grantholle/laravel-altcha

A Laravel server implementation for Altcha.

Maintainers

Details

github.com/grantholle/laravel-altcha

Homepage

Source

Issues

Fund package maintenance!
Grant Holle

Installs: 3 623

Dependents: 1

Suggesters: 0

Security: 0

Stars: 9

Watchers: 3

Forks: 3

Open Issues: 1

1.1.0 2024-03-19 20:30 UTC

Requires

Requires (Dev)

MIT d5d75903c9c11fee194af62b9e1ecbc296407c17

  • Grant Holle <hollegrant.woop@gmail.com>

laravelGrant Hollelaravel-altcha

This package is auto-updated.

Last update: 2024-10-08 14:49:24 UTC

README

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

This is a Laravel implementation for the server-side of Altcha, a proof-of-work captcha that does not require any third-party service.

Installation

You can install the package via composer:

composer require grantholle/laravel-altcha

Optionally, publish the config file with:

php artisan vendor:publish --tag="altcha-config"

Usage

In .env (or published config file), set the following variables:

# Required, sort of like a password
ALTCHA_HMAC_KEY=
# Optional, defaults to SHA-256. Can be SHA-384 or SHA-512
# ALTCHA_ALGORITHM="SHA-256"

Out of the box, the package registers a /altcha-challenge endpoint to use you on your frontend.

Frontend

Following the frontend integration, use the following snippet to get a challenge:

<altcha-widget challengeurl="/altcha-challenge"></altcha-widget>

Implementation will be different given your frontend, but here's an example Vue component to use:

<template>
  <altcha-widget challengeurl="/altcha-challenge" @statechange="stateChanged"></altcha-widget>
</template>

<script setup>
import 'altcha'

const emit = defineEmits(['update:modelValue'])
const stateChanged = ev => {
  if (ev.detail.state === 'verified') {
    emit('update:modelValue', ev.detail.payload)
  }
}
</script>

In an Inertja.js form, you could use this component like so:

<template>
  <form @submit.prevent="form.post('/login')">
    <label for="email">Email</label>
    <input type="email" name="email" v-model="form.email">
    
    <label for="password">Password</label>
    <input type="password" name="password" v-model="form.password">
    
    <Altcha v-model="form.token" />
    
    <button type="submit">Submit</button>
  </form>
</template>

<script setup>
import { useForm } from '@inertiajs/inertia-vue3'
// This is the component we made above
import Altcha from '@/components/forms/Altcha.vue'

const form = useForm({
  email: null,
  password: null,
  token: null,
})
</script>

Backend validation

To validate the frontend-generated token/payload, there's a ValidAltcha rule you can use, assuming the token is passed as token in the request:

use GrantHolle\Altcha\Rules\ValidAltcha;

$request->validate([
    'email' => ['required', 'email'],
    'password' => ['required'],
    'altcha' => ['required', new ValidAltcha()],
]);

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.