後端驗證的程式碼其實很簡單
import type { RequestHandler } from './$types';
import { hashPassword } from '$lib/server/auth';
import type { ClientUsers } from '$lib/server/schema/ClientUsers';
export const POST: RequestHandler = async ({ request, cookies, platform }) => {
const { username, password, token } = await request.json();
const stmt = await platform.env.DB.prepare('SELECT * FROM client_users WHERE username = ?');
const { results } = await stmt.bind(username).run();
if (!Array.isArray(results) || results.length === 0) {
return new Response(JSON.stringify({ message: 'User not found' }), { status: 401 });
}
try {
const res = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ secret: '1x0000000000000000000000000000000AA', response: token })
});
console.log(await res.json());
} catch (error) {
console.error('Turnstile validation error:', error);
return { success: false, 'error-codes': ['internal-error'] };
}
只要裡面再次呼叫 API 驗證一次就好了,可是有個問題,我的 secret 要怎麼放進去 workers 咧??
畢竟不能塞在 .env 吧
今天的情緒抒發:
今天國慶日!!!!!!剩下兩天惹