feat: add CF Turnstile when new address (#200)

2026-05-06 20:32:55 +08:00 · 2024-05-04 23:14:23 +08:00
parent 26969bebb8
commit f63c4ebd9c
14 changed files with 154 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
 - 修复 Admin 删除邮件报错
 - UI: 回复邮件按钮, 引用原始邮件文本
 - 添加发送邮件地址黑名单
+- 添加 `CF Turnstile` 人机验证配置

 ## v0.3.2

--- a/frontend/index.html
+++ b/frontend/index.html
@@ -14,6 +14,7 @@
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <link rel="icon" href="/logo.png" sizes="any">
  <link rel="apple-touch-icon" href="/logo.png">
+  <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script>
 </head>

 <body>
--- a/frontend/src/api/index.js
+++ b/frontend/src/api/index.js
@@ -63,6 +63,7 @@ const getOpenSettings = async (message) => {
            enableUserDeleteEmail: res["enableUserDeleteEmail"] || false,
            enableAutoReply: res["enableAutoReply"] || false,
            copyright: res["copyright"] || openSettings.value.copyright,
+            cfTurnstileSiteKey: res["cfTurnstileSiteKey"] || "",
        });
        if (openSettings.value.needAuth) {
            showAuth.value = true;
--- a/frontend/src/components/Turnstile.vue
+++ b/frontend/src/components/Turnstile.vue
@@ -0,0 +1,88 @@
+<script setup>
+import { ref, watch, defineModel, onMounted } from "vue";
+import { useI18n } from 'vue-i18n'
+import { useGlobalState } from '../store'
+const { localeCache, openSettings, isDark } = useGlobalState()
+
+const cfToken = defineModel('value')
+
+const { t } = useI18n({
+    locale: localeCache.value || 'zh',
+    messages: {
+        en: {
+            refresh: 'Refresh'
+        },
+        zh: {
+            refresh: '刷新'
+        }
+    }
+});
+
+const cfTurnstileId = ref("")
+const turnstileLoading = ref(false)
+
+const checkCfTurnstile = async (remove) => {
+    if (!openSettings.value.cfTurnstileSiteKey) return;
+    turnstileLoading.value = true;
+    try {
+        let container = document.getElementById("cf-turnstile");
+        let count = 100;
+        while (!container && count-- > 0) {
+            container = document.getElementById("cf-turnstile");
+            await new Promise(r => setTimeout(r, 10));
+        }
+        count = 100;
+        while (!window.turnstile && count-- > 0) {
+            await new Promise(r => setTimeout(r, 10));
+        }
+        if (remove && cfTurnstileId.value) {
+            window.turnstile.remove(cfTurnstileId.value);
+        }
+        cfTurnstileId.value = window.turnstile.render(
+            "#cf-turnstile",
+            {
+                sitekey: openSettings.value.cfTurnstileSiteKey,
+                language: localeCache.value == 'zh' ? 'zh-CN' : 'en-US',
+                theme: isDark.value ? 'dark' : 'light',
+                callback: function (token) {
+                    cfToken.value = token;
+                },
+            }
+        );
+    } finally {
+        turnstileLoading.value = false;
+    }
+}
+
+watch(isDark, async (isDark) => {
+    checkCfTurnstile(true)
+}, { immediate: true })
+
+onMounted(() => {
+    cfToken.value = "";
+    checkCfTurnstile(true);
+})
+</script>
+
+<template>
+    <div v-if="openSettings.cfTurnstileSiteKey" class="center">
+        <n-spin description="loading..." :show="turnstileLoading">
+            <n-form-item-row>
+                <div id="cf-turnstile"></div>
+                <n-button text @click="checkCfTurnstile(true)">
+                    {{ t('refresh') }}
+                </n-button>
+            </n-form-item-row>
+        </n-spin>
+    </div>
+</template>
+
+<style scoped>
+.center {
+    display: flex;
+}
+
+.n-button {
+    margin-left: 10px;
+}
+</style>
--- a/frontend/src/store/index.js
+++ b/frontend/src/store/index.js
@@ -1,6 +1,5 @@
 import { ref } from "vue";
-import { createGlobalState, useStorage } from '@vueuse/core'
-import { useDark, useToggle } from '@vueuse/core'
+import { createGlobalState, useStorage, useDark, useToggle } from '@vueuse/core'

 export const useGlobalState = createGlobalState(
    () => {
@@ -16,6 +15,7 @@ export const useGlobalState = createGlobalState(
            enableAutoReply: false,
            domains: [],
            copyright: 'Dream Hunter',
+            cfTurnstileSiteKey: '',
        })
        const settings = ref({
            fetched: false,
--- a/frontend/src/views/Login.vue
+++ b/frontend/src/views/Login.vue
@@ -1,11 +1,14 @@
 <script setup>
 import { ref, onMounted } from 'vue'
 import { useI18n } from 'vue-i18n'
+import { useRouter } from 'vue-router'
 import AdminContact from './admin/AdminContact.vue'
+import Turnstile from '../components/Turnstile.vue'

 import { useGlobalState } from '../store'
 import { api } from '../api'
 const message = useMessage()
+const router = useRouter()

 const {
    jwt, localeCache, loading, openSettings, showPassword
@@ -15,6 +18,7 @@ const tabValue = ref('signin')
 const password = ref('')
 const emailName = ref("")
 const emailDomain = ref("")
+const cfToken = ref("")

 const login = async () => {
    if (!password.value) {
@@ -81,11 +85,14 @@ const generateName = async () => {

 const newEmail = async () => {
    try {
-        const res = await api.fetch(
-            `/api/new_address`
-            + `?name=${emailName.value || ''}`
-            + `&domain=${emailDomain.value || ''}`
-        );
+        const res = await api.fetch(`/api/new_address`, {
+            method: "POST",
+            body: JSON.stringify({
+                name: emailName.value,
+                domain: emailDomain.value,
+                cf_token: cfToken.value,
+            }),
+        });
        jwt.value = res["jwt"];
        await api.getSettings();
        showPassword.value = true;
@@ -95,7 +102,7 @@ const newEmail = async () => {
 };

 onMounted(async () => {
-    emailDomain.value = openSettings.value.domains ? openSettings.value.domains[0].value : "";
+    emailDomain.value = openSettings.value.domains ? openSettings.value.domains[0]?.value : "";
 });
 </script>

@@ -136,6 +143,7 @@ onMounted(async () => {
                            <n-select v-model:value="emailDomain" :consistent-menu-width="false"
                                :options="openSettings.domains" />
                        </n-input-group>
+                        <Turnstile v-model:value="cfToken" />
                        <n-button type="primary" block secondary strong @click="newEmail" :loading="loading">
                            {{ t('ok') }}
                        </n-button>
--- a/frontend/src/views/admin/AccountSettings.vue
+++ b/frontend/src/views/admin/AccountSettings.vue
@@ -21,7 +21,7 @@ const { t } = useI18n({
        zh: {
            save: '保存',
            successTip: '保存成功',
-            address_block_list: '用户地址屏蔽关键词(管理员可跳过检查)',
+            address_block_list: '邮件地址屏蔽关键词(管理员可跳过检查)',
            address_block_list_placeholder: '请输入您想要屏蔽的关键词',
            send_address_block_list: '发送邮件地址屏蔽关键词',
        }
--- a/frontend/src/views/admin/Maintenance.vue
+++ b/frontend/src/views/admin/Maintenance.vue
@@ -37,7 +37,7 @@ const { t } = useI18n({
            tip: '请输入清理天数',
            mailBoxLabel: '收件箱清理天数',
            mailUnknowLabel: "无收件人邮件清理天数",
-            addressUnActiveLabel: "未激活地址清理天数",
+            addressUnActiveLabel: "未活跃地址清理天数",
            sendBoxLabel: "发件箱清理天数",
            autoCleanup: "自动清理",
            cleanupSuccess: "清理成功",
--- a/frontend/src/views/admin/Statistics.vue
+++ b/frontend/src/views/admin/Statistics.vue
@@ -14,14 +14,14 @@ const { t } = useI18n({
    locale: localeCache.value || 'zh',
    messages: {
        en: {
-            userCount: 'User Count',
-            activeUser: '7 days Active User',
+            userCount: 'Account Count',
+            activeUser: '7 days Active Mail Account',
            mailCount: 'Mail Count',
            sendMailCount: 'Send Mail Count'
        },
        zh: {
-            userCount: '用户总数',
-            activeUser: '周活跃用户',
+            userCount: '地址总数',
+            activeUser: '周活跃邮箱地址',
            mailCount: '邮件总数',
            sendMailCount: '发送邮件总数'
        }
--- a/vitepress-docs/docs/en/cli.md
+++ b/vitepress-docs/docs/en/cli.md
@@ -87,6 +87,9 @@ ENABLE_AUTO_REPLY = false
 # COPYRIGHT = "Dream Hunter"
 # default send balance, if not set, it will be 0
 # DEFAULT_SEND_BALANCE = 1
+# Turnstile verification configuration
+# CF_TURNSTILE_SITE_KEY = ""
+# CF_TURNSTILE_SECRET_KEY = ""
 # dkim config
 # DKIM_SELECTOR = "mailchannels" # Refer to the DKIM section mailchannels._domainkey for mailchannels
 # DKIM_PRIVATE_KEY = "" # Refer to the contents of priv_key.txt in the DKIM section
--- a/vitepress-docs/docs/zh/guide/cli/worker.md
+++ b/vitepress-docs/docs/zh/guide/cli/worker.md
@@ -45,6 +45,9 @@ ENABLE_AUTO_REPLY = false
 # COPYRIGHT = "Dream Hunter"
 # 默认发送邮件余额，如果不设置，将为 0
 # DEFAULT_SEND_BALANCE = 1
+# Turnstile 人机验证配置
+# CF_TURNSTILE_SITE_KEY = ""
+# CF_TURNSTILE_SECRET_KEY = ""
 # dkim config
 # DKIM_SELECTOR = "mailchannels" # 参考 DKIM 部分 mailchannels._domainkey 的 mailchannels
 # DKIM_PRIVATE_KEY = "" # 参考 DKIM 部分 priv_key.txt 的内容
--- a/worker/src/router.js
+++ b/worker/src/router.js
@@ -1,7 +1,8 @@
 import { Hono } from 'hono'

 import {
-    getDomains, getPasswords, getBooleanValue, getJsonSetting
+    getDomains, getPasswords, getBooleanValue, getJsonSetting,
+    checkCfTurnstile
 } from './utils';
 import { newAddress } from './common'
 import { CONSTANTS } from './constants'
@@ -116,14 +117,21 @@ api.get('/open_api/settings', async (c) => {
        "enableUserDeleteEmail": getBooleanValue(c.env.ENABLE_USER_DELETE_EMAIL),
        "enableAutoReply": getBooleanValue(c.env.ENABLE_AUTO_REPLY),
        "copyright": c.env.COPYRIGHT,
+        "cfTurnstileSiteKey": c.env.CF_TURNSTILE_SITE_KEY,
    });
 })

-api.get('/api/new_address', async (c) => {
+api.post('/api/new_address', async (c) => {
    if (!getBooleanValue(c.env.ENABLE_USER_CREATE_EMAIL)) {
        return c.text("New address is disabled", 403)
    }
-    let { name, domain } = c.req.query();
+    let { name, domain, cf_token } = await c.req.json();
+    // check cf turnstile
+    try {
+        await checkCfTurnstile(c, cf_token);
+    } catch (error) {
+        return c.text("Failed to check cf turnstile", 500)
+    }
    // if no name, generate random name
    if (!name) {
        name = Math.random().toString(36).substring(2, 15);
--- a/worker/src/utils.js
+++ b/worker/src/utils.js
@@ -129,3 +129,24 @@ export const sendAdminInternalMail = async (c, toMail, subject, text) => {
        return false;
    }
 };
+
+export const checkCfTurnstile = async (c, token) => {
+    if (!c.env.CF_TURNSTILE_SITE_KEY) {
+        return;
+    }
+    const reqIp = c.req.raw.headers.get("cf-connecting-ip")
+    let formData = new FormData();
+    formData.append('secret', c.env.CF_TURNSTILE_SECRET_KEY);
+    formData.append('response', token);
+    formData.append('remoteip', reqIp);
+    const url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
+    const result = await fetch(url, {
+        body: formData,
+        method: 'POST',
+    });
+    const captchaRes = await result.json();
+    if (!captchaRes.success) {
+        console.log("Captcha failed", captchaRes);
+        throw new Error("Captcha failed");
+    }
+}
--- a/worker/wrangler.toml.template
+++ b/worker/wrangler.toml.template
@@ -32,6 +32,9 @@ ENABLE_AUTO_REPLY = false
 # COPYRIGHT = "Dream Hunter"
 # default send balance, if not set, it will be 0
 # DEFAULT_SEND_BALANCE = 1
+# Turnstile verification
+# CF_TURNSTILE_SITE_KEY = ""
+# CF_TURNSTILE_SECRET_KEY = ""
 # dkim config
 # DKIM_SELECTOR = ""
 # DKIM_PRIVATE_KEY = ""