Anti-bot CAPTCHA

reCAPTCHA

reCAPTCHA protects your website from fraud and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website. Meanwhile, legitimate users will be able to login, make purchases, view pages, or create accounts and fake users will be blocked.

Read more at: https://www.google.com/recaptcha/about/

Using with Iris

The reCAPTCHA is a builtin middleware, you don't have to install it.

  1. Import "github.com/kataras/iris/v12/middleware/recaptcha"

  2. Get your public and secret keys from: https://www.google.com/recaptcha/admin

  3. Initialize with recaptcha.New(recaptchaSecret)

  4. Create an HTML form which you want to protect from bots and add the script tag: <script src="https://www.google.com/recaptcha/api.js"></script>.

  5. Add a hidden element or a div with class of g-recaptcha and set the data-sitekey attribute to your public key.

  6. Use the middleware to protect the routes.

Example Code:

package main

import (
	"fmt"

	"github.com/kataras/iris/v12"

	"github.com/kataras/iris/v12/middleware/recaptcha"
)

// keys should be obtained by https://www.google.com/recaptcha/admin
const (
	recaptchaPublic = "6Lf3WywUAAAAAKNfAm5DP2J5ahqedtZdHTYaKkJ6"
	recaptchaSecret = "6Lf3WywUAAAAAJpArb8nW_LCL_PuPuokmEABFfgw"
)

func main() {
	app := iris.New()

	r := recaptcha.New(recaptchaSecret)

	app.Get("/comment", showRecaptchaForm)

    // pass the middleware before the main handler
    // or use the `recaptcha.SiteVerify`.
	app.Post("/comment", r, postComment)

	app.Listen(":8080")
}

// You can use view templates instead.
var htmlForm = `<form action="/comment" method="POST">
    <script src="https://www.google.com/recaptcha/api.js"></script>
    <div class="g-recaptcha" data-sitekey="%s"></div>
    <input type="submit" name="button" value="Verify">
</form>`

func showRecaptchaForm(ctx iris.Context) {
	contents := fmt.Sprintf(htmlForm, recaptchaPublic)
	ctx.HTML(contents)
}

// This handler is protected by the recaptcha middleware.
func postComment(ctx iris.Context) {
	// [...]
	ctx.JSON(iris.Map{"success": true})
}

Navigate to http://localhost:8080/comment.

hCaptcha

Stop more bots. Start protecting user privacy. Do you use a captcha to keep out bots? hCaptcha protects user privacy, rewards websites, and helps companies get their data labeled. It is a drop-in replacement for reCAPTCHA: you can switch within minutes.

Read more at: https://www.hcaptcha.com/

Using with Iris

The hCaptcha is a builtin middleware, you don't have to install it.

  1. Import "github.com/kataras/iris/v12/middleware/hcaptcha"

  2. Get your public and secret keys from: https://dashboard.hcaptcha.com.

  3. Initialize with hcaptcha.New(secretKey)

  4. Create an HTML form which you want to protect from bots and add the script tag: <script src="https://hcaptcha.com/1/api.js" async defer></script>.

  5. Add a hidden element or a div with class of h-captcha and set the data-sitekey attribute to your public key.

  6. Use the middleware to protect the routes.

Example Code:

For local development you have to setup your HOSTS file:

# https://docs.hcaptcha.com/#localdev
# Add to the end of your hosts file, 
# e.g. on windows: C:/windows/system32/drivers/etc/hosts
127.0.0.1 yourdomain.com

Let's start by creating our HTML view template form:

<!-- ./templates/register_form.html -->
<html>

<head>
  <title>hCaptcha Demo</title>
  <script src="https://hcaptcha.com/1/api.js" async defer></script>
</head>

<body>
  <form action="/register" method="POST">
    <input type="text" name="email" placeholder="Email" />
    <input type="password" name="password" placeholder="Password" />
    <div class="h-captcha" data-sitekey="{{ .SiteKey }}"></div>
    <br />
    <input type="submit" value="Submit" />
  </form>
</body>

</html>

The web server should look like this:

// ./main.go
package main

import (
	"os"

	"github.com/kataras/iris/v12"
	"github.com/kataras/iris/v12/middleware/hcaptcha"
)

// Get the following values from: https://dashboard.hcaptcha.com
// Also, check: https://docs.hcaptcha.com/#localdev to test on local environment.
var (
	siteKey   = os.Getenv("HCAPTCHA-SITE-KEY")
	secretKey = os.Getenv("HCAPTCHA-SECRET-KEY")
)

func main() {
	app := iris.New()
	app.RegisterView(iris.HTML("./templates", ".html"))

	hCaptcha := hcaptcha.New(secretKey)
    app.Get("/register", registerForm)
    
     // See `hcaptcha.SiteVerify` for manual validation too.
	app.Post("/register", hCaptcha, register)

	app.Logger().Infof("SiteKey = %s\tSecretKey = %s",
		siteKey, secretKey)

	// GET: http://yourdomain.com/register
	app.Listen(":80")
}

// This handler is protected by the hcaptcha middleware.
func register(ctx iris.Context) {

    // [Some action here...]
}

func registerForm(ctx iris.Context) {
	ctx.ViewData("SiteKey", siteKey)
	ctx.View("register_form.html")
}

Navigate to http://yourdomain.com/register.

Optionally, to get the hCaptcha original response you need to call hcaptcha.Get(ctx). Example:

hcaptchaResp, ok := hcaptcha.Get(ctx)
if !ok {
    ctx.StatusCode(iris.StatusUnauthorized)
    ctx.WriteString("Are you a bot?")
    return
}

ctx.Writef("Register action here...action was asked by a Human.\nResponse value is: %#+v", hcaptchaResp)

That's all!

Last updated