AI/myAi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Changes
Build and Push Docker Images / build (push) Successful in 28s
Details

Browse Source
This commit is contained in:
Gelu Mihes
2026-05-06 15:26:25 +03:00
parent a10908364b
commit a926c214e1
10 changed files with 40 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/Controllers/CaptchaController.cs
+1 -1
View File
@@ -48,7 +48,7 @@ namespace Api.Controllers
if (req is null || string.IsNullOrWhiteSpace(req.Token)) return BadRequest(new { error = "Missing token" });
var userIp = HttpContext.Connection.RemoteIpAddress?.ToString();
var verdict = await _captcha.VerifyAsync(req.Token, userIp, ct);
var verdict = await _captcha.VerifyAsync(req.Token, userIp, req.ExpectedAction, ct);
if (!verdict.Success)
{
_log.LogWarning("Captcha failed. ip={Ip} score={Score} err={Err}", userIp, verdict.Score, verdict.Error);
api/Controllers/ContactController.cs
+2 -2
View File
@@ -48,7 +48,7 @@ namespace Api.Controllers
return ValidationProblem(ModelState);
var userIp = HttpContext.Connection.RemoteIpAddress?.ToString();
var verdict = await _captcha.VerifyAsync(req.CaptchaToken, userIp, ct);
var verdict = await _captcha.VerifyAsync(req.CaptchaToken, userIp, "contact", ct);
if (!verdict.Success) return BadRequest("Captcha verification failed.");
try
@@ -82,7 +82,7 @@ namespace Api.Controllers
return ValidationProblem(ModelState);
var userIp = HttpContext.Connection.RemoteIpAddress?.ToString();
var verdict = await _captcha.VerifyAsync(req.CaptchaToken, userIp, ct);
var verdict = await _captcha.VerifyAsync(req.CaptchaToken, userIp, "contact", ct);
if (!verdict.Success) return BadRequest("Captcha verification failed.");
try
api/Controllers/CvMatcherController.cs
+2 -2
View File
@@ -65,7 +65,7 @@ public sealed class CvMatcherController : ControllerBase
cv.FileName, cv.Length, gdprConsent);
var userIp = HttpContext.Connection.RemoteIpAddress?.ToString();
var verdict = await _captcha.VerifyAsync(request.CaptchaToken ?? string.Empty, userIp, ct);
var verdict = await _captcha.VerifyAsync(request.CaptchaToken ?? string.Empty, userIp, "cv_upload", ct);
if (!verdict.Success)
{
_logger.LogWarning("Captcha verification failed for CV upload. IP={IP}", userIp);
@@ -112,7 +112,7 @@ public sealed class CvMatcherController : ControllerBase
!string.IsNullOrWhiteSpace(request.JobDescription));
var userIp = HttpContext.Connection.RemoteIpAddress?.ToString();
var verdict = await _captcha.VerifyAsync(request.CaptchaToken ?? string.Empty, userIp, ct);
var verdict = await _captcha.VerifyAsync(request.CaptchaToken ?? string.Empty, userIp, "match_job", ct);
if (!verdict.Success)
{
_logger.LogWarning("Captcha verification failed for job match. IP={IP}", userIp);
api/Models/Requests/CaptchaVerifyRequest.cs
+1
View File
@@ -3,6 +3,7 @@
public class CaptchaVerifyRequest
{
public string? Token { get; set; }
public string? ExpectedAction { get; set; }
}
}
api/Program.cs
-14
View File
@@ -299,9 +299,6 @@ finally
Log.CloseAndFlush();
}
/// <summary>
/// Logs all environment variables and configuration settings at startup for diagnostics.
/// </summary>
static void LogEnvironmentSettings(Microsoft.Extensions.Logging.ILogger logger, IConfiguration configuration, IWebHostEnvironment environment)
{
logger.LogInformation("==================== ENVIRONMENT SETTINGS ====================");
@@ -343,9 +340,6 @@ static void LogEnvironmentSettings(Microsoft.Extensions.Logging.ILogger logger,
logger.LogInformation("===========================================================");
}
/// <summary>
/// Recursively logs configuration settings with hierarchy.
/// </summary>
static void LogConfigurationRecursive(Microsoft.Extensions.Logging.ILogger logger, IEnumerable<IConfigurationSection> sections, string prefix)
{
foreach (var section in sections)
@@ -373,9 +367,6 @@ static void LogConfigurationRecursive(Microsoft.Extensions.Logging.ILogger logge
}
}
/// <summary>
/// Checks if a configuration key contains sensitive information.
/// </summary>
static bool IsSensitiveKey(string key)
{
return key.Contains("Password", StringComparison.OrdinalIgnoreCase) ||
@@ -385,11 +376,6 @@ static bool IsSensitiveKey(string key)
key.Contains("ConnectionString", StringComparison.OrdinalIgnoreCase);
}
/// <summary>
/// Masks a sensitive value but shows the last 4 characters for verification.
/// </summary>
/// <param name="value">The value to mask.</param>
/// <returns>Masked value showing last 4 characters (e.g., "***MASKED***...abcd")</returns>
static string MaskValueWithLastChars(string value)
{
if (string.IsNullOrEmpty(value))
api/Services/Contracts/ICaptchaVerifier.cs
+1 -1
View File
@@ -4,6 +4,6 @@ namespace Api.Services.Contracts
{
public interface ICaptchaVerifier
{
Task<CaptchaVerdictModel> VerifyAsync(string token, string? userIp, CancellationToken ct);
Task<CaptchaVerdictModel> VerifyAsync(string token, string? userIp, string? expectedAction, CancellationToken ct);
}
}
api/Services/RecaptchaVerifier.cs
+5 -4
View File
@@ -18,7 +18,7 @@ namespace Api.Services
_log = log;
}
public async Task<CaptchaVerdictModel> VerifyAsync(string token, string? userIp, CancellationToken ct)
public async Task<CaptchaVerdictModel> VerifyAsync(string token, string? userIp, string? expectedAction, CancellationToken ct)
{
_log.LogDebug("Verifying captcha token for IP {Ip}", userIp ?? "unknown");
@@ -72,11 +72,12 @@ namespace Api.Services
}
// Optional strictness (usually v3): action/hostname checks
if (!string.IsNullOrWhiteSpace(_opt.ExpectedAction) &&
!string.Equals(_opt.ExpectedAction, data.action, StringComparison.Ordinal))
var actionToCheck = !string.IsNullOrWhiteSpace(expectedAction) ? expectedAction : _opt.ExpectedAction;
if (!string.IsNullOrWhiteSpace(actionToCheck) &&
!string.Equals(actionToCheck, data.action, StringComparison.Ordinal))
{
_log.LogWarning("Captcha action mismatch. Expected={Expected}, Actual={Actual}, IP={Ip}",
_opt.ExpectedAction, data.action, userIp ?? "unknown");
actionToCheck, data.action, userIp ?? "unknown");
return new CaptchaVerdictModel(false, "Captcha action mismatch", data.score);
}