From 42758d7c2d7a646d867ea07cc987529b282e1e14 Mon Sep 17 00:00:00 2001
From: Thatsaphorn Atchariyaphap <thatsaphorn@outlook.de>
Date: Sun, 29 Jun 2025 19:28:16 +0900
Subject: [PATCH] Refactor `HCaptchaValidator` to improve token verification
 and logging.

---
 .../contact/util/HCaptchaValidator.java       | 32 +++++++++++++------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/backend/server/src/main/java/dev/rheinsw/server/contact/util/HCaptchaValidator.java b/backend/server/src/main/java/dev/rheinsw/server/contact/util/HCaptchaValidator.java
index 8d9443b..7390e45 100644
--- a/backend/server/src/main/java/dev/rheinsw/server/contact/util/HCaptchaValidator.java
+++ b/backend/server/src/main/java/dev/rheinsw/server/contact/util/HCaptchaValidator.java
@@ -4,6 +4,8 @@ import dev.rheinsw.server.contact.model.HCaptchaConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.RestTemplate;
 
 import java.util.Map;
@@ -26,29 +28,41 @@ public class HCaptchaValidator {
 
     public boolean isValid(String token) {
         if (token == null || token.isBlank()) {
-            log.warn("Captcha token is missing or blank");
+            log.warn("[hCaptcha] Token is missing or blank");
             return false;
         }
 
         String secret = config.getSecret();
         if (secret == null || secret.isBlank()) {
-            log.error("Captcha secret is missing");
+            log.error("[hCaptcha] Secret is not configured");
             return false;
         }
 
         try {
-            var response = restTemplate.postForObject(
+            log.info("[hCaptcha] Verifying token with https://api.hcaptcha.com/siteverify");
+
+            MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
+            body.add("secret", secret);
+            body.add("response", token);
+
+            @SuppressWarnings("unchecked")
+            Map<String, Object> response = restTemplate.postForObject(
                     "https://api.hcaptcha.com/siteverify",
-                    new org.springframework.util.LinkedMultiValueMap<String, String>() {{
-                        add("secret", secret);
-                        add("response", token);
-                    }},
+                    body,
                     Map.class
             );
 
-            return response != null && Boolean.TRUE.equals(response.get("success"));
+            log.info("[hCaptcha] Verification response: {}", response);
+
+            boolean success = response != null && Boolean.TRUE.equals(response.get("success"));
+
+            if (!success) {
+                log.warn("[hCaptcha] Verification failed: {}", response);
+            }
+
+            return success;
         } catch (Exception e) {
-            log.error("Failed to verify hCaptcha", e);
+            log.error("[hCaptcha] Exception during verification", e);
             return false;
         }
     }