根据我的经验,响应中缺少
我为我的前端创建了一个ReCaptcha Enterprise项目,并试图在AWS Lambda中验证评估。
ReCaptcha项目如下所示:ReCaptchaSettings
前端代码是一个react应用程序,但我只是使用文档后面的脚本。这一切似乎都奏效了。我可以解决captcha并得到答案。
const [captchaAnswer, setCaptchaAnswer] = useState<string | null>(null);
useEffect(() => {
const script = document.createElement('script');
script.src = "https://www.google.com/recaptcha/enterprise.js";
script.async = true;
script.defer = true;
document.body.appendChild(script);
return () => {
document.body.removeChild(script);
}
}, []);
window.reCaptchaCallback = function (response: string) {
setCaptchaAnswer(response);
};
const submit = () => {
//Submits the answer to my lambda
}
return (
<div className="g-recaptcha" data-sitekey="<SITEKEY>" data-callback="reCaptchaCallback" />
);
接下来是lambda,它被称为来自Cognito的触发器。
const axios = require("axios");
const config = {
PROJECT_ID: "<PROJECTID>",
API_KEY: "<APIKEY>", //actually gotten from secret manager
SITE_KEY:"<SITEKEY>"
};
exports.handler = async (event) => {
console.log(event);
if (event.triggerSource === "PreSignUp_AdminCreateUser") {
return event;
}
if (!event.request.validationData) {
throw new Error('Missing validation data');
}
try {
const verifyResponse = await axios({
method: 'post',
url: `https://recaptchaenterprise.googleapis.com/v1beta1/projects/${config.PROJECT_ID}/assessments?key=${config.API_KEY}`,
body: {
event: {
token: event.request.validationData.token, //I have confirmed this is correctly passed from front end to here
siteKey: config.SITE_KEY
expectedAction: "" //Tried it with and without this. Documentation say it isn't being used
}
},
headers: { "Content-Type": "application/x-www-form-urlencoded" }
});
console.log(JSON.stringify(verifyResponse.data));
if (verifyResponse.data.score >= 0) {
event.response.autoConfirmUser = true;
return event;
} else {
throw new Error('Recaptcha verification failed');
}
} catch (error) {
console.error(error);
throw new Error("Recaptcha verification failed. Please retry");
}
};
这是我经常得到的回应。
{
"name": "projects/<PROJECT>/assessments/924d7fc3f0000000",
"score": 0,
"reasons": []
}
然而,回顾面板显示,所有评估都已>=0.8我不知道自己做错了什么。谢谢你的帮助。
这是对我有用的旋度,可能会对你有所帮助。在代码中,查看正文并发送一个">评估"对象,其中包括">事件"。
curl -H 'Content-Type: application/x-www-form-urlencoded' -X POST https://recaptchaenterprise.googleapis.com/v1beta1/projects/${here-is-your-id-project}/assessments?key=${here-is-your-secret-key-defined-on-credentials-api-section} -d 'assessment.event.token=${response-token-coming-from-grecaptcha.enterprise.execute-method-on-web-site}' -d 'assessment.event.site_key=${here-is-your-public-key-defined-on-recaptcha-service-section}'
这是回应:
{
"name": "projects/xxxx/assessments/xxxxx",
"event": {
"token": "${response-token-coming-from-grecaptcha.enterprise.execute-method-on-web-site}",
"siteKey": "${here-is-your-public-key-defined-on-recaptcha-service-section}",
"userAgent": "",
"userIpAddress": "",
"expectedAction": "",
"hashedAccountId": ""
},
"score": 0.9,
"tokenProperties": {
"valid": true,
"invalidReason": "INVALID_REASON_UNSPECIFIED",
"hostname": "your-host-goes-here",
"action": "login",
"createTime": "2022-02-03T19:08:01.612Z"
},
"reasons": []
}
我的GCP配置:
- 创建一个repatcha服务并从这里获取公共站点密钥(https://console.cloud.google.com/security/recaptcha)。我在curl中使用了-d"assessment.event.site_key=${这是您在repatcha服务部分定义的公钥}">
- 在凭证服务中创建一个ApiKey,并将其与以前的repatcha服务绑定。我在curl中使用了密钥=${这是您在凭据api部分定义的密钥}https://console.cloud.google.com/apis/credentials/key
这都是
tokenProperties意味着googleapis.com无法读取您的POST数据。
对于您的案例,首先期望的内容类型应该是json:
"Content-Type": "application/json; charset=utf-8"
如果更改以上内容并不能解决问题,那么也可以尝试将post数据从object/dict/json更改为string。
提示:通常,当我们在代码中无法获得预期响应时,我们可以尝试在curl或jmeter等直接工具中对目标请求进行实验,找出问题所在,然后将解决方案复制回我们的代码中
我遇到了完全相同的问题。如果有人现在就有,答案是:使用.post将axios调用更改为一个
const { data } = await axios.post(
`https://recaptchaenterprise.googleapis.com/v1beta1/projects/${CAPTCHA_PROJECT_ID}/assessments?key=${CAPTCHA_API_KEY}`,
{
event: {
token: tokenValue,
siteKey: CAPTCHA_SITE_KEY,
expectedAction: "YOUR_ACTION",
},
},
{
headers: {
"Content-Type": "application/json; charset=utf-8",
},
});