GfiyXmKjNWBV4xMC1BNP'});
-    grecaptcha.render('recaptcha-login', {'sitekey' : '6LfblD0qAAAAAC1k-Zd8GfiyXmKjNWBV4xMC1BNP'});
-};
-
 window.onload = function() {
     let page = window.location.href.split("/").pop();
 

src/main/resources/templates/auth/loginAndRegister.html

@@ -10,6 +10,23 @@
     <link rel="icon" th:href="@{/img/spreadsheet_17087859.png}" type="image/png">
 </head>
 <body>
+<script type="text/javascript">
+    let CaptchaCallback = function() {
+        console.log("CaptchaCallback executed");
+        try {
+            if (document.getElementById('recaptcha-register')) {
+                grecaptcha.render('recaptcha-register', {'sitekey': '[[${recaptchaSiteKey}]]'});
+            }
+            if (document.getElementById('recaptcha-login')) {
+                grecaptcha.render('recaptcha-login', {'sitekey': '[[${recaptchaSiteKey}]]'});
+            }
+        } catch (error) {
+            console.error("Error rendering reCAPTCHA: ", error);
+        }
+    };
+
+    window.CaptchaCallback = CaptchaCallback;
+</script>
 <th:block th:if="${errorMessage != null}">
     <div id="popup-failed-register" class="modal fade" tabindex="-1">
         <div class="modal-dialog">
@@ -55,7 +72,7 @@ <h2>ĐĂNG KÝ</h2>
                 <input th:field="*{phone}" id="phone" type="tel" class="field-custom" placeholder="Số điện thoại">
                 <input th:field="*{password}" id="password-register" type="password" class="field-custom" placeholder="Nhập mật khẩu">
                 <input id="re-password-register" type="password" class="field-custom" placeholder="Nhập lại mật khẩu">
-                <div id="recaptcha-register" class="areaCaptcha"></div>
+                <div id="recaptcha-register" class="areaCaptcha  w-100 d-flex justify-content-center"></div>
                 <button id="submit-button-register" type="submit">Đăng ký</button>
             </form>
             <hr>
@@ -87,7 +104,7 @@ <h2>ĐĂNG NHẬP</h2>
                 <input th:field="*{username}" id="username" type="text" class="field-custom" placeholder="Nhập email hoặc số điện thoại">
                 <input th:field="*{password}" id="password-login" type="password" class="field-custom" placeholder="Nhập mật khẩu">
 
-                <div id="recaptcha-login" class="areaCaptcha"></div>
+                <div id="recaptcha-login" class="areaCaptcha w-100 d-flex justify-content-center"></div>
 
                 <div class="form-check">
                     <input name="remember-me" type="checkbox" class="form-check-input" id="remember-me">

src/test/resources/application.yml

@@ -26,7 +26,8 @@ application:
       email: sun@sun.com
 
 default:
-  admin-create-key: dfjkNdkMAnje
-  recaptcha-secret-key: 6LfblD0qAAAAAO2lT_e5JwmxUFJ55uCpxPrdwk0T
-  encode-key: abcdefghabcdefgh
-  type-encode: AES
+  admin-create-key: dfjkNdkMAnje #gitleaks:allow
+  recaptcha-secret-key: abcdT #gitleaks:allow
+  recaptcha-site-key: efgh #gitleaks:allow
+  encode-key: abcdefghabcdefgh #gitleaks:allow
+  type-encode: AES #gitleaks:allow