first commit

calcom/packages/lib/server/checkCfTurnstileToken.ts

@@ -0,0 +1,35 @@
+import { HttpError } from "../http-error";
+
+const TURNSTILE_SECRET_ID = process.env.CLOUDFLARE_TURNSTILE_SECRET;
+
+export async function checkCfTurnstileToken({ token, remoteIp }: { token?: string; remoteIp: string }) {
+  // This means the instant doesnt have turnstile enabled - we skip the check and just return success.
+  // OR the instance is running in CI so we skip these checks also
+  if (!TURNSTILE_SECRET_ID || !!process.env.NEXT_PUBLIC_IS_E2E) {
+    return {
+      success: true,
+    };
+  }
+
+  if (!token) {
+    throw new HttpError({ statusCode: 401, message: "Invalid cloudflare token" });
+  }
+
+  const form = new URLSearchParams();
+  form.append("secret", TURNSTILE_SECRET_ID);
+  form.append("response", token);
+  form.append("remoteip", remoteIp);
+
+  const result = await fetch("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
+    method: "POST",
+    body: form,
+  });
+
+  const data = await result.json();
+
+  if (!data["success"]) {
+    throw new HttpError({ statusCode: 401, message: "Invalid cloudflare token" });
+  }
+
+  return data;
+}