diff --git a/functions/api/reports/submit.ts b/functions/api/reports/submit.ts
index d6d3083..76b65fb 100644
--- a/functions/api/reports/submit.ts
+++ b/functions/api/reports/submit.ts
@@ -10,7 +10,31 @@ function errorResponse(error: string, status: number): Response {
 }
 
 export async function onRequestPost(context: RequestContext) {
-  const { filename, filesize, usernames } = context.data.body;
+  const { filename, filesize, turnstileResponse, usernames } =
+    context.data.body;
+
+  if (!context.data.current_user) {
+    if (typeof turnstileResponse !== "string")
+      return errorResponse("You must complete the captcha", 401);
+
+    const turnstileAPIResponse = await fetch(
+      "https://challenges.cloudflare.com/turnstile/v0/siteverify",
+      {
+        body: JSON.stringify({
+          response: turnstileResponse,
+          secret: context.env.TURNSTILE_SECRETKEY,
+        }),
+        headers: {
+          "content-type": "application/json",
+        },
+        method: "POST",
+      }
+    );
+
+    const { success }: { success: boolean } = await turnstileAPIResponse.json();
+
+    if (!success) return errorResponse("Captcha test failed", 403);
+  }
 
   if (!Array.isArray(usernames))
     return errorResponse("Usernames must be type of array", 400);