feat: Add hCaptcha for public forms (#4017)

- added hCaptcha based verification for chatwoot signups

Co-authored-by: Sojan <sojan@pepalo.com>

app/controllers/api/v1/accounts_controller.rb

@@ -4,6 +4,7 @@ class Api::V1::AccountsController < Api::BaseController
   skip_before_action :authenticate_user!, :set_current_user, :handle_with_exception,
                      only: [:create], raise: false
   before_action :check_signup_enabled, only: [:create]
+  before_action :validate_captcha, only: [:create]
   before_action :fetch_account, except: [:create]
   before_action :check_authorization, except: [:create]
 
@@ -58,6 +59,10 @@ class Api::V1::AccountsController < Api::BaseController
     raise ActionController::RoutingError, 'Not Found' if GlobalConfigService.load('ENABLE_ACCOUNT_SIGNUP', 'false') == 'false'
   end
 
+  def validate_captcha
+    raise ActionController::InvalidAuthenticityToken, 'Invalid Captcha' unless ChatwootCaptcha.new(params[:h_captcha_client_response]).valid?
+  end
+
   def pundit_user
     {
       user: current_user,

app/controllers/dashboard_controller.rb

@@ -26,7 +26,8 @@ class DashboardController < ActionController::Base
       'API_CHANNEL_THUMBNAIL',
       'ANALYTICS_TOKEN',
       'ANALYTICS_HOST',
-      'DIRECT_UPLOADS_ENABLED'
+      'DIRECT_UPLOADS_ENABLED',
+      'HCAPTCHA_SITE_KEY'
     ).merge(app_config)
   end