Disable login captcha if backend has no captcha secret (#5288)

* Add /_internal/globals route * Don't show login captcha if backend claims it's disabled * try to re-add tombi * typos * Assume captcha enabled if globals route is unreachable * Prepare frontend fixes
2026-02-04 18:08:14 +00:00
parent 323090966b
commit 3f5e3b1d8b
7 changed files with 94 additions and 16 deletions
--- a/.github/workflows/check-generic.yml
+++ b/.github/workflows/check-generic.yml
@@ -13,13 +13,15 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: crate-ci/typos@master
+      - uses: crate-ci/typos@v1.43.1

-  # broken: <https://github.com/SchemaStore/schemastore/issues/5108>
-  # tombi:
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@v4
-  #     - uses: tombi-toml/setup-tombi@v1
-  #     - run: tombi lint
-  #     - run: tombi fmt --check
+  # see <https://github.com/influxdata/datafusion-udf-wasm/pull/275>
+  tombi:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: tombi
+      - run: tombi lint
+      - run: tombi fmt --check
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -60,7 +60,7 @@ const_format = "0.2.34"
 daedalus = { path = "packages/daedalus" }
 dashmap = "6.1.0"
 data-url = "0.3.2"
-deadpool-redis = { version = "0.22.1", git = "https://github.com/modrinth/deadpool", rev = "db5fb00b036ecc8fe5f18853c559b745ffe47bde" }
+deadpool-redis = { git = "https://github.com/modrinth/deadpool", rev = "db5fb00b036ecc8fe5f18853c559b745ffe47bde", version = "0.22.1" }
 derive_more = "2.0.1"
 directories = "6.0.0"
 dirs = "6.0.0"
--- a/apps/frontend/src/pages/auth/reset-password.vue
+++ b/apps/frontend/src/pages/auth/reset-password.vue
@@ -22,9 +22,13 @@
 					/>
 				</div>

-				<HCaptcha ref="captcha" v-model="token" />
+				<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />

-				<button class="btn btn-primary centered-btn" :disabled="!token" @click="recovery">
+				<button
+					class="btn btn-primary centered-btn"
+					:disabled="globals?.captcha_enabled ? !token : false"
+					@click="recovery"
+				>
 					<SendIcon /> {{ formatMessage(methodChoiceMessages.action) }}
 				</button>
 			</template>
@@ -158,6 +162,15 @@ if (route.query.flow) {

 const captcha = ref()

+const { data: globals } = await useAsyncData('auth-globals', async () => {
+	try {
+		return await useBaseFetch('globals', { internal: true })
+	} catch (err) {
+		console.error('Error fetching globals:', err)
+		return { captcha_enabled: true }
+	}
+})
+
 const email = ref('')
 const token = ref('')

--- a/apps/frontend/src/pages/auth/sign-in.vue
+++ b/apps/frontend/src/pages/auth/sign-in.vue
@@ -89,11 +89,11 @@
 					/>
 				</div>

-				<HCaptcha ref="captcha" v-model="token" />
+				<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />

 				<button
 					class="btn btn-primary continue-btn centered-btn"
-					:disabled="!token"
+					:disabled="globals?.captcha_enabled ? !token : false"
 					@click="beginPasswordSignIn()"
 				>
 					{{ formatMessage(commonMessages.signInButton) }} <RightArrowIcon />
@@ -210,6 +210,15 @@ if (auth.value.user) {

 const captcha = ref()

+const { data: globals } = await useAsyncData('auth-globals', async () => {
+	try {
+		return await useBaseFetch('globals', { internal: true })
+	} catch (err) {
+		console.error('Error fetching globals:', err)
+		return { captcha_enabled: true }
+	}
+})
+
 const email = ref('')
 const password = ref('')
 const token = ref('')
--- a/apps/frontend/src/pages/auth/sign-up.vue
+++ b/apps/frontend/src/pages/auth/sign-up.vue
@@ -108,11 +108,11 @@
 				</IntlFormatted>
 			</p>

-			<HCaptcha ref="captcha" v-model="token" />
+			<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />

 			<button
 				class="btn btn-primary continue-btn centered-btn"
-				:disabled="!token"
+				:disabled="globals?.captcha_enabled ? !token : false"
 				@click="createAccount"
 			>
 				{{ formatMessage(messages.createAccountButton) }} <RightArrowIcon />
@@ -209,6 +209,15 @@ if (auth.value.user) {

 const captcha = ref()

+const { data: globals } = await useAsyncData('auth-globals', async () => {
+	try {
+		return await useBaseFetch('globals', { internal: true })
+	} catch (err) {
+		console.error('Error fetching globals:', err)
+		return { captcha_enabled: true }
+	}
+})
+
 const email = ref('')
 const username = ref('')
 const password = ref('')
--- a/apps/labrinth/src/routes/internal/globals.rs
+++ b/apps/labrinth/src/routes/internal/globals.rs
@@ -0,0 +1,39 @@
+use std::{collections::HashMap, sync::LazyLock};
+
+use actix_web::{get, web};
+use serde::{Deserialize, Serialize};
+
+pub fn config(cfg: &mut utoipa_actix_web::service_config::ServiceConfig) {
+    cfg.service(get_globals);
+}
+
+/// See [`get`].
+#[derive(Debug, Clone, Serialize, Deserialize, utoipa::ToSchema)]
+pub struct Globals {
+    /// Map of years to how much a creator can withdraw in that year, in USD,
+    /// before they must fill in a tax compliance form.
+    ///
+    /// If the current year is not contained in this map:
+    /// - if the year is before the first year in the map, the threshold is the first year's.
+    /// - if the year is after the last year in the map, the threshold is the last year's threshold.
+    pub tax_compliance_thresholds: HashMap<u16, u64>,
+    /// If this backend instance has a Captcha enabled for password login.
+    ///
+    /// In production, this will always be true. On local testing builds, this
+    /// will always be false.
+    pub captcha_enabled: bool,
+}
+
+static GLOBALS: LazyLock<Globals> = LazyLock::new(|| Globals {
+    tax_compliance_thresholds: [(2025, 600), (2026, 2000)]
+        .into_iter()
+        .collect(),
+    captcha_enabled: dotenvy::var("HCAPTCHA_SECRET").is_ok_and(|x| x != "none"),
+});
+
+/// Gets configured global non-secret variables for this backend instance.
+#[utoipa::path]
+#[get("")]
+pub async fn get_globals() -> web::Json<Globals> {
+    web::Json(GLOBALS.clone())
+}
--- a/apps/labrinth/src/routes/internal/mod.rs
+++ b/apps/labrinth/src/routes/internal/mod.rs
@@ -5,6 +5,7 @@ pub mod delphi;
 pub mod external_notifications;
 pub mod flows;
 pub mod gdpr;
+pub mod globals;
 pub mod gotenberg;
 pub mod medal;
 pub mod moderation;
@@ -55,5 +56,10 @@ pub fn utoipa_config(
        utoipa_actix_web::scope("/_internal/search-management")
            .wrap(default_cors())
            .configure(search::config),
+    )
+    .service(
+        utoipa_actix_web::scope("/_internal/globals")
+            .wrap(default_cors())
+            .configure(globals::config),
    );
 }