Only use CAPTCHA in logged out operations and pages (#10607)

Issue #10235

---------

Co-authored-by: ad-elias <elias@autodiligence.com>

packages/twenty-front/src/modules/captcha/components/CaptchaProvider.tsx

@@ -1,8 +1,13 @@
 import React from 'react';
 
 import { CaptchaProviderScriptLoaderEffect } from '@/captcha/components/CaptchaProviderScriptLoaderEffect';
+import { isCaptchaRequiredForPath } from '@/captcha/utils/isCaptchaRequiredForPath';
 
 export const CaptchaProvider = ({ children }: React.PropsWithChildren) => {
+  if (!isCaptchaRequiredForPath(window.location.pathname)) {
+    return <>{children}</>;
+  }
+
   return (
     <>
       <div id="captcha-widget" data-size="invisible"></div>

packages/twenty-front/src/modules/captcha/constants/CaptchaProtectedPaths.ts

@@ -0,0 +1,9 @@
+import { AppPath } from '@/types/AppPath';
+
+export const CAPTCHA_PROTECTED_PATHS: string[] = [
+  AppPath.SignInUp,
+  AppPath.Verify,
+  AppPath.VerifyEmail,
+  AppPath.ResetPassword,
+  AppPath.Invite,
+];

packages/twenty-front/src/modules/captcha/hooks/useRequestFreshCaptchaToken.ts

@@ -2,6 +2,7 @@ import { useRecoilCallback, useSetRecoilState } from 'recoil';
 
 import { captchaTokenState } from '@/captcha/states/captchaTokenState';
 import { isRequestingCaptchaTokenState } from '@/captcha/states/isRequestingCaptchaTokenState';
+import { isCaptchaRequiredForPath } from '@/captcha/utils/isCaptchaRequiredForPath';
 import { captchaState } from '@/client-config/states/captchaState';
 import { CaptchaDriverType } from '~/generated-metadata/graphql';
 import { isUndefinedOrNull } from '~/utils/isUndefinedOrNull';
@@ -22,6 +23,10 @@ export const useRequestFreshCaptchaToken = () => {
   const requestFreshCaptchaToken = useRecoilCallback(
     ({ snapshot }) =>
       async () => {
+        if (!isCaptchaRequiredForPath(window.location.pathname)) {
+          return;
+        }
+
         const captcha = snapshot.getLoadable(captchaState).getValue();
 
         if (isUndefinedOrNull(captcha?.provider)) {

packages/twenty-front/src/modules/captcha/utils/isCaptchaRequiredForPath.ts

@@ -0,0 +1,13 @@
+import { matchPath } from 'react-router-dom';
+import { CAPTCHA_PROTECTED_PATHS } from '../constants/CaptchaProtectedPaths';
+
+export const isCaptchaRequiredForPath = (pathname: string): boolean =>
+  CAPTCHA_PROTECTED_PATHS.some((path) =>
+    matchPath(
+      {
+        path,
+        end: false, // Match nested routes too
+      },
+      pathname,
+    ),
+  );

packages/twenty-server/src/engine/core-modules/captcha/captcha.module.ts

@@ -1,6 +1,6 @@
 import { DynamicModule, Global } from '@nestjs/common';
 
-import { CAPTCHA_DRIVER } from 'src/engine/core-modules/captcha/captcha.constants';
+import { CAPTCHA_DRIVER } from 'src/engine/core-modules/captcha/constants/captcha-driver.constants';
 import { CaptchaService } from 'src/engine/core-modules/captcha/captcha.service';
 import { GoogleRecaptchaDriver } from 'src/engine/core-modules/captcha/drivers/google-recaptcha.driver';
 import { TurnstileDriver } from 'src/engine/core-modules/captcha/drivers/turnstile.driver';

packages/twenty-server/src/engine/core-modules/captcha/captcha.service.ts

@@ -2,7 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
 
 import { CaptchaDriver } from 'src/engine/core-modules/captcha/drivers/interfaces/captcha-driver.interface';
 
-import { CAPTCHA_DRIVER } from 'src/engine/core-modules/captcha/captcha.constants';
+import { CAPTCHA_DRIVER } from 'src/engine/core-modules/captcha/constants/captcha-driver.constants';
 import { CaptchaValidateResult } from 'src/engine/core-modules/captcha/interfaces';
 
 @Injectable()