fix(core): fix recaptcha verification (#7224)

packages/core/src/routes/experience/classes/libraries/captcha-validator.ts

@@ -61,19 +61,23 @@ export class CaptchaValidator {
 
   private async verifyRecaptchaEnterprise(config: RecaptchaEnterpriseConfig, captchaToken: string) {
     try {
-      const result = await ky.post(
-        `https://recaptchaenterprise.googleapis.com/v1/projects/${config.projectId}/assessments?key=${config.secretKey}`,
-        {
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({
-            token: captchaToken,
-            siteKey: config.siteKey,
-            // We can't decide the action here, because the interaction event may change after the user interaction.
-            // So we use a fixed action here.
-            expectedAction: 'interaction',
-          }),
-        }
-      );
+      const result = await ky
+        .post(
+          `https://recaptchaenterprise.googleapis.com/v1/projects/${config.projectId}/assessments?key=${config.secretKey}`,
+          {
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+              event: {
+                token: captchaToken,
+                siteKey: config.siteKey,
+                // We can't decide the action here, because the interaction event may change after the user interaction.
+                // So we use a fixed action here.
+                expectedAction: 'interaction',
+              },
+            }),
+          }
+        )
+        .json();
 
       const responseGuard = z.object({
         tokenProperties: z.object({
@@ -89,6 +93,7 @@ export class CaptchaValidator {
         riskAnalysis: { score },
       } = responseGuard.parse(result);
 
+      // TODO: customize the score threshold
       return valid && score >= 0.5;
     } catch {
       return false;