Add CSRF, CAPTCHA, and input validation improvements

Introduces CSRF protection to all sensitive controller actions, integrates configurable CAPTCHA (reCAPTCHA v2/v3, Turnstile) for authentication and registration flows, and centralizes input validation via a new InputValidator helper. Adds new helpers and services for CSRF and CAPTCHA, updates settings and migration for CAPTCHA configuration, and enhances logging and error handling in TLD registry import processes. Also improves validation for user, domain, group, and profile inputs throughout the application.
2025-10-10 00:04:12 +03:00
parent 98f37c2482
commit a29becc944
41 changed files with 1689 additions and 77 deletions
--- a/database/migrations/000_initial_schema_v1.1.0.sql
+++ b/database/migrations/000_initial_schema_v1.1.0.sql
@@ -248,7 +248,13 @@ INSERT INTO settings (setting_key, setting_value, `type`, `description`) VALUES

 -- Authentication settings
 ('registration_enabled', '0', 'boolean', 'Enable user registration'),
-('require_email_verification', '1', 'boolean', 'Require email verification for new users')
+('require_email_verification', '1', 'boolean', 'Require email verification for new users'),
+
+-- CAPTCHA settings
+('captcha_provider', 'disabled', 'string', 'CAPTCHA provider (disabled, recaptcha_v2, recaptcha_v3, turnstile)'),
+('captcha_site_key', '', 'string', 'CAPTCHA site/public key'),
+('captcha_secret_key', '', 'encrypted', 'CAPTCHA secret key (encrypted)'),
+('recaptcha_v3_score_threshold', '0.5', 'string', 'reCAPTCHA v3 minimum score threshold (0.0 to 1.0)')

 ON DUPLICATE KEY UPDATE setting_key=setting_key;

--- a/database/migrations/014_add_captcha_settings.sql
+++ b/database/migrations/014_add_captcha_settings.sql
@@ -0,0 +1,24 @@
+-- Migration: Add CAPTCHA settings
+-- Version: 1.2.0
+-- Description: Add support for CAPTCHA protection (reCAPTCHA v2, v3, Turnstile)
+
+-- Add CAPTCHA provider setting (disabled, recaptcha_v2, recaptcha_v3, turnstile)
+INSERT INTO settings (setting_key, setting_value, created_at, updated_at)
+VALUES ('captcha_provider', 'disabled', NOW(), NOW())
+ON DUPLICATE KEY UPDATE setting_key = setting_key;
+
+-- Add CAPTCHA site key (public key)
+INSERT INTO settings (setting_key, setting_value, created_at, updated_at)
+VALUES ('captcha_site_key', '', NOW(), NOW())
+ON DUPLICATE KEY UPDATE setting_key = setting_key;
+
+-- Add CAPTCHA secret key (will be encrypted)
+INSERT INTO settings (setting_key, setting_value, created_at, updated_at)
+VALUES ('captcha_secret_key', '', NOW(), NOW())
+ON DUPLICATE KEY UPDATE setting_key = setting_key;
+
+-- Add reCAPTCHA v3 score threshold (minimum score required, 0.0 to 1.0)
+INSERT INTO settings (setting_key, setting_value, created_at, updated_at)
+VALUES ('recaptcha_v3_score_threshold', '0.5', NOW(), NOW())
+ON DUPLICATE KEY UPDATE setting_key = setting_key;
+
--- a/database/migrations/README.md
+++ b/database/migrations/README.md
@@ -22,6 +22,10 @@ If upgrading from v1.0.0, these incremental migrations will be applied:
 - `008_add_notes_to_domains.sql` - Domain notes field
 - `009_add_authentication_features.sql` - Authentication system
 - `010_add_app_version_setting.sql` - Version setting
+- `011_create_sessions_table.sql` - Session management table
+- `012_link_remember_tokens_to_sessions.sql` - Remember token session linking
+- `013_create_user_notifications_table.sql` - User notifications table
+- `014_add_captcha_settings.sql` - CAPTCHA settings (v2, v3, Turnstile)

 **Upgrade via:** Web updater at `/install/update`