Nuxt turnstile module server side verification in cloudflare pages

Hello,

I'm having some trouble with turnstile module. I have this working well in local development, but when I transfer the code to cloudlfare pages the "verifyTurnstileToken" does not seem to work.

The ENV is clearly ok, cause I get from the front end the token and it is verified in both environments. So the there's something different going on in the server side on cloudflare pages.

import protectedRouteAnon from '~/server/protectedRouteAnon'
import { serverSupabaseServiceRole } from '#supabase/server'

export default defineEventHandler(async (event) => {
    await protectedRouteAnon(event);
    const body = await readBody(event)
    const client = serverSupabaseServiceRole(event)
    const runtimeConfig = useRuntimeConfig(event)
    const base_url = runtimeConfig.public.API_HOSTNAME
    const { token } = await readBody(event)

    if (!token) {
        throw createError({
          statusCode: 422,
          statusMessage: 'Token not provided.',
        })
      }

    const tokenResult = await verifyTurnstileToken(token)


    console.log('TOKEN: ' + token) // This logs in both environments
    console.log('TOKEN RESULT: ' + tokenResult.success) // This logs in local but not in cloudlfare pages
 

    if (tokenResult.success){
        try {
            const { data, error } = await client.auth.signInWithOtp({
                email: body?.email,
                options: {
                    emailRedirectTo: base_url+'new-company/confirm',
                    data: {
                        name: body?.name,
                        role: 'logintemp',
                    }
                    }
            })
                if (error) throw error
                else{
                    return tokenResult.success
                }
            }
            catch (error) {
                return { error: error }
            } 
    }
    else{
        return false
    }

})

import protectedRouteAnon from '~/server/protectedRouteAnon'
import { serverSupabaseServiceRole } from '#supabase/server'

export default defineEventHandler(async (event) => {
    await protectedRouteAnon(event);
    const body = await readBody(event)
    const client = serverSupabaseServiceRole(event)
    const runtimeConfig = useRuntimeConfig(event)
    const base_url = runtimeConfig.public.API_HOSTNAME
    const { token } = await readBody(event)

    if (!token) {
        throw createError({
          statusCode: 422,
          statusMessage: 'Token not provided.',
        })
      }

    const tokenResult = await verifyTurnstileToken(token)


    console.log('TOKEN: ' + token) // This logs in both environments
    console.log('TOKEN RESULT: ' + tokenResult.success) // This logs in local but not in cloudlfare pages
 

    if (tokenResult.success){
        try {
            const { data, error } = await client.auth.signInWithOtp({
                email: body?.email,
                options: {
                    emailRedirectTo: base_url+'new-company/confirm',
                    data: {
                        name: body?.name,
                        role: 'logintemp',
                    }
                    }
            })
                if (error) throw error
                else{
                    return tokenResult.success
                }
            }
            catch (error) {
                return { error: error }
            } 
    }
    else{
        return false
    }

})

import protectedRouteAnon from '~/server/protectedRouteAnon'
import { serverSupabaseServiceRole } from '#supabase/server'

export default defineEventHandler(async (event) => {
    await protectedRouteAnon(event);
    const body = await readBody(event)
    const client = serverSupabaseServiceRole(event)
    const runtimeConfig = useRuntimeConfig(event)
    const base_url = runtimeConfig.public.API_HOSTNAME
    const { token } = await readBody(event)

    if (!token) {
        throw createError({
          statusCode: 422,
          statusMessage: 'Token not provided.',
        })
      }

    const tokenResult = await verifyTurnstileToken(token)


    console.log('TOKEN: ' + token) // This logs in both environments
    console.log('TOKEN RESULT: ' + tokenResult.success) // This logs in local but not in cloudlfare pages
 

    if (tokenResult.success){
        try {
            const { data, error } = await client.auth.signInWithOtp({
                email: body?.email,
                options: {
                    emailRedirectTo: base_url+'new-company/confirm',
                    data: {
                        name: body?.name,
                        role: 'logintemp',
                    }
                    }
            })
                if (error) throw error
                else{
                    return tokenResult.success
                }
            }
            catch (error) {
                return { error: error }
            } 
    }
    else{
        return false
    }

})

import protectedRouteAnon from '~/server/protectedRouteAnon'
import { serverSupabaseServiceRole } from '#supabase/server'

export default defineEventHandler(async (event) => {
    await protectedRouteAnon(event);
    const body = await readBody(event)
    const client = serverSupabaseServiceRole(event)
    const runtimeConfig = useRuntimeConfig(event)
    const base_url = runtimeConfig.public.API_HOSTNAME
    const { token } = await readBody(event)

    if (!token) {
        throw createError({
          statusCode: 422,
          statusMessage: 'Token not provided.',
        })
      }

    const tokenResult = await verifyTurnstileToken(token)


    console.log('TOKEN: ' + token) // This logs in both environments
    console.log('TOKEN RESULT: ' + tokenResult.success) // This logs in local but not in cloudlfare pages
 

    if (tokenResult.success){
        try {
            const { data, error } = await client.auth.signInWithOtp({
                email: body?.email,
                options: {
                    emailRedirectTo: base_url+'new-company/confirm',
                    data: {
                        name: body?.name,
                        role: 'logintemp',
                    }
                    }
            })
                if (error) throw error
                else{
                    return tokenResult.success
                }
            }
            catch (error) {
                return { error: error }
            } 
    }
    else{
        return false
    }

})

Any ideas would be greatly appreciated!

Nuxt turnstile module server side verification in cloudflare pages

Similar Threads

Similar Threads

Similar Threads