haketilo-packages/hacktcha - A libre JS-based client for Google reCAPTCHA

about summary refs log tree commit diff

/* SPDX-License-Identifier: LicenseRef-GPL-3.0-or-later-WITH-js-exceptions
 *
 * Part of Hacktcha, a free/libre front-end for reCAPTCHA for use with Haketilo.
 *
 * Copyright (C) 2022 Wojtek Kosior
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * As additional permission under GNU GPL version 3 section 7, you
 * may distribute forms of that code without the copy of the GNU
 * GPL normally required by section 4, provided you include this
 * license notice and, in case of non-source distribution, a URL
 * through which recipients can access the Corresponding Source.
 * If you modify file(s) with this exception, you may extend this
 * exception to your version of the file(s), but you are not
 * obligated to do so. If you do not wish to do so, delete this
 * exception statement from your version.
 *
 * As a special exception to the GPL, any HTML file which merely
 * makes function calls to this code, and for that purpose
 * includes it by reference shall be deemed a separate work for
 * copyright law purposes. If you modify this code, you may extend
 * this exception to your version of the code, but you are not
 * obligated to do so. If you do not wish to do so, delete this
 * exception statement from your version.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 *
 * I, Wojtek Kosior, thereby promise not to sue for violation of this file's
 * license. Although I request that you do not make use of this code in a
 * proprietary program, I am not going to enforce this in court.
 */

/* Use with https://google.com/recaptcha/api2/anchor */

"use strict";

/*
 * reCAPTCHA uses a less common variant of base64 which we produce by slightly
 * modifying the output of JavaScript's native base64 encoding routine.
 */
function rc_base64_decode(data_b64) {
    data_b64 = data_b64
	  .replaceAll("-", "+")
	  .replaceAll("_", "/")
	  .replaceAll(".", "=");

    return atob(data_b64);
}

const rc_params = new URLSearchParams(window.location.search);

const site_key   = rc_params.get("k");
const rc_version = rc_params.get("v");
const lang       = rc_params.get("hl") || "en";

const origin_b64 = rc_params.get("co");
const origin     = rc_base64_decode(origin_b64);

const initial_token = document.getElementById("recaptcha-token").value;

const smuggled_data = {origin, initial_token};

const bframe_url = new URL("https://google.com/recaptcha/api2/bframe");
bframe_url.search = new URLSearchParams([
    ["hl", lang],
    ["v", rc_version],
    ["k", site_key]
]);
bframe_url.hash = encodeURIComponent(JSON.stringify(smuggled_data));

window.location.href = bframe_url;