Middleware to use Google reCAPTCHA for spam prevention

v2.0.1 2020-12-02 00:06 UTC

This package is auto-updated.

Last update: 2024-05-29 04:27:44 UTC


Latest Version on Packagist Software License Testing Total Downloads

Middleware to use google/recaptcha library for spam prevention. Returns a 403 response if the request is not valid. More info about Google reCAPTCHA.



This package is installable and autoloadable via Composer as middlewares/recaptcha.

composer require middlewares/recaptcha


$dispatcher = new Dispatcher([
    new Middlewares\Recaptcha($secretKey),

    //in your view
    function () {
        echo '<div class="g-recaptcha" data-sitekey="XXX"></div>';
        echo '<script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>';

$response = $dispatcher->dispatch(new ServerRequest());


You need a secret API key for your app. You can register it at https://www.google.com/recaptcha/admin

$secretKey = 'Your-Secret-Key';

$recaptcha = new Middlewares\Recaptcha($secretKey);

Optionally, you can provide a Psr\Http\Message\ResponseFactoryInterface as the second argument to create the error responses (403). If it's not defined, Middleware\Utils\Factory will be used to detect it automatically.

$responseFactory = new MyOwnResponseFactory();

$recaptcha = new Middlewares\Recaptcha($secretKey, $responseFactory);


By default uses the REMOTE_ADDR server parameter to get the client ip. This option allows to use a request attribute. Useful to combine with a ip detection middleware, for example client-ip:

$dispatcher = new Dispatcher([
    //detect the client ip and save it in "ip" attribute
    (new Middlewares\ClientIP())->attribute('ip'),

    //use that attribute
    (new Middlewares\Recaptcha($secretKey))->ipAttribute('ip')

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.

The MIT License (MIT). Please see LICENSE for more information.