[Feature] Add Captchas to avoid spam registrations (#358)

Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#358

epdb/views.py

@@ -3,6 +3,7 @@ import logging
 from datetime import datetime
 from typing import Any, Dict, List, Iterable
 
+import requests
 import nh3
 from django.conf import settings as s
 from django.contrib.auth import get_user_model
@@ -146,6 +147,8 @@ def handler500(request):
 
 def login(request):
     context = get_base_context(request)
+    context["CAP_API_BASE"] = s.CAP_API_BASE
+    context["CAP_SITE_KEY"] = s.CAP_SITE_KEY
 
     if request.method == "GET":
         context["title"] = "enviPath"
@@ -238,6 +241,33 @@ def register(request):
         if next := request.POST.get("next"):
             context["next"] = next
 
+        # Catpcha
+        if s.CAP_ENABLED:
+            cap_token = request.POST.get("cap-token")
+
+            if not cap_token:
+                context["message"] = "Missing CAP Token."
+                return render(request, "static/login.html", context)
+
+            verify_url = f"{s.CAP_API_BASE}/{s.CAP_SITE_KEY}/siteverify"
+            payload = {
+                "secret": s.CAP_SECRET_KEY,
+                "response": cap_token,
+            }
+
+            try:
+                resp = requests.post(verify_url, json=payload, timeout=10)
+                resp.raise_for_status()
+                verify_data = resp.json()
+            except requests.RequestException:
+                context["message"] = "Captcha verification failed."
+                return render(request, "static/login.html", context)
+
+            if not verify_data.get("success"):
+                context["message"] = "Captcha check failed. Please try again."
+                return render(request, "static/login.html", context)
+        # End Captcha
+
         username = request.POST.get("username", "").strip()
         email = request.POST.get("email", "").strip()
         password = request.POST.get("password", "").strip()