ezzarghili / recaptcha-go Goto Github PK
View Code? Open in Web Editor NEWValidate Google reCAPTCHA v2 & v3 form submission package in golang
License: MIT License
Validate Google reCAPTCHA v2 & v3 form submission package in golang
License: MIT License
Allow for using semantic versioning with releases on gopkg.in to make releases's API more stable for users
There is should be >
instead of >=
in threshold comparison.
Reference:
https://github.com/google/recaptcha/blob/master/src/ReCaptcha/ReCaptcha.php#L180
add travis build to make sure the code builds and well lint.
V2 Verify does not work anymore, it did yesterday.. Unsure the issue.
2022/05/18 10:19:33 http: panic serving [::1]:59242: runtime error: invalid memory address or nil pointer dereference goroutine 34 [running]: net/http.(*conn).serve.func1() /usr/local/go/src/net/http/server.go:1825 +0xbf panic({0x900820, 0xd04eb0}) /usr/local/go/src/runtime/panic.go:844 +0x258 gopkg.in/ezzarghili/recaptcha-go%2ev4.(*ReCAPTCHA).confirm(0xd15ac0, {{0x0, 0x0}, {0xc000311c01, 0x1e4}, {0x0, 0x0}}, {0x0, {0x0, 0x0}, ...}) /home/alex/go/pkg/mod/gopkg.in/ezzarghili/[email protected]/recaptcha.go:134 +0x399 gopkg.in/ezzarghili/recaptcha-go%2ev4.(*ReCAPTCHA).Verify(...) /home/alex/go/pkg/mod/gopkg.in/ezzarghili/[email protected]/recaptcha.go:101 main.signup({0x7fb16060bdc8, 0xc00041e3c0}, 0xc0002c0a00) /home/**/**/**_backend/routes.go:32 +0x185 net/http.HandlerFunc.ServeHTTP(0xc0001145d0?, {0x7fb16060bdc8?, 0xc00041e3c0?}, 0xc000416b30?) /usr/local/go/src/net/http/server.go:2084 +0x2f github.com/go-chi/chi/v5.(*ChainHandler).ServeHTTP(0x8fcdc0?, {0x7fb16060bdc8?, 0xc00041e3c0?}, 0xc000281c85?) /home/alex/go/pkg/mod/github.com/go-chi/chi/[email protected]/chain.go:31 +0x2c github.com/go-chi/chi/v5.(*Mux).routeHTTP(0xc0001102a0, {0x7fb16060bdc8, 0xc00041e3c0}, 0xc0002c0a00) /home/alex/go/pkg/mod/github.com/go-chi/chi/[email protected]/mux.go:442 +0x216
The README file contains some typos to missed parts of the example code
Also make use of the named return parameters in confirm function
I think it should be matching
Line 103 in 14b5e4c
Add support to reCAPTCHA v3 API with new threshold validation based on score
Should update test matrix for go versions to include v1.10.x and v1.11.x
For our use case we don't want to block users from signing up if recaptcha goes down or the server has trouble connecting to it for whatever reason. By adding another field to recaptcha.Error we could differentiate between the errors.
For example if we got this error we don't want to block the signup.
Err = &Error{msg: fmt.Sprintf("error posting to recaptcha endpoint: '%s'", err)}
Currently we would have to parse the msg to figure out what's wrong, I propose adding:
// Error custom error to pass ErrorCodes to user.
type Error struct {
msg string
ErrorCodes []string
RequestError bool
}
and setting that to true in these errors:
response, err := r.client.PostForm(r.ReCAPTCHALink, formValues)
if err != nil {
Err = &Error{msg: fmt.Sprintf("error posting to recaptcha endpoint: '%s'", err), RequestError: true}
return
}
defer response.Body.Close()
resultBody, err := ioutil.ReadAll(response.Body)
if err != nil {
Err = &Error{msg: fmt.Sprintf("couldn't read response body: '%s'", err), RequestError: true}
return
}
var result reCHAPTCHAResponse
err = json.Unmarshal(resultBody, &result)
if err != nil {
Err = &Error{msg: fmt.Sprintf("invalid response body json: '%s'", err), RequestError: true}
return
}
Hello @ezzarghili,
What do you think about extending this package so the caller can pass in a http.Client
instead of instantiating the default one in the New
method?
I can create a PR for this feature if you're interested.
We're using recaptcha v2 checkbox and have "Verify the origin of reCAPTCHA solutions" turned on:
We're also checking the hostname in Go:
options := recaptcha.VerifyOption{}
options.Hostname = "example.domain.com"
For most verifications it's working but we do see a fair number of these errors:
invalid response hostname '', while expecting 'example.domain.com'
This is a bit odd to me since it looks like it's happening to normal users on our website. Any idea why this could happen?
Good work, clean and simple API and code base. Be nice to add tests and mocking out the google API.
Hi, thanks for this great repo!
Is there any chance I could use recaptcha.net
instead of www.google.com
to enable to use reCAPTCHA globally?
Thanks!
Requests are built for the Google API with the following code:
Line 71 in fcf7f6a
What happens when the user appends his own secret? It seems necessary to investigate the possibility of malicious users messing with this. Why can't we use Golang's url.Encode?
When the reCAPTCHA response contains an error code, the error code returned by (r *ReCAPTCHA) Verify
is only accessible through the error message. For example, an error can be:
remote error codes: [missing-input-response]
It would be great to get an easy way to check what the error code is. Currently, one would have to deconstruct the string to know that the error code was missing-input-response
.
One solution would be to create a custom error struct and return that instead when we get a remote error code.
type CaptchaError struct {
msg string
errorCodes []string
}
func (e *CaptchaError) Error() string { return e.msg }
Makes error codes easily readable for consumer.
Cleaning api for first release and use time.Duration where relevant instead of numbers
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.