Add TurnstileService and SharedModule for token verification

Author: Artuomka

backend/src/app.module.ts

@@ -40,6 +40,7 @@ import { SaaSGatewayModule } from './microservices/gateways/saas-gateway.ts/saas
 import { SaasModule } from './microservices/saas-microservice/saas.module.js';
 import { AppLoggerMiddleware } from './middlewares/logging-middleware/app-logger-middlewate.js';
 import { DatabaseModule } from './shared/database/database.module.js';
+import { SharedModule } from './shared/shared.module.js';
 import { GetHelloUseCase } from './use-cases-app/get-hello.use.case.js';
 import { PersonalTableSettingsModule } from './entities/table-settings/personal-table-settings/personal-table-settings.module.js';
 import { SavedDbQueryModule } from './entities/visualizations/saved-db-query/saved-db-query.module.js';
@@ -71,6 +72,7 @@ import { DashboardWidgetModule } from './entities/visualizations/dashboard-widge
 		UserActionModule,
 		CronJobsModule,
 		DatabaseModule,
+		SharedModule,
 		TableActionModule,
 		SaasModule,
 		CompanyInfoModule,

backend/src/shared/services/turnstile.service.ts

@@ -0,0 +1,44 @@
+import { BadRequestException, Injectable } from '@nestjs/common';
+import axios from 'axios';
+
+interface TurnstileVerifyResponse {
+  success: boolean;
+  'error-codes'?: string[];
+  challenge_ts?: string;
+  hostname?: string;
+}
+
+@Injectable()
+export class TurnstileService {
+  private readonly verifyUrl = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
+
+  async verifyToken(token: string): Promise<boolean> {
+    const secretKey = process.env.TURNSTILE_SECRET_KEY;
+
+    if (!secretKey) {
+      console.warn('Turnstile secret key is not configured. Skipping verification.');
+      return true;
+    }
+
+    if (!token || typeof token !== 'string') {
+      throw new BadRequestException('Turnstile token is required.');
+    }
+
+    const formData = new URLSearchParams();
+    formData.append('secret', secretKey);
+    formData.append('response', token);
+
+    const response = await axios.post<TurnstileVerifyResponse>(this.verifyUrl, formData.toString(), {
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+    });
+
+    if (!response.data.success) {
+      const errorCodes = response.data['error-codes']?.join(', ') || 'Unknown error';
+      throw new BadRequestException(`Turnstile verification failed: ${errorCodes}`);
+    }
+
+    return true;
+  }
+}

backend/src/shared/shared.module.ts

@@ -0,0 +1,9 @@
+import { Global, Module } from '@nestjs/common';
+import { TurnstileService } from './services/turnstile.service.js';
+
+@Global()
+@Module({
+  providers: [TurnstileService],
+  exports: [TurnstileService],
+})
+export class SharedModule {}