improve captcha validation and error logging in AuthService

flopez7 · flopez7 · commit 33b4c78d0d36 · 2025-11-14T13:03:43.000+01:00
diff --git a/packages/apps/job-launcher/server/src/common/utils/hcaptcha.ts b/packages/apps/job-launcher/server/src/common/utils/hcaptcha.ts
@@ -1,4 +1,5 @@
 import axios from 'axios';
+import { formatAxiosError } from './http';
 
 export async function verifyToken(
   url: string,
@@ -17,11 +18,18 @@ export async function verifyToken(
     queryParams.remoteip = ip;
   }
 
-  const { data } = await axios.post(
-    `${url}/siteverify`,
-    {},
-    { params: queryParams },
-  );
+  try {
+    const { data } = await axios.post(
+      `${url}/siteverify`,
+      {},
+      { params: queryParams },
+    );
 
-  return data;
+    return data;
+  } catch (error) {
+    return {
+      success: false,
+      error: formatAxiosError(error),
+    };
+  }
 }
diff --git a/packages/apps/job-launcher/server/src/common/utils/slack.ts b/packages/apps/job-launcher/server/src/common/utils/slack.ts
@@ -1,6 +1,7 @@
 import axios from 'axios';
 
 import logger from '../../logger';
+import { formatAxiosError } from './http';
 
 const slackLogger = logger.child({ context: 'sendSlackNotification' });
 
@@ -21,7 +22,10 @@ export async function sendSlackNotification(
     slackLogger.debug('Slack notification sent', payload);
     return true;
   } catch (error) {
-    slackLogger.error('Error sending Slack notification', error);
+    slackLogger.error(
+      'Error sending Slack notification',
+      formatAxiosError(error),
+    );
     return false;
   }
 }
diff --git a/packages/apps/job-launcher/server/src/modules/auth/auth.service.ts b/packages/apps/job-launcher/server/src/modules/auth/auth.service.ts
@@ -1,5 +1,5 @@
 /* eslint-disable @typescript-eslint/no-non-null-assertion */
-import { Injectable } from '@nestjs/common';
+import { Injectable, Logger } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 
 import { ErrorAuth, ErrorUser } from '../../common/constants/errors';
@@ -39,6 +39,8 @@ import { ApiKeyRepository } from './apikey.repository';
 
 @Injectable()
 export class AuthService {
+  private readonly logger = new Logger(AuthService.name);
+
   constructor(
     private readonly jwtService: JwtService,
     private readonly userService: UserService,
@@ -80,19 +82,7 @@ export class AuthService {
   }
 
   public async signup(data: UserCreateDto, ip?: string): Promise<UserEntity> {
-    if (
-      !(
-        await verifyToken(
-          this.authConfigService.hcaptchaProtectionUrl,
-          this.authConfigService.hCaptchaSiteKey,
-          this.authConfigService.hCaptchaSecret,
-          data.hCaptchaToken,
-          ip,
-        )
-      ).success
-    ) {
-      throw new ForbiddenError(ErrorAuth.InvalidCaptchaToken);
-    }
+    await this.ensureCaptchaValid(data.hCaptchaToken, ip);
     const storedUser = await this.userRepository.findByEmail(data.email);
     if (storedUser) {
       throw new ConflictError(ErrorUser.DuplicatedEmail);
@@ -185,19 +175,7 @@ export class AuthService {
     data: ForgotPasswordDto,
     ip?: string,
   ): Promise<void> {
-    if (
-      !(
-        await verifyToken(
-          this.authConfigService.hcaptchaProtectionUrl,
-          this.authConfigService.hCaptchaSiteKey,
-          this.authConfigService.hCaptchaSecret,
-          data.hCaptchaToken,
-          ip,
-        )
-      ).success
-    ) {
-      throw new ForbiddenError(ErrorAuth.InvalidCaptchaToken);
-    }
+    await this.ensureCaptchaValid(data.hCaptchaToken, ip);
     const userEntity = await this.userRepository.findByEmail(data.email);
 
     if (!userEntity) {
@@ -245,19 +223,7 @@ export class AuthService {
     data: RestorePasswordDto,
     ip?: string,
   ): Promise<void> {
-    if (
-      !(
-        await verifyToken(
-          this.authConfigService.hcaptchaProtectionUrl,
-          this.authConfigService.hCaptchaSiteKey,
-          this.authConfigService.hCaptchaSecret,
-          data.hCaptchaToken,
-          ip,
-        )
-      ).success
-    ) {
-      throw new ForbiddenError(ErrorAuth.InvalidCaptchaToken);
-    }
+    await this.ensureCaptchaValid(data.hCaptchaToken, ip);
 
     const tokenEntity = await this.tokenRepository.findOneByUuidAndType(
       data.token,
@@ -426,4 +392,24 @@ export class AuthService {
 
     return null;
   }
+
+  private async ensureCaptchaValid(token: string, ip?: string): Promise<void> {
+    const verification = await verifyToken(
+      this.authConfigService.hcaptchaProtectionUrl,
+      this.authConfigService.hCaptchaSiteKey,
+      this.authConfigService.hCaptchaSecret,
+      token,
+      ip,
+    );
+
+    if (verification.success) {
+      return;
+    }
+
+    this.logger.error(ErrorAuth.InvalidCaptchaToken, {
+      error: verification.error,
+    });
+
+    throw new ForbiddenError(ErrorAuth.InvalidCaptchaToken);
+  }
 }
