recaptcha

The recaptcha middleware provides Google reCAPTCHArecaptcha - 图1open in new window integration for Flame instances.

You can read source code of this middleware on GitHubrecaptcha - 图2open in new window and API documentation on pkg.go.devrecaptcha - 图3open in new window.

Installation

The minimum requirement of Go is 1.16.

  1. go get github.com/flamego/recaptcha

Usage examples

WARNING

Examples included in this section is to demonstrate the usage of the recaptcha middleware, by no means illustrates the idiomatic or even correct way of doing user authentication.

reCAPTCHA v3

The recaptcha.V3recaptcha - 图4open in new window is used in combination with recaptcha.Optionsrecaptcha - 图5open in new window for reCAPTCHA v3recaptcha - 图6open in new window integration, and the recaptcha.RecaptchaV3.Verify should be used to verify response tokens:

  • main.go
  • templates/home.tmpl
  1. package main
  2. import (
  3. "fmt"
  4. "net/http"
  5. "github.com/flamego/flamego"
  6. "github.com/flamego/recaptcha"
  7. "github.com/flamego/template"
  8. )
  9. func main() {
  10. f := flamego.Classic()
  11. f.Use(template.Templater())
  12. f.Use(recaptcha.V3(
  13. recaptcha.Options{
  14. Secret: "<SECRET>",
  15. VerifyURL: recaptcha.VerifyURLGoogle,
  16. },
  17. ))
  18. f.Get("/", func(t template.Template, data template.Data) {
  19. data["SiteKey"] = "<SITE KEY>"
  20. t.HTML(http.StatusOK, "home")
  21. })
  22. f.Post("/", func(w http.ResponseWriter, r *http.Request, re recaptcha.RecaptchaV3) {
  23. token := r.PostFormValue("g-recaptcha-response")
  24. resp, err := re.Verify(token)
  25. if err != nil {
  26. w.WriteHeader(http.StatusBadRequest)
  27. _, _ = w.Write([]byte(err.Error()))
  28. return
  29. } else if !resp.Success {
  30. w.WriteHeader(http.StatusBadRequest)
  31. _, _ = w.Write([]byte(fmt.Sprintf("Verification failed, error codes %v", resp.ErrorCodes)))
  32. return
  33. }
  34. w.WriteHeader(http.StatusOK)
  35. _, _ = w.Write([]byte("Verified!"))
  36. })
  37. f.Run()
  38. }
  1. <html>
  2. <head>
  3. <script src="https://www.google.com/recaptcha/api.js"></script>
  4. </head>
  5. <body>
  6. <script>
  7. function onSubmit(token) {
  8. document.getElementById("demo-form").submit();
  9. }
  10. </script>
  11. <form id="demo-form" method="POST">
  12. <button class="g-recaptcha"
  13. data-sitekey="{{.SiteKey}}"
  14. data-callback='onSubmit'
  15. data-action='submit'>Submit</button>
  16. </form>
  17. </body>
  18. </html>

Because reCAPTCHA v3 is non-interruptive, you will not see any captcha image in the browser.

reCAPTCHA v2

The recaptcha.V2recaptcha - 图7open in new window is used in combination with recaptcha.Optionsrecaptcha - 图8open in new window for reCAPTCHA v2recaptcha - 图9open in new window integration, and the recaptcha.RecaptchaV2.Verify should be used to verify response tokens.

The following example is using the “I’m not a robot” Checkbox type of challenge:

  • main.go
  • templates/home.tmpl
  1. package main
  2. import (
  3. "fmt"
  4. "net/http"
  5. "github.com/flamego/flamego"
  6. "github.com/flamego/recaptcha"
  7. "github.com/flamego/template"
  8. )
  9. func main() {
  10. f := flamego.Classic()
  11. f.Use(template.Templater())
  12. f.Use(recaptcha.V2(
  13. recaptcha.Options{
  14. Secret: "<SECRET>",
  15. VerifyURL: recaptcha.VerifyURLGoogle,
  16. },
  17. ))
  18. f.Get("/", func(t template.Template, data template.Data) {
  19. data["SiteKey"] = "<SITE KEY>"
  20. t.HTML(http.StatusOK, "home")
  21. })
  22. f.Post("/", func(w http.ResponseWriter, r *http.Request, re recaptcha.RecaptchaV2) {
  23. token := r.PostFormValue("g-recaptcha-response")
  24. resp, err := re.Verify(token)
  25. if err != nil {
  26. w.WriteHeader(http.StatusBadRequest)
  27. _, _ = w.Write([]byte(err.Error()))
  28. return
  29. } else if !resp.Success {
  30. w.WriteHeader(http.StatusBadRequest)
  31. _, _ = w.Write([]byte(fmt.Sprintf("Verification failed, error codes %v", resp.ErrorCodes)))
  32. return
  33. }
  34. w.WriteHeader(http.StatusOK)
  35. _, _ = w.Write([]byte("Verified!"))
  36. })
  37. f.Run()
  38. }
  1. <html>
  2. <head>
  3. <script src="https://www.google.com/recaptcha/api.js"></script>
  4. </head>
  5. <body>
  6. <form method="POST">
  7. <div class="g-recaptcha" data-sitekey="{{.SiteKey}}"></div>
  8. <input type="submit" name="button" value="Submit">
  9. </form>
  10. </body>
  11. </html>

Below is how it would look like in your browser for the above example:

Form with reCAPTCHA