feat(server): make captcha modular (#5961)

packages/backend/server/src/core/auth/controller.ts

@@ -1,5 +1,3 @@
-import { randomUUID } from 'node:crypto';
-
 import {
   Body,
   Controller,
@@ -23,6 +21,7 @@ import {
   SignUpForbidden,
   Throttle,
   URLHelper,
+  UseNamedGuard,
 } from '../../fundamentals';
 import { UserService } from '../user';
 import { validators } from '../utils/validators';
@@ -86,6 +85,7 @@ export class AuthController {
   }
 
   @Public()
+  @UseNamedGuard('captcha')
   @Post('/sign-in')
   @Header('content-type', 'application/json')
   async signIn(
@@ -237,14 +237,4 @@ export class AuthController {
       users: await this.auth.getUserList(token),
     };
   }
-
-  @Public()
-  @Get('/challenge')
-  async challenge() {
-    // TODO(@darksky): impl in following PR
-    return {
-      challenge: randomUUID(),
-      resource: randomUUID(),
-    };
-  }
 }

packages/backend/server/src/core/auth/index.ts

@@ -20,7 +20,7 @@ import { TokenService, TokenType } from './token';
     AuthGuard,
     AuthWebsocketOptionsProvider,
   ],
-  exports: [AuthService, AuthGuard, AuthWebsocketOptionsProvider],
+  exports: [AuthService, AuthGuard, AuthWebsocketOptionsProvider, TokenService],
   controllers: [AuthController],
 })
 export class AuthModule {}

packages/backend/server/src/core/auth/token.ts

@@ -69,13 +69,9 @@ export class TokenService {
     const valid =
       !expired && (!record.credential || record.credential === credential);
 
-    if ((expired || valid) && !keep) {
-      const deleted = await this.db.verificationToken.deleteMany({
-        where: {
-          token,
-          type,
-        },
-      });
+    // always revoke expired token
+    if (expired || (valid && !keep)) {
+      const deleted = await this.revokeToken(type, token);
 
       // already deleted, means token has been used
       if (!deleted.count) {
@@ -86,6 +82,15 @@ export class TokenService {
     return valid ? record : null;
   }
 
+  async revokeToken(type: TokenType, token: string) {
+    return await this.db.verificationToken.deleteMany({
+      where: {
+        token,
+        type,
+      },
+    });
+  }
+
   @Cron(CronExpression.EVERY_DAY_AT_MIDNIGHT)
   async cleanExpiredTokens() {
     await this.db.verificationToken.deleteMany({

packages/backend/server/src/core/config/types.ts

@@ -3,6 +3,7 @@ import { Field, ObjectType, registerEnumType } from '@nestjs/graphql';
 import { DeploymentType } from '../../fundamentals';
 
 export enum ServerFeature {
+  Captcha = 'captcha',
   Copilot = 'copilot',
   Payment = 'payment',
   OAuth = 'oauth',