cloudflare_turnstile 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: fb659b4d66930ea57524ea7e5df02a9fefb6ae2bfd859164f4f1bdf353352cc0
4
+ data.tar.gz: cad3dcc29ea1ed8a86e809470b13a5f8413e00331b44d357d1b24ad53ed9ad9e
5
+ SHA512:
6
+ metadata.gz: d81d5f55d7af434903a86b11fb3866bd7e44430481ef68381efc55b1bc586d64ba77595677d57a95f372fcc422e726e4f4729be94f27547266e9311f72fef557
7
+ data.tar.gz: a5c05fb46bd9e524fa39ab10fbe34fd9510f3cb83210a87d1bbb23e43626dfb7e217884735636ca9ad0a816e341fbe655b796f6d54258604f342d177e3fbb42f
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.standard.yml ADDED
@@ -0,0 +1,3 @@
1
+ # For available configuration options, see:
2
+ # https://github.com/testdouble/standard
3
+ ruby_version: 2.6
data/CHANGELOG.md ADDED
@@ -0,0 +1,5 @@
1
+ ## [Unreleased]
2
+
3
+ ## [0.1.0] - 2022-10-10
4
+
5
+ - Initial release
data/Gemfile ADDED
@@ -0,0 +1,14 @@
1
+ # frozen_string_literal: true
2
+
3
+ source "https://rubygems.org"
4
+
5
+ # Specify your gem's dependencies in cloudflare_turnstile.gemspec
6
+ gemspec
7
+
8
+ gem "rake", "~> 13.0"
9
+
10
+ gem "rspec", "~> 3.0"
11
+
12
+ gem "rspec-rails"
13
+
14
+ gem "standard", "~> 1.3"
data/Gemfile.lock ADDED
@@ -0,0 +1,206 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ cloudflare_turnstile (0.1.0)
5
+ rails (>= 5.0)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ actioncable (7.0.4)
11
+ actionpack (= 7.0.4)
12
+ activesupport (= 7.0.4)
13
+ nio4r (~> 2.0)
14
+ websocket-driver (>= 0.6.1)
15
+ actionmailbox (7.0.4)
16
+ actionpack (= 7.0.4)
17
+ activejob (= 7.0.4)
18
+ activerecord (= 7.0.4)
19
+ activestorage (= 7.0.4)
20
+ activesupport (= 7.0.4)
21
+ mail (>= 2.7.1)
22
+ net-imap
23
+ net-pop
24
+ net-smtp
25
+ actionmailer (7.0.4)
26
+ actionpack (= 7.0.4)
27
+ actionview (= 7.0.4)
28
+ activejob (= 7.0.4)
29
+ activesupport (= 7.0.4)
30
+ mail (~> 2.5, >= 2.5.4)
31
+ net-imap
32
+ net-pop
33
+ net-smtp
34
+ rails-dom-testing (~> 2.0)
35
+ actionpack (7.0.4)
36
+ actionview (= 7.0.4)
37
+ activesupport (= 7.0.4)
38
+ rack (~> 2.0, >= 2.2.0)
39
+ rack-test (>= 0.6.3)
40
+ rails-dom-testing (~> 2.0)
41
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
42
+ actiontext (7.0.4)
43
+ actionpack (= 7.0.4)
44
+ activerecord (= 7.0.4)
45
+ activestorage (= 7.0.4)
46
+ activesupport (= 7.0.4)
47
+ globalid (>= 0.6.0)
48
+ nokogiri (>= 1.8.5)
49
+ actionview (7.0.4)
50
+ activesupport (= 7.0.4)
51
+ builder (~> 3.1)
52
+ erubi (~> 1.4)
53
+ rails-dom-testing (~> 2.0)
54
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
55
+ activejob (7.0.4)
56
+ activesupport (= 7.0.4)
57
+ globalid (>= 0.3.6)
58
+ activemodel (7.0.4)
59
+ activesupport (= 7.0.4)
60
+ activerecord (7.0.4)
61
+ activemodel (= 7.0.4)
62
+ activesupport (= 7.0.4)
63
+ activestorage (7.0.4)
64
+ actionpack (= 7.0.4)
65
+ activejob (= 7.0.4)
66
+ activerecord (= 7.0.4)
67
+ activesupport (= 7.0.4)
68
+ marcel (~> 1.0)
69
+ mini_mime (>= 1.1.0)
70
+ activesupport (7.0.4)
71
+ concurrent-ruby (~> 1.0, >= 1.0.2)
72
+ i18n (>= 1.6, < 2)
73
+ minitest (>= 5.1)
74
+ tzinfo (~> 2.0)
75
+ ast (2.4.2)
76
+ builder (3.2.4)
77
+ concurrent-ruby (1.1.10)
78
+ crass (1.0.6)
79
+ diff-lcs (1.5.0)
80
+ erubi (1.11.0)
81
+ globalid (1.0.0)
82
+ activesupport (>= 5.0)
83
+ i18n (1.12.0)
84
+ concurrent-ruby (~> 1.0)
85
+ json (2.6.2)
86
+ loofah (2.19.0)
87
+ crass (~> 1.0.2)
88
+ nokogiri (>= 1.5.9)
89
+ mail (2.7.1)
90
+ mini_mime (>= 0.1.1)
91
+ marcel (1.0.2)
92
+ method_source (1.0.0)
93
+ mini_mime (1.1.2)
94
+ mini_portile2 (2.8.0)
95
+ minitest (5.16.3)
96
+ net-imap (0.3.1)
97
+ net-protocol
98
+ net-pop (0.1.2)
99
+ net-protocol
100
+ net-protocol (0.1.3)
101
+ timeout
102
+ net-smtp (0.3.2)
103
+ net-protocol
104
+ nio4r (2.5.8)
105
+ nokogiri (1.13.8)
106
+ mini_portile2 (~> 2.8.0)
107
+ racc (~> 1.4)
108
+ parallel (1.22.1)
109
+ parser (3.1.2.1)
110
+ ast (~> 2.4.1)
111
+ racc (1.6.0)
112
+ rack (2.2.4)
113
+ rack-test (2.0.2)
114
+ rack (>= 1.3)
115
+ rails (7.0.4)
116
+ actioncable (= 7.0.4)
117
+ actionmailbox (= 7.0.4)
118
+ actionmailer (= 7.0.4)
119
+ actionpack (= 7.0.4)
120
+ actiontext (= 7.0.4)
121
+ actionview (= 7.0.4)
122
+ activejob (= 7.0.4)
123
+ activemodel (= 7.0.4)
124
+ activerecord (= 7.0.4)
125
+ activestorage (= 7.0.4)
126
+ activesupport (= 7.0.4)
127
+ bundler (>= 1.15.0)
128
+ railties (= 7.0.4)
129
+ rails-dom-testing (2.0.3)
130
+ activesupport (>= 4.2.0)
131
+ nokogiri (>= 1.6)
132
+ rails-html-sanitizer (1.4.3)
133
+ loofah (~> 2.3)
134
+ railties (7.0.4)
135
+ actionpack (= 7.0.4)
136
+ activesupport (= 7.0.4)
137
+ method_source
138
+ rake (>= 12.2)
139
+ thor (~> 1.0)
140
+ zeitwerk (~> 2.5)
141
+ rainbow (3.1.1)
142
+ rake (13.0.6)
143
+ regexp_parser (2.6.0)
144
+ rexml (3.2.5)
145
+ rspec (3.11.0)
146
+ rspec-core (~> 3.11.0)
147
+ rspec-expectations (~> 3.11.0)
148
+ rspec-mocks (~> 3.11.0)
149
+ rspec-core (3.11.0)
150
+ rspec-support (~> 3.11.0)
151
+ rspec-expectations (3.11.1)
152
+ diff-lcs (>= 1.2.0, < 2.0)
153
+ rspec-support (~> 3.11.0)
154
+ rspec-mocks (3.11.1)
155
+ diff-lcs (>= 1.2.0, < 2.0)
156
+ rspec-support (~> 3.11.0)
157
+ rspec-rails (6.0.0)
158
+ actionpack (>= 6.1)
159
+ activesupport (>= 6.1)
160
+ railties (>= 6.1)
161
+ rspec-core (~> 3.11)
162
+ rspec-expectations (~> 3.11)
163
+ rspec-mocks (~> 3.11)
164
+ rspec-support (~> 3.11)
165
+ rspec-support (3.11.1)
166
+ rubocop (1.35.1)
167
+ json (~> 2.3)
168
+ parallel (~> 1.10)
169
+ parser (>= 3.1.2.1)
170
+ rainbow (>= 2.2.2, < 4.0)
171
+ regexp_parser (>= 1.8, < 3.0)
172
+ rexml (>= 3.2.5, < 4.0)
173
+ rubocop-ast (>= 1.20.1, < 2.0)
174
+ ruby-progressbar (~> 1.7)
175
+ unicode-display_width (>= 1.4.0, < 3.0)
176
+ rubocop-ast (1.21.0)
177
+ parser (>= 3.1.1.0)
178
+ rubocop-performance (1.14.3)
179
+ rubocop (>= 1.7.0, < 2.0)
180
+ rubocop-ast (>= 0.4.0)
181
+ ruby-progressbar (1.11.0)
182
+ standard (1.16.1)
183
+ rubocop (= 1.35.1)
184
+ rubocop-performance (= 1.14.3)
185
+ thor (1.2.1)
186
+ timeout (0.3.0)
187
+ tzinfo (2.0.5)
188
+ concurrent-ruby (~> 1.0)
189
+ unicode-display_width (2.3.0)
190
+ websocket-driver (0.7.5)
191
+ websocket-extensions (>= 0.1.0)
192
+ websocket-extensions (0.1.5)
193
+ zeitwerk (2.6.1)
194
+
195
+ PLATFORMS
196
+ ruby
197
+
198
+ DEPENDENCIES
199
+ cloudflare_turnstile!
200
+ rake (~> 13.0)
201
+ rspec (~> 3.0)
202
+ rspec-rails
203
+ standard (~> 1.3)
204
+
205
+ BUNDLED WITH
206
+ 2.3.22
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2022 Scott Motte
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,60 @@
1
+ # cloudflare_turnstile
2
+
3
+ Add [Cloudflare Turnstile](https://blog.cloudflare.com/turnstile-private-captcha-alternative/) to your Rails app in seconds.
4
+
5
+ [![Gem](https://img.shields.io/gem/v/cloudflare_turnstile.svg?style=flat-square)](https://rubygems.org/gems/cloudflare_turnstile)
6
+
7
+ ## Installation
8
+
9
+ Add this line to your Gemfile and then execute bundle install:
10
+
11
+ ```ruby
12
+ gem "cloudflare_turnstile"
13
+ ```
14
+
15
+ ## Usage
16
+
17
+ Add the view helper to your form - just before the submit button is usually a good spot.
18
+
19
+ ```erb
20
+ <%= form_for(@user) do |f| %>
21
+ ..
22
+ <%= cloudflare_turnstile %>
23
+ <%= f.submit "Log In" %>
24
+ <% end %>
25
+ ```
26
+
27
+ Then enable it for the controller actions you wish. It works just like a `before_action`. Pass `only:` with the action names.
28
+
29
+ ```ruby
30
+ class UsersController < ApplicationController
31
+ cloudflare_turnstile only: [:create, :login_submit]
32
+
33
+ def new
34
+ # new user view
35
+ end
36
+
37
+ def create
38
+ # Turnstile verification will automatically take place prior to here.
39
+
40
+ @user = User.create!(params)
41
+ ..
42
+ end
43
+
44
+ def login
45
+ # login form view
46
+ end
47
+
48
+ def login_submit
49
+ # Turnstile verification will automatically take place prior to here.
50
+
51
+ ..
52
+ end
53
+ end
54
+ ```
55
+
56
+ By default, it responds with no content (only headers: `head(200)`). This way the spam bot thinks they have been successful and will spend less time making requests to your website.
57
+
58
+ ## Credits
59
+
60
+ Inspiration [invisible_captcha](https://github.com/markets/invisible_captcha)
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/gem_tasks"
4
+ require "rspec/core/rake_task"
5
+
6
+ RSpec::Core::RakeTask.new(:spec)
7
+
8
+ require "standard/rake"
9
+
10
+ task default: %i[spec standard]
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "lib/cloudflare_turnstile/version"
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "cloudflare_turnstile"
7
+ spec.version = CloudflareTurnstile::VERSION
8
+ spec.authors = ["motdotla"]
9
+ spec.email = ["mot@mot.la"]
10
+
11
+ spec.summary = "Spam protection for your Rails apps using Cloudflare Turnstile"
12
+ spec.description = "Spam protection for your Rails apps using Cloudflare Turnstile"
13
+ spec.homepage = "https://github.com/dotenv-org/cloudflare_turnstile"
14
+ spec.license = "MIT"
15
+ spec.required_ruby_version = ">= 2.6.0"
16
+
17
+ spec.metadata["homepage_uri"] = spec.homepage
18
+ spec.metadata["source_code_uri"] = "https://github.com/dotenv-org/cloudflare_turnstile"
19
+ spec.metadata["changelog_uri"] = "https://github.com/dotenv-org/cloudflare_turnstile"
20
+
21
+ # Specify which files should be added to the gem when it is released.
22
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
23
+ spec.files = Dir.chdir(__dir__) do
24
+ `git ls-files -z`.split("\x0").reject do |f|
25
+ (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
26
+ end
27
+ end
28
+ spec.bindir = "exe"
29
+ spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
30
+ spec.require_paths = ["lib"]
31
+
32
+ spec.add_dependency "rails", ">= 5.0"
33
+
34
+ # Uncomment to register a new dependency of your gem
35
+ # spec.add_dependency "example-gem", "~> 1.0"
36
+
37
+ # For more information and examples about making a new gem, check out our
38
+ # guide at: https://bundler.io/guides/creating_gem.html
39
+ end
@@ -0,0 +1,68 @@
1
+ # frozen_string_literal: true
2
+
3
+ module CloudflareTurnstile
4
+ module ControllerExt
5
+ module ClassMethods
6
+ # Enables Turnstile on a controller action
7
+ #
8
+ #
9
+ def cloudflare_turnstile(options = {})
10
+ before_action(options) do
11
+ cloudflare_turnstile_verify(options)
12
+ end
13
+ end
14
+ end
15
+
16
+ private
17
+
18
+ def cloudflare_turnstile_verified?(options = {})
19
+ url = URI(cloudflare_turnstile_verify_url)
20
+ secret = cloudflare_turnstile_secret_key
21
+ response = params["cf-turnstile-response"]
22
+
23
+ res = Net::HTTP.post_form(url, secret: secret, response: response)
24
+ json = JSON.parse(res.body)
25
+
26
+ success = json["success"]
27
+
28
+ return true if success
29
+
30
+ error = json["error-codes"][0]
31
+
32
+ cloudflare_turnstile_warn_spam(error)
33
+
34
+ false
35
+ end
36
+
37
+ def cloudflare_turnstile_verify(options = {})
38
+ if cloudflare_turnstile_verified?(options)
39
+ true
40
+ else
41
+ head(200) # respond with no content and 200 since the bot will think it has submitted properly
42
+ end
43
+ end
44
+
45
+ def cloudflare_turnstile_verify_url
46
+ "https://challenges.cloudflare.com/turnstile/v0/siteverify"
47
+ end
48
+
49
+ def cloudflare_turnstile_warn_spam(message)
50
+ logger.warn("Spam detected for IP #{request.remote_ip}. #{message}")
51
+
52
+ ActiveSupport::Notifications.instrument(
53
+ "cloudflare_turnstile.spam_detected",
54
+ message: message,
55
+ remote_ip: request.remote_ip,
56
+ user_agent: request.user_agent,
57
+ controller: params[:controller],
58
+ action: params[:action],
59
+ url: request.url,
60
+ params: request.filtered_parameters
61
+ )
62
+ end
63
+
64
+ def cloudflare_turnstile_secret_key
65
+ ENV["CLOUDFLARE_TURNSTILE_SECRET_KEY"]
66
+ end
67
+ end
68
+ end
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ module CloudflareTurnstile
4
+ class Railtie < Rails::Railtie
5
+ initializer "cloudflare_turnstile.rails_integration" do
6
+ ActiveSupport.on_load(:action_controller) do
7
+ include CloudflareTurnstile::ControllerExt
8
+ extend CloudflareTurnstile::ControllerExt::ClassMethods
9
+ end
10
+
11
+ ActiveSupport.on_load(:action_view) do
12
+ include CloudflareTurnstile::ViewHelpers
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module CloudflareTurnstile
4
+ VERSION = "0.1.0"
5
+ end
@@ -0,0 +1,41 @@
1
+ # frozen_string_literal: true
2
+
3
+ module CloudflareTurnstile
4
+ module ViewHelpers
5
+ # Builds the Turnstile html
6
+ #
7
+ # @return [String] the generated html
8
+ def cloudflare_turnstile
9
+ content_tag(:div, class: css_class) do
10
+ concat script_tag
11
+ concat turnstile_div
12
+ end
13
+ end
14
+
15
+ private
16
+
17
+ def script_tag
18
+ content_tag(:script, :src => js_src, "async" => true, "defer" => true) do
19
+ ""
20
+ end
21
+ end
22
+
23
+ def turnstile_div
24
+ content_tag(:div, :class => "cf-turnstile", "data-sitekey" => site_key) do
25
+ ""
26
+ end
27
+ end
28
+
29
+ def site_key
30
+ ENV["CLOUDFLARE_TURNSTILE_SITE_KEY"]
31
+ end
32
+
33
+ def js_src
34
+ "https://challenges.cloudflare.com/turnstile/v0/api.js"
35
+ end
36
+
37
+ def css_class
38
+ "cloudflare-turnstile"
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,11 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "cloudflare_turnstile/version"
4
+ require_relative "cloudflare_turnstile/controller_ext"
5
+ require_relative "cloudflare_turnstile/view_helpers"
6
+ require_relative "cloudflare_turnstile/railtie"
7
+
8
+ module CloudflareTurnstile
9
+ class << self
10
+ end
11
+ end
@@ -0,0 +1,4 @@
1
+ module CloudflareTurnstile
2
+ VERSION: String
3
+ # See the writing guide of rbs: https://github.com/ruby/rbs#guides
4
+ end
metadata ADDED
@@ -0,0 +1,75 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cloudflare_turnstile
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - motdotla
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2022-10-10 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rails
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '5.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '5.0'
27
+ description: Spam protection for your Rails apps using Cloudflare Turnstile
28
+ email:
29
+ - mot@mot.la
30
+ executables: []
31
+ extensions: []
32
+ extra_rdoc_files: []
33
+ files:
34
+ - ".rspec"
35
+ - ".standard.yml"
36
+ - CHANGELOG.md
37
+ - Gemfile
38
+ - Gemfile.lock
39
+ - LICENSE.txt
40
+ - README.md
41
+ - Rakefile
42
+ - cloudflare_turnstile.gemspec
43
+ - lib/cloudflare_turnstile.rb
44
+ - lib/cloudflare_turnstile/controller_ext.rb
45
+ - lib/cloudflare_turnstile/railtie.rb
46
+ - lib/cloudflare_turnstile/version.rb
47
+ - lib/cloudflare_turnstile/view_helpers.rb
48
+ - sig/cloudflare_turnstile.rbs
49
+ homepage: https://github.com/dotenv-org/cloudflare_turnstile
50
+ licenses:
51
+ - MIT
52
+ metadata:
53
+ homepage_uri: https://github.com/dotenv-org/cloudflare_turnstile
54
+ source_code_uri: https://github.com/dotenv-org/cloudflare_turnstile
55
+ changelog_uri: https://github.com/dotenv-org/cloudflare_turnstile
56
+ post_install_message:
57
+ rdoc_options: []
58
+ require_paths:
59
+ - lib
60
+ required_ruby_version: !ruby/object:Gem::Requirement
61
+ requirements:
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: 2.6.0
65
+ required_rubygems_version: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ requirements: []
71
+ rubygems_version: 3.1.6
72
+ signing_key:
73
+ specification_version: 4
74
+ summary: Spam protection for your Rails apps using Cloudflare Turnstile
75
+ test_files: []