Skip to content

Disable login captcha if backend has no captcha secret #5288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aecsocket merged 6 commits into from
Feb 4, 2026
+94 −16
Merged

Disable login captcha if backend has no captcha secret #5288

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dc9a11d
Add /_internal/globals route
aecsocket Feb 3, 2026
b3d21bb
Don't show login captcha if backend claims it's disabled
aecsocket Feb 3, 2026
38a9358
try to re-add tombi
aecsocket Feb 3, 2026
c37988a
typos
aecsocket Feb 3, 2026
7a458f6
Assume captcha enabled if globals route is unreachable
aecsocket Feb 4, 2026
1472b9f
Prepare frontend fixes
aecsocket Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions .github/workflows/check-generic.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: crate-ci/typos@master
- uses: crate-ci/typos@v1.43.1

# broken: <https://github.com/SchemaStore/schemastore/issues/5108>
# tombi:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - uses: tombi-toml/setup-tombi@v1
# - run: tombi lint
# - run: tombi fmt --check
# see <https://github.com/influxdata/datafusion-udf-wasm/pull/275>
tombi:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: taiki-e/install-action@v2
with:
tool: tombi
- run: tombi lint
- run: tombi fmt --check
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ const_format = "0.2.34"
daedalus = { path = "packages/daedalus" }
dashmap = "6.1.0"
data-url = "0.3.2"
deadpool-redis = { version = "0.22.1", git = "https://github.com/modrinth/deadpool", rev = "db5fb00b036ecc8fe5f18853c559b745ffe47bde" }
deadpool-redis = { git = "https://github.com/modrinth/deadpool", rev = "db5fb00b036ecc8fe5f18853c559b745ffe47bde", version = "0.22.1" }
derive_more = "2.0.1"
directories = "6.0.0"
dirs = "6.0.0"
Expand Down
17 changes: 15 additions & 2 deletions apps/frontend/src/pages/auth/reset-password.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,13 @@
/>
</div>

<HCaptcha ref="captcha" v-model="token" />
<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />

<button class="btn btn-primary centered-btn" :disabled="!token" @click="recovery">
<button
class="btn btn-primary centered-btn"
:disabled="globals?.captcha_enabled ? !token : false"
@click="recovery"
>
<SendIcon /> {{ formatMessage(methodChoiceMessages.action) }}
</button>
</template>
Expand Down Expand Up @@ -158,6 +162,15 @@ if (route.query.flow) {

const captcha = ref()

const { data: globals } = await useAsyncData('auth-globals', async () => {
try {
return await useBaseFetch('globals', { internal: true })
} catch (err) {
console.error('Error fetching globals:', err)
return { captcha_enabled: true }
}
})

const email = ref('')
const token = ref('')

Expand Down
13 changes: 11 additions & 2 deletions apps/frontend/src/pages/auth/sign-in.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,11 +89,11 @@
/>
</div>

<HCaptcha ref="captcha" v-model="token" />
<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />

<button
class="btn btn-primary continue-btn centered-btn"
:disabled="!token"
:disabled="globals?.captcha_enabled ? !token : false"
@click="beginPasswordSignIn()"
>
{{ formatMessage(commonMessages.signInButton) }} <RightArrowIcon />
Expand Down Expand Up @@ -210,6 +210,15 @@ if (auth.value.user) {

const captcha = ref()

const { data: globals } = await useAsyncData('auth-globals', async () => {
try {
return await useBaseFetch('globals', { internal: true })
} catch (err) {
console.error('Error fetching globals:', err)
return { captcha_enabled: true }
}
})

const email = ref('')
const password = ref('')
const token = ref('')
Expand Down
13 changes: 11 additions & 2 deletions apps/frontend/src/pages/auth/sign-up.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,11 +108,11 @@
</IntlFormatted>
</p>

<HCaptcha ref="captcha" v-model="token" />
<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />

<button
class="btn btn-primary continue-btn centered-btn"
:disabled="!token"
:disabled="globals?.captcha_enabled ? !token : false"
@click="createAccount"
>
{{ formatMessage(messages.createAccountButton) }} <RightArrowIcon />
Expand Down Expand Up @@ -209,6 +209,15 @@ if (auth.value.user) {

const captcha = ref()

const { data: globals } = await useAsyncData('auth-globals', async () => {
try {
return await useBaseFetch('globals', { internal: true })
} catch (err) {
console.error('Error fetching globals:', err)
return { captcha_enabled: true }
}
})

const email = ref('')
const username = ref('')
const password = ref('')
Expand Down
39 changes: 39 additions & 0 deletions apps/labrinth/src/routes/internal/globals.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
use std::{collections::HashMap, sync::LazyLock};

use actix_web::{get, web};
use serde::{Deserialize, Serialize};

pub fn config(cfg: &mut utoipa_actix_web::service_config::ServiceConfig) {
cfg.service(get_globals);
}

/// See [`get`].
#[derive(Debug, Clone, Serialize, Deserialize, utoipa::ToSchema)]
pub struct Globals {
/// Map of years to how much a creator can withdraw in that year, in USD,
/// before they must fill in a tax compliance form.
///
/// If the current year is not contained in this map:
/// - if the year is before the first year in the map, the threshold is the first year's.
/// - if the year is after the last year in the map, the threshold is the last year's threshold.
pub tax_compliance_thresholds: HashMap<u16, u64>,
/// If this backend instance has a Captcha enabled for password login.
///
/// In production, this will always be true. On local testing builds, this
/// will always be false.
pub captcha_enabled: bool,
}

static GLOBALS: LazyLock<Globals> = LazyLock::new(|| Globals {
tax_compliance_thresholds: [(2025, 600), (2026, 2000)]
.into_iter()
.collect(),
captcha_enabled: dotenvy::var("HCAPTCHA_SECRET").is_ok_and(|x| x != "none"),
});

/// Gets configured global non-secret variables for this backend instance.
#[utoipa::path]
#[get("")]
pub async fn get_globals() -> web::Json<Globals> {
web::Json(GLOBALS.clone())
}
6 changes: 6 additions & 0 deletions apps/labrinth/src/routes/internal/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ pub mod delphi;
pub mod external_notifications;
pub mod flows;
pub mod gdpr;
pub mod globals;
pub mod gotenberg;
pub mod medal;
pub mod moderation;
Expand Down Expand Up @@ -55,5 +56,10 @@ pub fn utoipa_config(
utoipa_actix_web::scope("/_internal/search-management")
.wrap(default_cors())
.configure(search::config),
)
.service(
utoipa_actix_web::scope("/_internal/globals")
.wrap(default_cors())
.configure(globals::config),
);
}