diff --git a/src/lib/captcha.ts b/src/lib/captcha.ts index 7056e71..86ad531 100644 --- a/src/lib/captcha.ts +++ b/src/lib/captcha.ts @@ -8,12 +8,14 @@ export interface CaptchaData { const CAPTCHA_SECRET = process.env.CAPTCHA_SECRET || 'default-secret-change-me' export function generateCaptcha(width = 200, height = 80): { text: string, data: string } { + console.log('[Captcha] Generating new captcha...') // 1. Generate random text (5 chars) const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789' // Removed confusing chars like I, 1, 0, O let text = '' for (let i = 0; i < 5; i++) { text += chars.charAt(Math.floor(Math.random() * chars.length)) } + console.log('[Captcha] Generated text:', text) // 2. Create SVG const bg = '#f3f4f6' @@ -69,23 +71,39 @@ export function signCaptcha(text: string): string { } export function verifyCaptcha(input: string, hash: string): boolean { - if (!input || !hash) return false + if (!input || !hash) { + console.log('[Captcha] Missing input or hash') + return false + } const parts = hash.split('|') - if (parts.length !== 3) return false + if (parts.length !== 3) { + console.log('[Captcha] Invalid hash format') + return false + } const [originalText, expiresStr, signature] = parts const expires = parseInt(expiresStr, 10) // Check expiration - if (Date.now() > expires) return false + if (Date.now() > expires) { + console.log('[Captcha] Expired. Now:', Date.now(), 'Expires:', expires) + return false + } // Check signature integrity const expectedData = `${originalText}|${expiresStr}` const expectedSignature = createHmac('sha256', CAPTCHA_SECRET).update(expectedData).digest('hex') - if (signature !== expectedSignature) return false + if (signature !== expectedSignature) { + console.log('[Captcha] Signature mismatch') + return false + } // Check content match - return input.toUpperCase() === originalText + const isValid = input.toUpperCase() === originalText + if (!isValid) { + console.log('[Captcha] Text mismatch. Expected:', originalText, 'Got:', input.toUpperCase()) + } + return isValid }