1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
"""
Submit a form.
"""
import binascii
import hashlib
import uuid
import httpx
import pydnsbl
from pydantic import ValidationError
from starlette.background import BackgroundTask
from starlette.requests import Request
from starlette.responses import JSONResponse
from backend.constants import FRONTEND_URL, FormFeatures, HCAPTCHA_API_SECRET
from backend.models import Form, FormResponse
from backend.route import Route
HCAPTCHA_VERIFY_URL = "https://hcaptcha.com/siteverify"
HCAPTCHA_HEADERS = {
"Content-Type": "application/x-www-form-urlencoded"
}
class SubmitForm(Route):
"""
Submit a form with the provided form ID.
"""
name = "submit_form"
path = "/submit/{form_id:str}"
async def post(self, request: Request) -> JSONResponse:
data = await request.json()
data["timestamp"] = None
if form := await request.state.db.forms.find_one(
{"_id": request.path_params["form_id"], "features": "OPEN"}
):
form = Form(**form)
response = data.copy()
response["id"] = str(uuid.uuid4())
response["form_id"] = form.id
if FormFeatures.DISABLE_ANTISPAM.value not in form.features:
ip_hash_ctx = hashlib.md5()
ip_hash_ctx.update(request.client.host.encode())
ip_hash = binascii.hexlify(ip_hash_ctx.digest())
user_agent_hash_ctx = hashlib.md5()
user_agent_hash_ctx.update(request.headers["User-Agent"].encode())
user_agent_hash = binascii.hexlify(user_agent_hash_ctx.digest())
dsn_checker = pydnsbl.DNSBLIpChecker()
dsn_blacklist = await dsn_checker.check_async(request.client.host)
async with httpx.AsyncClient() as client:
query_params = {
"secret": HCAPTCHA_API_SECRET,
"response": data.get("captcha")
}
r = await client.post(
HCAPTCHA_VERIFY_URL,
params=query_params,
headers=HCAPTCHA_HEADERS
)
r.raise_for_status()
captcha_data = r.json()
response["antispam"] = {
"ip_hash": ip_hash.decode(),
"user_agent_hash": user_agent_hash.decode(),
"captcha_pass": captcha_data["success"],
"dns_blacklisted": dsn_blacklist.blacklisted,
}
if FormFeatures.REQUIRES_LOGIN.value in form.features:
if request.user.is_authenticated:
response["user"] = request.user.payload
if FormFeatures.COLLECT_EMAIL.value in form.features and "email" not in response["user"]: # noqa
return JSONResponse({
"error": "email_required"
}, status_code=400)
else:
return JSONResponse({
"error": "missing_discord_data"
}, status_code=400)
missing_fields = []
for question in form.questions:
if question.id not in response["response"]:
missing_fields.append(question.id)
if missing_fields:
return JSONResponse({
"error": "missing_fields",
"fields": missing_fields
}, status_code=400)
try:
response_obj = FormResponse(**response)
except ValidationError as e:
return JSONResponse(e.errors())
await request.state.db.responses.insert_one(
response_obj.dict(by_alias=True)
)
send_webhook = None
if FormFeatures.WEBHOOK_ENABLED.value in form.features:
send_webhook = BackgroundTask(
self.send_submission_webhook,
form=form,
response=response_obj
)
return JSONResponse({
"form": form.dict(admin=False),
"response": response_obj.dict()
}, background=send_webhook)
else:
return JSONResponse({
"error": "Open form not found"
})
@staticmethod
def send_submission_webhook(form: Form, response: FormResponse) -> None:
"""Helper to send a submission message to a discord webhook."""
# Stop if webhook is not available
if form.meta.webhook is None:
raise ValueError("Got empty webhook.")
user = response.user
username = f"{user.username}#{user.discriminator}" if user else None
user_mention = f"<@{user.id}>" if user else f"{username or 'User'}"
# Build Embed
embed = {
"title": "New Form Response",
"description": f"{user_mention} submitted a response.",
"url": f"{FRONTEND_URL}/path_to_view_form/{response.id}", # noqa # TODO: Enter Form View URL
"timestamp": response.timestamp,
"color": 7506394,
}
# Add author to embed
if user is not None:
embed["author"] = {"name": username}
if user.avatar is not None:
url = f"https://cdn.discordapp.com/avatars/{user.id}/{user.avatar}.png"
embed["author"]["icon_url"] = url
# Build Hook
hook = {
"embeds": [embed],
"allowed_mentions": {"parse": ["users", "roles"]},
"username": form.name or "Python Discord Forms"
}
# Set hook message
message = form.meta.webhook.message
if message:
hook["content"] = message.replace("_USER_MENTION_", f"<@{user.id}>")
# Post hook
httpx.post(form.meta.webhook.url, json=hook).raise_for_status()
|
