twenty/packages/twenty-server
Deepak Kumar dc576d0818
GH-3546 Recaptcha on login form (#4626)
## Description

This PR adds recaptcha on login form. One can add any one of three
recaptcha vendor -
1. Google Recaptcha -
https://developers.google.com/recaptcha/docs/v3#programmatically_invoke_the_challenge
2. HCaptcha -
https://docs.hcaptcha.com/invisible#programmatically-invoke-the-challenge
3. Turnstile -
https://developers.cloudflare.com/turnstile/get-started/client-side-rendering/#execution-modes

### Issue
- #3546 

### Environment variables - 
1. `CAPTCHA_DRIVER` - `google-recaptcha` | `hcaptcha` | `turnstile`
2. `CAPTCHA_SITE_KEY` - site key
3. `CAPTCHA_SECRET_KEY` - secret key

### Engineering choices
1. If some of the above env variable provided, then, backend generates
an error -
<img width="990" alt="image"
src="https://github.com/twentyhq/twenty/assets/60139930/9fb00fab-9261-4ff3-b23e-2c2e06f1bf89">
    Please note that login/signup form will keep working as expected.
2. I'm using a Captcha guard that intercepts the request. If
"captchaToken" is present in the body and all env is set, then, the
captcha token is verified by backend through the service.
3. One can use this guard on any resolver to protect it by the captcha.
4. On frontend, two hooks `useGenerateCaptchaToken` and
`useInsertCaptchaScript` is created. `useInsertCaptchaScript` adds the
respective captcha JS script on frontend. `useGenerateCaptchaToken`
returns a function that one can use to trigger captcha token generation
programatically. This allows one to generate token keeping recaptcha
invisible.

### Note
This PR contains some changes in unrelated files like indentation,
spacing, inverted comma etc. I ran "yarn nx fmt:fix twenty-front" and
"yarn nx lint twenty-front -- --fix".

### Screenshots

<img width="869" alt="image"
src="https://github.com/twentyhq/twenty/assets/60139930/a75f5677-9b66-47f7-9730-4ec916073f8c">

---------

Co-authored-by: Félix Malfait <felix.malfait@gmail.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
2024-04-25 23:52:28 +02:00
..
@types Compile with swc on twenty-server (#4863) 2024-04-14 09:09:51 +02:00
patches Fix workspace schema caching when user is not logged in (#5173) 2024-04-25 14:45:14 +02:00
scripts fix: fix root start script (#5032) 2024-04-19 18:28:02 +02:00
src GH-3546 Recaptcha on login form (#4626) 2024-04-25 23:52:28 +02:00
test feat: refactor folder structure (#4498) 2024-03-15 14:40:58 +01:00
.env.example GH-3546 Recaptcha on login form (#4626) 2024-04-25 23:52:28 +02:00
.env.test File token chores (#4664) 2024-03-26 13:42:09 +01:00
.eslintrc.cjs chore: extend root eslint config in twenty-server (#5101) 2024-04-22 17:34:24 +02:00
.gitignore feat: workspace:health nullable fix (#3882) 2024-02-08 18:22:29 +01:00
.prettierignore Migrate to a monorepo structure (#2909) 2023-12-10 18:10:54 +01:00
.prettierrc Migrate to a monorepo structure (#2909) 2023-12-10 18:10:54 +01:00
.swcrc Compile with swc on twenty-server (#4863) 2024-04-14 09:09:51 +02:00
jest.config.ts Refactor backend folder structure (#4505) 2024-03-15 18:37:09 +01:00
nest-cli.json Compile with swc on twenty-server (#4863) 2024-04-14 09:09:51 +02:00
package.json Cache yoga conditional schema (#5170) 2024-04-25 14:01:32 +02:00
project.json chore: extend root eslint config in twenty-server (#5101) 2024-04-22 17:34:24 +02:00
tsconfig.build.json chore: set up twenty-emails config so build isn't needed in development (#3619) 2024-01-29 06:17:12 -03:00
tsconfig.json 4586 fix workspace member feature (#4680) 2024-03-28 17:59:48 +01:00