Disable login captcha if backend has no captcha secret (#5288)

* Add /_internal/globals route * Don't show login captcha if backend claims it's disabled * try to re-add tombi * typos * Assume captcha enabled if globals route is unreachable * Prepare frontend fixes
2026-02-04 18:08:14 +00:00
parent 323090966b
commit 3f5e3b1d8b
7 changed files with 94 additions and 16 deletions
--- a/apps/labrinth/src/routes/internal/globals.rs
+++ b/apps/labrinth/src/routes/internal/globals.rs
@@ -0,0 +1,39 @@
+use std::{collections::HashMap, sync::LazyLock};
+
+use actix_web::{get, web};
+use serde::{Deserialize, Serialize};
+
+pub fn config(cfg: &mut utoipa_actix_web::service_config::ServiceConfig) {
+    cfg.service(get_globals);
+}
+
+/// See [`get`].
+#[derive(Debug, Clone, Serialize, Deserialize, utoipa::ToSchema)]
+pub struct Globals {
+    /// Map of years to how much a creator can withdraw in that year, in USD,
+    /// before they must fill in a tax compliance form.
+    ///
+    /// If the current year is not contained in this map:
+    /// - if the year is before the first year in the map, the threshold is the first year's.
+    /// - if the year is after the last year in the map, the threshold is the last year's threshold.
+    pub tax_compliance_thresholds: HashMap<u16, u64>,
+    /// If this backend instance has a Captcha enabled for password login.
+    ///
+    /// In production, this will always be true. On local testing builds, this
+    /// will always be false.
+    pub captcha_enabled: bool,
+}
+
+static GLOBALS: LazyLock<Globals> = LazyLock::new(|| Globals {
+    tax_compliance_thresholds: [(2025, 600), (2026, 2000)]
+        .into_iter()
+        .collect(),
+    captcha_enabled: dotenvy::var("HCAPTCHA_SECRET").is_ok_and(|x| x != "none"),
+});
+
+/// Gets configured global non-secret variables for this backend instance.
+#[utoipa::path]
+#[get("")]
+pub async fn get_globals() -> web::Json<Globals> {
+    web::Json(GLOBALS.clone())
+}
--- a/apps/labrinth/src/routes/internal/mod.rs
+++ b/apps/labrinth/src/routes/internal/mod.rs
@@ -5,6 +5,7 @@ pub mod delphi;
 pub mod external_notifications;
 pub mod flows;
 pub mod gdpr;
+pub mod globals;
 pub mod gotenberg;
 pub mod medal;
 pub mod moderation;
@@ -55,5 +56,10 @@ pub fn utoipa_config(
        utoipa_actix_web::scope("/_internal/search-management")
            .wrap(default_cors())
            .configure(search::config),
+    )
+    .service(
+        utoipa_actix_web::scope("/_internal/globals")
+            .wrap(default_cors())
+            .configure(globals::config),
    );
 }