Spaces:
Paused
Paused
add recaptcha
Browse files
app.py
CHANGED
|
@@ -18,6 +18,8 @@ dotenv.load_dotenv()
|
|
| 18 |
openai_api_key = os.getenv("OPENAI_API_KEY")
|
| 19 |
discord_webhook_url_public = os.getenv("DISCORD_WEBHOOK_URL_PUBLIC")
|
| 20 |
discord_webhook_url_easy = os.getenv("DISCORD_WEBHOOK_URL_EASY")
|
|
|
|
|
|
|
| 21 |
|
| 22 |
secret_key = os.getenv("CTF_SECRET_KEY", "ctf_secret_key")
|
| 23 |
hard_challenge_secret = os.getenv("HARD_CHALLENGE_SECRET", "hard_challenge_secret")
|
|
@@ -228,11 +230,27 @@ def summary_ch_easy(webhook_url, disable_discord, username, state):
|
|
| 228 |
return result
|
| 229 |
|
| 230 |
|
| 231 |
-
def summary_ch_hard(webhook_url, disable_discord, username, state):
|
| 232 |
if len(username) > 50:
|
| 233 |
-
|
|
|
|
| 234 |
if len(state.iloc[-1].iloc[-1]) > 1024:
|
| 235 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 236 |
result = summary(webhook_url, disable_discord, Env.CHALLENGE_HARD, username, state)
|
| 237 |
gr.Info("Feedback submitted successfully!")
|
| 238 |
return result
|
|
@@ -246,6 +264,11 @@ js_code = """
|
|
| 246 |
globalThis.getStorage = (key, value)=>{
|
| 247 |
return localStorage.getItem(key) || ''
|
| 248 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 249 |
const discord_webhook = getStorage('discord_webhook')
|
| 250 |
return [discord_webhook];
|
| 251 |
})
|
|
@@ -258,6 +281,10 @@ css = """
|
|
| 258 |
}
|
| 259 |
"""
|
| 260 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 261 |
with gr.Blocks(
|
| 262 |
title="Security Challenge Summer 2024 - invariantlabs.ai",
|
| 263 |
theme=gr.themes.Soft(font="NeueMontreal"),
|
|
@@ -359,6 +386,12 @@ with gr.Blocks(
|
|
| 359 |
info="Use your Discord username. Will be used to validate solutions.",
|
| 360 |
)
|
| 361 |
feedback_ch_hard = gr.Textbox(label="Feedback")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 362 |
|
| 363 |
generate_summary_ch_hard = gr.Button("Submit")
|
| 364 |
|
|
@@ -419,7 +452,13 @@ with gr.Blocks(
|
|
| 419 |
)
|
| 420 |
generate_summary_ch_hard.click(
|
| 421 |
summary_ch_hard,
|
| 422 |
-
inputs=[
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 423 |
outputs=None,
|
| 424 |
)
|
| 425 |
|
|
|
|
| 18 |
openai_api_key = os.getenv("OPENAI_API_KEY")
|
| 19 |
discord_webhook_url_public = os.getenv("DISCORD_WEBHOOK_URL_PUBLIC")
|
| 20 |
discord_webhook_url_easy = os.getenv("DISCORD_WEBHOOK_URL_EASY")
|
| 21 |
+
captcha_site_key = os.getenv("CAPTCHA_SITE_KEY", "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI")
|
| 22 |
+
captcha_secret_key = os.getenv("CAPTCHA_SECRET_KEY", "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe")
|
| 23 |
|
| 24 |
secret_key = os.getenv("CTF_SECRET_KEY", "ctf_secret_key")
|
| 25 |
hard_challenge_secret = os.getenv("HARD_CHALLENGE_SECRET", "hard_challenge_secret")
|
|
|
|
| 230 |
return result
|
| 231 |
|
| 232 |
|
| 233 |
+
def summary_ch_hard(g_recaptcha_response, webhook_url, disable_discord, username, state):
|
| 234 |
if len(username) > 50:
|
| 235 |
+
gr.Warning("Username too long (max 50 characters)")
|
| 236 |
+
return
|
| 237 |
if len(state.iloc[-1].iloc[-1]) > 1024:
|
| 238 |
+
gr.Warning("Feedback too long (max 1024 characters)")
|
| 239 |
+
return
|
| 240 |
+
if not g_recaptcha_response:
|
| 241 |
+
gr.Warning("Please complete the reCAPTCHA challenge")
|
| 242 |
+
return
|
| 243 |
+
try:
|
| 244 |
+
r = requests.post(
|
| 245 |
+
"https://www.google.com/recaptcha/api/siteverify",
|
| 246 |
+
data={"secret": captcha_secret_key, "response": g_recaptcha_response},
|
| 247 |
+
)
|
| 248 |
+
r.raise_for_status()
|
| 249 |
+
if not r.json().get("success"):
|
| 250 |
+
raise Exception("reCAPTCHA challenge failed")
|
| 251 |
+
except Exception as e:
|
| 252 |
+
gr.Warning(f"Error: {e}")
|
| 253 |
+
return
|
| 254 |
result = summary(webhook_url, disable_discord, Env.CHALLENGE_HARD, username, state)
|
| 255 |
gr.Info("Feedback submitted successfully!")
|
| 256 |
return result
|
|
|
|
| 264 |
globalThis.getStorage = (key, value)=>{
|
| 265 |
return localStorage.getItem(key) || ''
|
| 266 |
}
|
| 267 |
+
let captcha = document.createElement('script');
|
| 268 |
+
captcha.src = 'https://www.google.com/recaptcha/api.js';
|
| 269 |
+
captcha.async = true;
|
| 270 |
+
captcha.defer = true;
|
| 271 |
+
document.head.appendChild(captcha);
|
| 272 |
const discord_webhook = getStorage('discord_webhook')
|
| 273 |
return [discord_webhook];
|
| 274 |
})
|
|
|
|
| 281 |
}
|
| 282 |
"""
|
| 283 |
|
| 284 |
+
recaptcha_html = (
|
| 285 |
+
f"""<div class="g-recaptcha" data-sitekey="{captcha_site_key}"></div>"""
|
| 286 |
+
)
|
| 287 |
+
|
| 288 |
with gr.Blocks(
|
| 289 |
title="Security Challenge Summer 2024 - invariantlabs.ai",
|
| 290 |
theme=gr.themes.Soft(font="NeueMontreal"),
|
|
|
|
| 386 |
info="Use your Discord username. Will be used to validate solutions.",
|
| 387 |
)
|
| 388 |
feedback_ch_hard = gr.Textbox(label="Feedback")
|
| 389 |
+
g_recaptcha_response = gr.Textbox(
|
| 390 |
+
label="reCAPTCHA Response",
|
| 391 |
+
visible=False,
|
| 392 |
+
elem_id="g_recaptcha_response",
|
| 393 |
+
)
|
| 394 |
+
gr.HTML(recaptcha_html)
|
| 395 |
|
| 396 |
generate_summary_ch_hard = gr.Button("Submit")
|
| 397 |
|
|
|
|
| 452 |
)
|
| 453 |
generate_summary_ch_hard.click(
|
| 454 |
summary_ch_hard,
|
| 455 |
+
inputs=[
|
| 456 |
+
g_recaptcha_response,
|
| 457 |
+
discord_webhook,
|
| 458 |
+
disable_discord,
|
| 459 |
+
discord_username_ch_hard,
|
| 460 |
+
hard_state,
|
| 461 |
+
],
|
| 462 |
outputs=None,
|
| 463 |
)
|
| 464 |
|