grantholle / laravel-altcha
A Laravel server implementation for Altcha.
Fund package maintenance!
Grant Holle
Installs: 3 623
Dependents: 1
Suggesters: 0
Security: 0
Stars: 9
Watchers: 3
Forks: 3
Open Issues: 1
Requires
- php: ^8.2
- illuminate/contracts: ^10.0|^11.0
- spatie/laravel-package-tools: ^1.14.0
Requires (Dev)
- laravel/pint: ^1.0
- nunomaduro/collision: ^7.8
- orchestra/testbench: ^8.8
- pestphp/pest: ^2.20
- pestphp/pest-plugin-arch: ^2.0
- pestphp/pest-plugin-laravel: ^2.0
- spatie/laravel-ray: ^1.26
README
This is a Laravel implementation for the server-side of Altcha, a proof-of-work captcha that does not require any third-party service.
Installation
You can install the package via composer:
composer require grantholle/laravel-altcha
Optionally, publish the config file with:
php artisan vendor:publish --tag="altcha-config"
Usage
In .env
(or published config file), set the following variables:
# Required, sort of like a password ALTCHA_HMAC_KEY= # Optional, defaults to SHA-256. Can be SHA-384 or SHA-512 # ALTCHA_ALGORITHM="SHA-256"
Out of the box, the package registers a /altcha-challenge
endpoint to use you on your frontend.
Frontend
Following the frontend integration, use the following snippet to get a challenge:
<altcha-widget challengeurl="/altcha-challenge"></altcha-widget>
Implementation will be different given your frontend, but here's an example Vue component to use:
<template> <altcha-widget challengeurl="/altcha-challenge" @statechange="stateChanged"></altcha-widget> </template> <script setup> import 'altcha' const emit = defineEmits(['update:modelValue']) const stateChanged = ev => { if (ev.detail.state === 'verified') { emit('update:modelValue', ev.detail.payload) } } </script>
In an Inertja.js form, you could use this component like so:
<template> <form @submit.prevent="form.post('/login')"> <label for="email">Email</label> <input type="email" name="email" v-model="form.email"> <label for="password">Password</label> <input type="password" name="password" v-model="form.password"> <Altcha v-model="form.token" /> <button type="submit">Submit</button> </form> </template> <script setup> import { useForm } from '@inertiajs/inertia-vue3' // This is the component we made above import Altcha from '@/components/forms/Altcha.vue' const form = useForm({ email: null, password: null, token: null, }) </script>
Backend validation
To validate the frontend-generated token/payload, there's a ValidAltcha
rule you can use, assuming the token is passed as token
in the request:
use GrantHolle\Altcha\Rules\ValidAltcha; $request->validate([ 'email' => ['required', 'email'], 'password' => ['required'], 'altcha' => ['required', new ValidAltcha()], ]);
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.