risk-intelligence-tutorial-node-express/app.js at main · FriendlyCaptcha/risk-intelligence-tutorial-node-express · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import express from "express";
import session from "express-session";
import { FriendlyCaptchaClient } from "@friendlycaptcha/server-sdk";
import * as store from "./store.js";

const app = express();
const port = process.env.PORT || 3000;

const frcClient = new FriendlyCaptchaClient({
  apiKey: process.env.FRC_APIKEY,
  sitekey: process.env.FRC_SITEKEY,
});

app.set("views", "./views");
app.set("view engine", "pug");

app.use(
  session({
    secret: process.env.SESSIONS_SECRET || "don't do this in production",
    resave: false,
    saveUninitialized: true,
  }),
);

app.get("/", (req, res) => {
  if (!req.session.username) return res.redirect("/login");

  const user = store.getUser(req.session.username);
  return res.render("index", {
    title: "Welcome",
    username: user.name,
    count: user.loginCount,
  });
});

app.get("/login", (req, res) => {
  if (req.session.username) return res.redirect("/");

  res.render("login", { title: "Log In" });
});

app.post(
  "/login",
  express.urlencoded({ extended: false }),
  async (req, res) => {
    const user = store.authenticate(req.body.username);
    const browser = await getBrowser(req.body["frc-risk-intelligence-token"]);

    let nextRoute;
    if (store.shouldConfirm(user.name, browser)) {
      // Here you might generate a confirmation code and email it to the user's account,
      // but we're going to skip it as part of this tutorial for the sake of simplicity.
      nextRoute = "/confirm";
      // Store the browser in the session so we can use it in the POST /confirm route.
      req.session.browser = browser;
    } else {
      nextRoute = "/";
      store.recordLogin(user.name, browser);
    }

    req.session.username = user.name;
    req.session.save(() => res.redirect(nextRoute));
  },
);

app.get("/confirm", (req, res) => {
  if (!req.session.username) return res.redirect("/login");

  res.render("confirm", {
    title: "Confirm Login",
    username: req.session.username,
  });
});

app.post("/confirm", express.urlencoded({ extended: false }), (req, res) => {
  // The confirmation code is available in req.body.confirmation.
  // You would compare it to the one you generated in the POST /login handler.
  store.recordLogin(req.session.username, req.session.browser);
  res.redirect("/");
});

app.post("/logout", function (req, res) {
  req.session.username = null;
  req.session.save(() => res.redirect("/login"));
});

async function getBrowser(token) {
  if (!token) {
    return console.warn(
      "Empty token, skipping Risk Intelligence data retrieval.",
    );
  }

  const result = await frcClient.retrieveRiskIntelligence(token);

  // Check if we were able to retrieve the risk intelligence data
  if (result.wasAbleToRetrieve()) {
    // Check if the token is valid and data was retrieved successfully
    if (result.isValid()) {
      const response = result.getResponse();
      const { browser } = response.data.risk_intelligence.client;
      return `${browser.name}, version ${browser.version}`;
    } else {
      // Token was invalid or expired
      const error = result.getResponseError();
      console.log("Error:", error?.error_code, error?.detail);
    }
  } else {
    // Network issue or configuration problem
    if (result.isClientError()) {
      console.log("Configuration error - check your API key");
    } else {
      console.log("Network issue or service temporarily unavailable");
    }
  }
}

app.listen(port, () => {
  console.log(`Server listening on port ${port}`);
});