4 releases (2 breaking)
| 0.21.0 | Aug 18, 2024 |
|---|---|
| 0.2.0 | Oct 29, 2022 |
| 0.1.6 | Oct 25, 2022 |
| 0.1.2 | Aug 16, 2022 |
#988 in Web programming
34 downloads per month
9KB
104 lines
Disclaimer: This is an unnoficial library. Google reCAPTCHA is owned by Google, this library is maintained by Security Union LLC.
YEW-reCAPTCHA-v3
TLDR
reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take an appropriate action for your site. Register reCAPTCHA v3 keys on the reCAPTCHA Admin console.
YouTube Tutorial
https://www.youtube.com/watch?v=qnJSexoFcmM
How to use it?
Checkt out the examples folder.
Verifying the user's response
This page explains how to verify a user's response to a reCAPTCHA challenge from your application's backend.
Please refer to https://developers.google.com/recaptcha/docs/verify
Token Restrictions
Each reCAPTCHA user response token is valid for two minutes, and can only be verified once to prevent replay attacks. If you need a new token, you can re-run the reCAPTCHA verification.
After you get the response token, you need to verify it within two minutes with reCAPTCHA using the following API to ensure the token is valid.
curl -d -X -POST --header "Content-type:application/x-www-form-urlencoded" "https://www.google.com/recaptcha/api/siteverify?secret=6Ldlq3whAAAAAADSEMgRw9fNBxKn_4CJPhVwjcNq&response=<token>"
Sample response:
{
"success": true,
"challenge_ts": "2022-08-16T01:25:24Z",
"hostname": "localhost",
"score": 0.9,
"action": "submit"
}
Interpreting the score
reCAPTCHA v3 returns a score (1.0 is very likely a good interaction, 0.0 is very likely a bot). Based on the score, you can take variable action in the context of your site. Every site is different, but below are some examples of how sites use the score. As in the examples below, take action behind the scenes instead of blocking traffic to better protect your site.
Dependencies
~11–20MB
~272K SLoC