altcha-rails 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 166ab2cdd6732e309f96c332d0483bcb16f984697f6f56ffab78357635aaccc3
|
4
|
+
data.tar.gz: baa9cf000ae61e2a1da2e3571827ff318d046ca3707e0341c6a6c036718b9278
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 554a2a258ad6e498034ae21d82788ca50b93543fcdfe086cc346b270c8ebc35a7c44702a30bf3ca0d618ac3b38c0943f04099b47a34c37ad33c8f5a2e1555b11
|
7
|
+
data.tar.gz: 9acd0d3bedda678efb8480d9d4935cdc1e1d8f97455eeba40e4dbb692e9753a5d9662ce0d05f841f98af2d2288aa6102267e93765d6873df2c12d59d1b4be0f2
|
data/README.md
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
|
5
5
|
[ALTCHA](https://altcha.org/) is a protocol designed for safeguarding against spam and abuse by utilizing a proof-of-work mechanism. This protocol comprises both a client-facing widget and a server-side verification process.
|
6
6
|
|
7
|
-
`altcha-
|
7
|
+
`altcha-rails` is a Ruby gem that provides a simple way to integrate ALTCHA into your Ruby on Rails application.
|
8
8
|
|
9
9
|
The main functionality of the gem is to generate a challenge and verify the response from the client. This is done in the library code. An initializer and a controller is installed in the host application to handle the challenge generation and verification.
|
10
10
|
|
@@ -13,14 +13,14 @@ The main functionality of the gem is to generate a challenge and verify the resp
|
|
13
13
|
Add this line to your application's Gemfile:
|
14
14
|
|
15
15
|
```ruby
|
16
|
-
gem 'altcha-
|
16
|
+
gem 'altcha-rails'
|
17
17
|
```
|
18
18
|
|
19
19
|
Then execute `bundle install` to install the gem for your application.
|
20
20
|
|
21
21
|
Next, run the generator to install the initializer and the controller:
|
22
22
|
|
23
|
-
```
|
23
|
+
```
|
24
24
|
$ rails generate altcha:install
|
25
25
|
create app/models/altcha_solution.rb
|
26
26
|
create app/controllers/altcha_controller.rb
|
@@ -31,6 +31,8 @@ $ rails generate altcha:install
|
|
31
31
|
|
32
32
|
This will create an initializer file at `config/initializers/altcha.rb` and a controller at `app/controllers/altcha_controller.rb` as well as a route in `config/routes.rb` and a model at `app/models/altcha-solutions.rb` (see below).
|
33
33
|
|
34
|
+
You will also have to run 'rails db:migrate` to apply pending changes to the database.
|
35
|
+
|
34
36
|
## Configuration
|
35
37
|
|
36
38
|
The initializer file `config/initializers/altcha.rb` contains the following configuration options:
|
@@ -45,7 +47,7 @@ end
|
|
45
47
|
```
|
46
48
|
|
47
49
|
The `algorithm` option specifies the hashing algorithm to use and must currently be set to `SHA-256`.
|
48
|
-
It is crucial change the `hmac_key` to a
|
50
|
+
It is crucial change the `hmac_key` to a random value. This key is used to sign the challenge and the response,
|
49
51
|
so it must be treated as a secret within your application.
|
50
52
|
The `num_range` option specifies the range of numbers to use in the challenge and determines the difficulty of the proof-of-work.
|
51
53
|
For an explanation of the `timeout` option see below.
|
@@ -65,31 +67,35 @@ To also guard against replay attacks within the configured `timeout` period, the
|
|
65
67
|
store completed responses. A unique constraint is added to the database to prevent the same response from being stored.
|
66
68
|
|
67
69
|
As these stored solutions are useless after the `timeout` period, the `AltchaSolution.cleanup` convenience function
|
68
|
-
should be called regularly.
|
70
|
+
should be called regularly to purge outdates soltutions from the database.
|
69
71
|
|
70
72
|
## Usage
|
71
73
|
|
72
74
|
You need to include the ALTCHA javascript widget in your application's asset pipeline. This is not done by the gem
|
73
75
|
at this point. Read up on the [ALTCHA documentation](https://altcha.org/docs/website-integration) for more information.
|
74
76
|
|
75
|
-
|
77
|
+
Then add the following code to the form you want to protect:
|
76
78
|
|
77
79
|
```erb
|
78
80
|
<altcha-widget challengeurl="<%= altcha_url() %>"></altcha-widget>
|
79
81
|
```
|
80
82
|
|
81
|
-
|
83
|
+
Once the user clicks the checkbox, the widget will send a request to the server to get a new challenge.
|
84
|
+
When the user-side code inside the widget found the solution to the challenge, the spinner will stop
|
85
|
+
and a hidden input field with the name `altcha` will be created in the form to convey the solution as
|
86
|
+
base64 encoded JSON dictionary.
|
82
87
|
|
83
88
|
In the controller that handles the form submission, you can verify the response with the following code:
|
84
89
|
|
85
90
|
```ruby
|
86
91
|
def create
|
87
|
-
@model = Model.
|
92
|
+
@model = Model.create(model_params)
|
88
93
|
|
89
|
-
unless AltchaSolution.verify_and_save(params.permit(:altcha)[:altcha])
|
90
|
-
|
91
|
-
|
92
|
-
|
94
|
+
unless AltchaSolution.verify_and_save(params.permit(:altcha)[:altcha])
|
95
|
+
flash.now[:alert] = 'ALTCHA verification failed.'
|
96
|
+
render :new, status: :unprocessable_entity
|
97
|
+
return
|
98
|
+
end
|
93
99
|
|
94
100
|
# ...
|
95
101
|
end
|
data/altcha-rails.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "altcha-rails"
|
5
|
-
s.version = "0.0.
|
5
|
+
s.version = "0.0.6"
|
6
6
|
s.authors = ["Daniel Mack"]
|
7
7
|
s.homepage = "https://github.com/zonque/altcha-rails"
|
8
8
|
s.metadata = { "source_code_uri" => "https://github.com/zonque/altcha-rails" }
|
@@ -10,6 +10,6 @@ class CreateAltchaSolutions < ActiveRecord::Migration[<%= ActiveRecord::Migratio
|
|
10
10
|
t.timestamps
|
11
11
|
end
|
12
12
|
|
13
|
-
add_index :altcha_solutions, [ :algorithm, :challenge, :salt, :signature, :number ], unique: true
|
13
|
+
add_index :altcha_solutions, [ :algorithm, :challenge, :salt, :signature, :number ], unique: true, name: 'index_altcha_solutions'
|
14
14
|
end
|
15
15
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: altcha-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Mack
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-04-28 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: ALTCHA is a free, open-source CAPTCHA alternative that protects your
|
14
14
|
website from spam and abuse
|