Implemented potato captcha in feedback validation

2014-04-10 01:01:28 +08:00 · 2014-04-10 01:01:28 +08:00 · b1a5cda76d
--- a/views/feedback.js
+++ b/views/feedback.js
@ -4,6 +4,26 @@ var db = require('../db');
 var fblib = require('../lib/feedback');
 var userlib = require('../lib/user');

+function validatePotatoCaptcha(fbData, potatoCaptchaKeys) {
+    var potatoCaptchaKeysExists = true;
+    potatoCaptchaKeys.forEach(function(key) {
+        if (!(key in fbData) || !fbData[key] || (_.isEmpty(fbData[key]) && key !== 'tuber')) {
+            potatoCaptchaKeysExists = false;
+        }
+    });
+
+    // tuber's value should always be blank, and sprout's value should always be potato (set by HTML)
+    if (fbData['tuber'] || fbData['sprout'] !== 'potato') {
+         potatoCaptchaKeysExists = false;
+    }
+
+    if (!potatoCaptchaKeysExists) {
+        return null;
+    }
+
+    // We only allow the publicly accessible fields to be POST/PUT.
+    return fblib.publicFeedbackObj(fbData);
+}

 module.exports = function(server) {
    // Sample usage:
@ -17,13 +37,21 @@ module.exports = function(server) {
            summary: 'Submit feedback for a site page'
        },
        validation: {
-            // TODO: use potato-captcha to verify real feedback
            feedback: { isRequired: true },
            page_url: { isRequired: true }
        }
    }, db.redisView(function(client, done, req, res, wrap) {
        // We only allow the publicly accessible fields to be POST/PUT.
-        var fbData = fblib.publicFeedbackObj(req.params);
+
+        var fbData = req.params;
+        var potatoCaptchaKeys = ['sprout', 'tuber'];
+        fbData = validatePotatoCaptcha(fbData, potatoCaptchaKeys);
+        if (!fbData) {
+            res.json(400, {error: 'bad_feedback_data'});
+            return done();
+        } else {
+            fbData = fblib.publicFeedbackObj(fbData);
+        }

        // TODO: wrap
        var email = req._email;