akirattii/CheckReCAPTCHA.js

## CheckReCAPTCHA.js
/**
 * reCAPTCHA checking middleware
 *
 * Usage:
 * ```
 * var checkReCAPTCHA = require("../middleware/CheckReCAPTCHA.js").checkReCAPTCHA;
 * router.post('/hoge',
 *  checkReCAPTCHA(),
 *  function(req, res, next) {
 *    //
 *  });
 * ```
 */
const MODULENAME = "CheckReCAPTCHA";
var request = require('request');

/**
 * Returns the middleware for reCAPTCHA checking
 * Assuming that `g-recaptcha-response` in querystring (contained in `req.query`) is passed by previous middleware.
 */
exports.checkReCAPTCHA = function() {
  return function(req, res, next) {
    const fnname = "check";
    const url = "https://www.google.com/recaptcha/api/siteverify";
    const method = "POST";
    /*
     * POST Parameter to the reCAPTCHA API of Google:
     *  secret - Required. The shared key between your site and reCAPTCHA.
     *  response - Required. The user response token provided by reCAPTCHA, verifying the user on your site.
     *  remoteip - Optional. The user's IP address.
     */
    const form = {
      secret: config.recaptcha.secretKey, // secret key provided by Google
      response: req.query["g-recaptcha-response"], // generated data by reCAPTCHA lib on client-side
    };
    request({ url, method, form, json: true, }, (err, response) => {
      const success = response.body.success;
      if (success === true) return next();
      const errors = createErrors();
      return res.status(403).json(errors);
    });
  };
};

function createErrors() {
  let errors = [
    { param: 'g-recaptcha-response', msg: 'bot-access-forbidden', value: null },
  ];
  return errors;
}

## example.html
...
<!-- reCAPTCHA -->
<div class="row mb-3">
  <script src='https://www.google.com/recaptcha/api.js'></script>
  <div class="g-recaptcha mx-auto" data-sitekey="<YOUR_SITE_KEY_HERE>"></div>
</div>
<!-- SNS Sign-in buttons -->
<span data-url="/auth/twitter" class="btn btn-lg btn-block btn-social btn-twitter">
  <span class="fa fa-twitter"></span> Twitter Sign-in
</span>
<span data-url="/auth/facebook" class="btn btn-lg btn-block btn-social btn-facebook">
  <span class="fa fa-facebook"></span> FB Sign-in
</span>
<span data-url="/auth/google" class="btn btn-lg btn-block btn-social btn-google">
  <span class="fa fa-google"></span> Google Sign-in
</span>

...

<script type="text/javascript">
;(function($){
  $(".btn-social").on("click",function(){
    const $self = $(this);
    const url = $self.data("url");
    const recaptchaResponse = document.querySelector("#g-recaptcha-response").value;
    //console.log("g-recaptcha-response", recaptchaResponse);
    window.location.href = url + "?g-recaptcha-response=" + recaptchaResponse;
  });
})(jQuery);
</script>
...
	/**
	* reCAPTCHA checking middleware
	*
	* Usage:
	* ```
	* var checkReCAPTCHA = require("../middleware/CheckReCAPTCHA.js").checkReCAPTCHA;
	* router.post('/hoge',
	* checkReCAPTCHA(),
	* function(req, res, next) {
	* //
	* });
	* ```
	*/
	const MODULENAME = "CheckReCAPTCHA";
	var request = require('request');

	/**
	* Returns the middleware for reCAPTCHA checking
	* Assuming that `g-recaptcha-response` in querystring (contained in `req.query`) is passed by previous middleware.
	*/
	exports.checkReCAPTCHA = function() {
	return function(req, res, next) {
	const fnname = "check";
	const url = "https://www.google.com/recaptcha/api/siteverify";
	const method = "POST";
	/*
	* POST Parameter to the reCAPTCHA API of Google:
	* secret - Required. The shared key between your site and reCAPTCHA.
	* response - Required. The user response token provided by reCAPTCHA, verifying the user on your site.
	* remoteip - Optional. The user's IP address.
	*/
	const form = {
	secret: config.recaptcha.secretKey, // secret key provided by Google
	response: req.query["g-recaptcha-response"], // generated data by reCAPTCHA lib on client-side
	};
	request({ url, method, form, json: true, }, (err, response) => {
	const success = response.body.success;
	if (success === true) return next();
	const errors = createErrors();
	return res.status(403).json(errors);
	});
	};
	};

	function createErrors() {
	let errors = [
	{ param: 'g-recaptcha-response', msg: 'bot-access-forbidden', value: null },
	];
	return errors;
	}
	...
	<!-- reCAPTCHA -->
	<div class="row mb-3">
	<script src='https://www.google.com/recaptcha/api.js'></script>
	<div class="g-recaptcha mx-auto" data-sitekey="<YOUR_SITE_KEY_HERE>"></div>
	</div>
	<!-- SNS Sign-in buttons -->
	<span data-url="/auth/twitter" class="btn btn-lg btn-block btn-social btn-twitter">
	<span class="fa fa-twitter"></span> Twitter Sign-in
	</span>
	<span data-url="/auth/facebook" class="btn btn-lg btn-block btn-social btn-facebook">
	<span class="fa fa-facebook"></span> FB Sign-in
	</span>
	<span data-url="/auth/google" class="btn btn-lg btn-block btn-social btn-google">
	<span class="fa fa-google"></span> Google Sign-in
	</span>

	...

	<script type="text/javascript">
	;(function($){
	$(".btn-social").on("click",function(){
	const $self = $(this);
	const url = $self.data("url");
	const recaptchaResponse = document.querySelector("#g-recaptcha-response").value;
	//console.log("g-recaptcha-response", recaptchaResponse);
	window.location.href = url + "?g-recaptcha-response=" + recaptchaResponse;
	});
	})(jQuery);
	</script>
	...