hcaptcha

README

hCaptcha

The one and only hCaptcha middleware for Go web servers.

Inspired by https://dev.to/stanbright/cloudflare-replaced-recaptcha-with-hcaptcha-i-followed-their-example-it-took-me-18-min-1ipn.

Installation

The only requirement is the Go Programming Language.

$ go get -u github.com/kataras/hcaptcha

Getting Started

First of all, navigate to https://www.hcaptcha.com/, create an account and attach a new site for development.

Import the package:

package main

import "github.com/kataras/hcaptcha"

Create a new client:

client := hcaptcha.New(your_secret_key)

Wrap a page's handler:

humanHandler := client.Handler(handler)

For a complete example please navigate through _examples directory.

License

This software is licensed under the MIT License.

Documentation

Index

• Variables
• func ParseForm(dataSiteKey, postActionRelativePath string) string
• func RenderForm(w http.ResponseWriter, dataSiteKey, postActionRelativePath string) (int, error)
• type Client
  • func New(secret string) *Client
  • func (c *Client) Handler(next http.Handler) http.Handler
  • func (c *Client) HandlerFunc(next func(http.ResponseWriter, *http.Request)) http.HandlerFunc
  • func (c *Client) SiteVerify(r *http.Request) (response Response)
  • func (c *Client) VerifyToken(tkn string) (response Response)
• type Response
  • func Get(r *http.Request) (Response, bool)

Variables

var (
	// ResponseContextKey is the default request's context key that response of a hcaptcha request is kept.
	ResponseContextKey interface{} = "hcaptcha"
	// DefaultFailureHandler is the default HTTP handler that is fired on hcaptcha failures. See `Client.FailureHandler`.
	DefaultFailureHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests)
	})

	// PostMaxMemory is the max memory for a form, defaults to 32MB
	PostMaxMemory int64 = 32 << 20
)

var HTMLForm = `` /* 201-byte string literal not displayed */

HTMLForm is the default HTML form for clients. It's totally optional, use your own code for the best possible result depending on your web application. See `ParseForm` and `RenderForm` for more.

Functions

func ParseForm

func ParseForm(dataSiteKey, postActionRelativePath string) string

ParseForm parses the `HTMLForm` with the necessary parameters and returns its result for render.

func RenderForm

func RenderForm(w http.ResponseWriter, dataSiteKey, postActionRelativePath string) (int, error)

RenderForm writes the `HTMLForm` to "w" response writer. See `_examples/basic/register_form.html` example for a custom form instead.

Types

type Client

type Client struct {
	HTTPClient *http.Client

	// FailureHandler if specified, fired when user does not complete hcaptcha successfully.
	// Failure and error codes information are kept as `Response` type
	// at the Request's Context key of "hcaptcha".
	//
	// Defaults to a handler that writes a status code of 429 (Too Many Requests)
	// and without additional information.
	FailureHandler http.Handler

	// Optional checks for siteverify
	// The user's IP address.
	RemoteIP string
	// The sitekey you expect to see.
	SiteKey string
	// contains filtered or unexported fields
}

Client represents the hcaptcha client. It contains the underline HTTPClient which can be modified before API calls.

func New

func New(secret string) *Client

New accepts a hpcatcha secret key and returns a new hcaptcha HTTP Client.

Instructions at: https://docs.hcaptcha.com/.

See its `Handler` and `SiteVerify` for details.

func (*Client) Handler

func (c *Client) Handler(next http.Handler) http.Handler

Handler is the HTTP route middleware featured hcaptcha validation. It calls the `SiteVerify` method and fires the "next" when user completed the hcaptcha successfully,

otherwise it calls the Client's `FailureHandler`.

The hcaptcha's `Response` (which contains any `ErrorCodes`) is saved on the Request's Context (see `GetResponseFromContext`).

func (*Client) HandlerFunc

func (c *Client) HandlerFunc(next func(http.ResponseWriter, *http.Request)) http.HandlerFunc

HandlerFunc same as `Handler` but it accepts and returns a type of `http.HandlerFunc` instead.

func (*Client) SiteVerify

func (c *Client) SiteVerify(r *http.Request) (response Response)

SiteVerify accepts a "r" Request and a secret key (https://dashboard.hcaptcha.com/settings). It returns the hcaptcha's `Response`. The `response.Success` reports whether the validation passed. Any errors are passed through the `response.ErrorCodes` field.

func (*Client) VerifyToken

func (c *Client) VerifyToken(tkn string) (response Response)

VerifyToken accepts a token and a secret key (https://dashboard.hcaptcha.com/settings). It returns the hcaptcha's `Response`. The `response.Success` reports whether the validation passed. Any errors are passed through the `response.ErrorCodes` field. Same as SiteVerify except token is provided by caller instead of being extracted from HTTP request

type Response

type Response struct {
	ChallengeTS string   `json:"challenge_ts"`
	Hostname    string   `json:"hostname"`
	ErrorCodes  []string `json:"error-codes,omitempty"`
	Success     bool     `json:"success"`
	Credit      bool     `json:"credit,omitempty"`
}

Response is the hcaptcha JSON response.

func Get

func Get(r *http.Request) (Response, bool)

Get returns the hcaptcha `Response` of the current "r" request and reports whether was found or not.