Добавлена капча

main.py

@@ -6,6 +6,7 @@ import sqlite3
 from passlib.context import CryptContext
 import uvicorn
 from werkzeug.security import generate_password_hash, check_password_hash
+import requests
 
 app = FastAPI(title="Work BD Auth API",
               description="API для авторизации и регистрации",
@@ -19,6 +20,7 @@ app.add_middleware(
     allow_headers=["*"],
 )
 DB_PATH = 'users.db'
+RECAPTCHA_SECRET_KEY = "6LdfSo8sAAAAALSLznA5nJKK0IMqNhtHRnvpDj7a"
 
 # Инициализация базы данных
 def init_db():
@@ -36,6 +38,35 @@ init_db()
 class UserIn(BaseModel):
     username: str
     password: str
+    recaptcha_token: str | None = None
+
+
+# Функция проверки reCAPTCHA
+def verify_recaptcha(token: str) -> bool:
+    try:
+        response = requests.post(
+            "https://www.google.com/recaptcha/api/siteverify",
+            data={
+                "secret": RECAPTCHA_SECRET_KEY,
+                "response": token,
+            },
+            timeout=10
+        )
+        result = response.json()
+        
+        if not result.get("success"):
+            return False
+        
+        if result.get("action") != "login":
+            return False
+        
+        score = result.get("score", 0)
+        if score < 0.5:
+            return False
+        
+        return True
+    except requests.RequestException:
+        return False
 
 
 @app.post('/register', status_code=201, tags=["User"])
@@ -62,6 +93,11 @@ async def login(user: UserIn):
     if not user.username or not user.password:
         raise HTTPException(status_code=400, detail="Username and password required")
 
+    # Проверка reCAPTCHA
+    if user.recaptcha_token:
+        if not verify_recaptcha(user.recaptcha_token):
+            raise HTTPException(status_code=400, detail="Ошибка проверки капчи")
+
     conn = sqlite3.connect(DB_PATH)
     cursor = conn.cursor()
     cursor.execute('SELECT password FROM users WHERE username = ?', (user.username,))