eu_captcha 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ddd0db23dcc5a6704ea068e01f4f35e041cf45411025d8ec42a02fb13e737ef9
+  data.tar.gz: d06e2d715767ba0f4f124103552a1d7e09caeb4de5fbe0beae54699203d959dc
+SHA512:
+  metadata.gz: 2c41cde2d9f0650caeabe08e722c3a6a50f5c5d2da8ef473fd133a5a0de47ef000ec8a369128972e09332b46d3b07e432fb66fdfee4696cc271cd48bb25cd02f
+  data.tar.gz: 83a76af0123ec9d64a6a90a7ba88f54b7becb1127fdf92f3969345445a2ba72c8107f8662cf4c58ca879f3e53206ca782a6c74c8521bf628738901fdbe9e9760

data/LICENSE

@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright 2026 Myra Security GmbH
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,192 @@
+# EU-Captcha Ruby client
+
+Privacy-first, no-cookie, no-manual-interaction bot protection for Ruby applications. Automatically filters bots, spam, and credential-stuffing attempts without requiring any user interaction.
+
+## Requirements
+
+- Ruby 2.7 or later
+- No runtime dependencies (uses Ruby's built-in `net/http`)
+
+## Installation
+
+```bash
+gem install eu_captcha
+```
+
+Or add it to your `Gemfile`:
+
+```ruby
+gem 'eu_captcha'
+```
+
+## Getting credentials
+
+1. Register at [app.eu-captcha.eu](https://app.eu-captcha.eu/user-registration)
+2. Create a site and copy the **sitekey** and **secret** from the dashboard
+
+## Quick start
+
+> **Using a SPA framework?** The script tag and `<div>` approach below is for server-rendered pages.
+> If you are building with React, Vue, or Angular, use the matching npm package for the frontend widget
+> and continue to use this gem for server-side verification only.
+> See [SPA integration guides](https://docs.eu-captcha.eu/integration/spa/) for details.
+
+Add the widget script to any page that contains a form you want to protect:
+
+```html
+<script src="https://cdn.eu-captcha.eu/verify.js" async defer></script>
+```
+
+Place the widget inside your form:
+
+```html
+<div class="eu-captcha" data-sitekey="EUCAPTCHA_SITE_KEY"></div>
+```
+
+Verify the submitted token on your server:
+
+```ruby
+require 'eu_captcha'
+
+captcha = EuCaptcha::Client.new(
+  sitekey: ENV['EUCAPTCHA_SITE_KEY'],
+  secret:  ENV['EUCAPTCHA_SECRET_KEY']
+)
+
+result = captcha.validate(
+  token:       params['eu-captcha-response'],
+  remote_addr: request.ip
+)
+
+render_error unless result.success?
+```
+
+## Configuration options
+
+All options are passed as keyword arguments to the constructor.
+
+| Option              | Type    | Default               | Description |
+|---------------------|---------|-----------------------|-------------|
+| `sitekey`           | String  | —                     | **Required.** Public sitekey from the dashboard. |
+| `secret`            | String  | —                     | **Required.** Secret key from the dashboard. Never expose this client-side. |
+| `fail_default`      | Boolean | `true`                | Return value used for both network and token state when the API cannot be reached. `true` = fail open (allow on error); `false` = fail closed (deny on error). |
+| `check_cdn_headers` | Boolean | `true`                | When `true`, the client IP is resolved from CDN/proxy headers (`HTTP_CLIENT_IP`, `HTTP_X_FORWARDED_FOR`, `HTTP_X_REAL_IP`) in the Rack environment before falling back to `REMOTE_ADDR`. Set to `false` when not behind a proxy, or when you pass the IP explicitly. |
+| `verify_url`        | String  | *(production URL)*    | Override the EU-Captcha verify endpoint. Useful for testing. |
+| `credentials_url`   | String  | *(production URL)*    | Override the EU-Captcha verify-credentials endpoint. |
+
+## The result object
+
+`validate` returns an `EuCaptcha::Result` with these methods:
+
+| Method              | Returns `true` when…                                         |
+|---------------------|--------------------------------------------------------------|
+| `success?`          | The API was reached **and** the token is valid.              |
+| `success_network?`  | The API call completed without a network or transport error. |
+| `success_token?`    | The API reported the submitted token as valid.               |
+| `train`             | Returns `true`/`false`/`nil` (see below).                   |
+
+Checking both states separately lets you distinguish a user failing the captcha from an API outage:
+
+```ruby
+result = captcha.validate(token: params['eu-captcha-response'], remote_addr: request.ip)
+
+unless result.success_network?
+  # Could not reach the API — consider logging or alerting
+end
+
+unless result.success_token?
+  # Token was rejected — the submission is likely automated
+end
+```
+
+The `train` method returns `true` when the API skipped real validation and forced success — typically because the sitekey does not exist, the secret does not match, or the sitekey's protection toggle is disabled. `success?` already accounts for this flag and returns `false` in that case. Returns `nil` on network failure.
+
+## Verifying credentials
+
+Use `verify_credentials` to confirm your sitekey and secret are valid without submitting a client token. Useful for startup or configuration checks:
+
+```ruby
+captcha = EuCaptcha::Client.new(
+  sitekey: ENV['EUCAPTCHA_SITE_KEY'],
+  secret:  ENV['EUCAPTCHA_SECRET_KEY']
+)
+
+unless captcha.verify_credentials
+  # Credentials are invalid or the API is unreachable — log and alert
+end
+```
+
+`verify_credentials` returns `false` on any network or API error rather than raising, so it is safe to call during application initialisation.
+
+## Rails
+
+Store credentials in `config/credentials.yml.enc` (or `.env` + dotenv) and create a client in an initializer:
+
+**`config/initializers/eu_captcha.rb`**
+
+```ruby
+EU_CAPTCHA = EuCaptcha::Client.new(
+  sitekey: Rails.application.credentials.dig(:eucaptcha, :sitekey),
+  secret:  Rails.application.credentials.dig(:eucaptcha, :secret)
+)
+```
+
+**Controller**
+
+```ruby
+class ContactController < ApplicationController
+  def create
+    result = EU_CAPTCHA.validate(
+      token:       params['eu-captcha-response'],
+      remote_addr: request.ip,
+      user_agent:  request.user_agent
+    )
+
+    unless result.success?
+      render json: { error: 'CAPTCHA verification failed' }, status: :unprocessable_entity
+      return
+    end
+
+    # process the form...
+  end
+end
+```
+
+`request.ip` respects Rails' trusted-proxy configuration, so the real visitor IP is forwarded correctly when running behind a CDN or load balancer.
+
+## Sinatra / Rack
+
+Pass the Rack environment directly and let the library resolve the client IP automatically:
+
+```ruby
+require 'sinatra'
+require 'eu_captcha'
+
+CAPTCHA = EuCaptcha::Client.new(
+  sitekey: ENV['EUCAPTCHA_SITE_KEY'],
+  secret:  ENV['EUCAPTCHA_SECRET_KEY']
+)
+
+post '/contact' do
+  result = CAPTCHA.validate(
+    token:    params['eu-captcha-response'],
+    rack_env: env
+  )
+
+  halt 422, 'CAPTCHA verification failed' unless result.success?
+
+  # process the form...
+end
+```
+
+When `rack_env` is provided, `validate` automatically resolves the client IP and User-Agent from the Rack environment, respecting the `check_cdn_headers` setting.
+
+## Further reading
+
+- [Full documentation](https://docs.eu-captcha.eu)
+- [Server-side verification reference](https://docs.eu-captcha.eu/integration/server-side-verification/)
+- [SPA integration guides](https://docs.eu-captcha.eu/integration/spa/) (React / Next.js, Vue / Nuxt, Angular)
+
+## License
+
+BSD 2-Clause. See [LICENSE](LICENSE) for details.

data/lib/eu_captcha/client.rb

@@ -0,0 +1,190 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Myra Security GmbH
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+require 'net/http'
+require 'json'
+require 'uri'
+require 'ipaddr'
+
+module EuCaptcha
+  # Server-side EU-Captcha verification client.
+  #
+  # Instantiate once per application (e.g. as a singleton or dependency-injected
+  # service) and call {#validate} on every form submission you want to protect.
+  #
+  # @example Quick start
+  #   captcha = EuCaptcha::Client.new(sitekey: ENV['EUCAPTCHA_SITE_KEY'],
+  #                                   secret:  ENV['EUCAPTCHA_SECRET_KEY'])
+  #
+  #   result = captcha.validate(token: params['eu-captcha-response'],
+  #                             remote_addr: request.ip)
+  #
+  #   render_error unless result.success?
+  class Client
+    VERIFY_URL      = 'https://api.eu-captcha.eu/v1/verify/'
+    CREDENTIALS_URL = 'https://api.eu-captcha.eu/v1/verify-credentials'
+
+    # @param sitekey           [String]  The public site key used to identify your site on the
+    #   client side.
+    # @param secret            [String]  The private secret key used to authenticate server-side
+    #   verification requests. Never expose this client-side.
+    # @param verify_url        [String]  The EU-Captcha verify endpoint. Defaults to the
+    #   production URL.
+    # @param credentials_url   [String]  The EU-Captcha verify-credentials endpoint. Defaults to
+    #   the production URL.
+    # @param fail_default      [Boolean] Whether to treat an API communication failure as a
+    #   successful validation. Defaults to +true+ to avoid blocking legitimate users when the
+    #   API is unreachable (fail open). Set to +false+ to deny on error (fail closed).
+    # @param check_cdn_headers [Boolean] When +true+ (default), the client IP is resolved from
+    #   CDN/proxy headers (+HTTP_CLIENT_IP+, +HTTP_X_FORWARDED_FOR+, +HTTP_X_REAL_IP+) in the
+    #   Rack environment before falling back to +REMOTE_ADDR+. Set to +false+ when running
+    #   behind no proxy, or when you supply +remote_addr+ explicitly on every {#validate} call.
+    #
+    # @raise [EuCaptcha::Error] if +sitekey+ or +secret+ are empty.
+    def initialize(
+      sitekey:,
+      secret:,
+      verify_url: VERIFY_URL,
+      credentials_url: CREDENTIALS_URL,
+      fail_default: true,
+      check_cdn_headers: true
+    )
+      raise EuCaptcha::Error, 'sitekey and secret are required' if sitekey.to_s.empty? || secret.to_s.empty?
+
+      @sitekey           = sitekey
+      @secret            = secret
+      @verify_url        = verify_url
+      @credentials_url   = credentials_url
+      @fail_default      = fail_default
+      @check_cdn_headers = check_cdn_headers
+    end
+
+    # Validates a captcha token against the EU-Captcha API.
+    #
+    # All parameters are optional: pass what you have and let the library fill in the rest
+    # from +rack_env+ when provided.
+    #
+    # On any API or network failure the result reflects +fail_default+ for +state_network+
+    # and +state_token+, and +nil+ for +state_train+, so callers can distinguish between a
+    # failed validation and a failed network request.
+    #
+    # @param token       [String, nil] The captcha response token submitted by the client.
+    # @param remote_addr [String]      The client's IP address. When empty, resolved from
+    #   +rack_env+ (respecting +check_cdn_headers+).
+    # @param user_agent  [String]      The client's User-Agent header. When empty, read from
+    #   +rack_env['HTTP_USER_AGENT']+.
+    # @param rack_env    [Hash, nil]   A Rack environment hash used for automatic IP and
+    #   User-Agent resolution when +remote_addr+ or +user_agent+ are not supplied explicitly.
+    #
+    # @return [EuCaptcha::Result]
+    def validate(token: nil, remote_addr: '', user_agent: '', rack_env: nil)
+      effective_addr = remote_addr.to_s.empty? ? resolve_client_ip(rack_env) : remote_addr.to_s
+      effective_ua   = user_agent.to_s.empty?  ? rack_user_agent(rack_env)   : user_agent.to_s
+
+      payload = {
+        sitekey:           @sitekey,
+        secret:            @secret,
+        client_ip:         effective_addr,
+        client_token:      token.to_s,
+        client_user_agent: effective_ua
+      }
+
+      body = post_json(@verify_url, payload)
+      Result.new(
+        state_network: true,
+        state_token:   body.fetch('success', false) == true,
+        state_train:   body.fetch('train',   false) == true
+      )
+    rescue StandardError
+      Result.new(
+        state_network: @fail_default,
+        state_token:   @fail_default,
+        state_train:   nil
+      )
+    end
+
+    # Checks whether the configured sitekey and secret are valid without requiring a client token.
+    #
+    # Intended for startup or configuration checks. Returns +false+ on any network or API error
+    # rather than raising, so callers can log a warning and continue initialisation.
+    #
+    # @return [Boolean] +true+ if the API confirms the sitekey/secret pair is valid.
+    def verify_credentials
+      payload = { sitekey: @sitekey, secret: @secret }
+      body    = post_json(@credentials_url, payload)
+      body.fetch('valid', false) == true
+    rescue StandardError
+      false
+    end
+
+    private
+
+    # Resolves the client IP address from a Rack environment hash.
+    #
+    # When +check_cdn_headers+ is +true+, the following headers are checked in order and the
+    # first value that passes IP validation is returned:
+    #   +HTTP_CLIENT_IP+, +HTTP_X_FORWARDED_FOR+ (first entry), +HTTP_X_REAL_IP+
+    # Falls back to +REMOTE_ADDR+ in all cases.
+    def resolve_client_ip(rack_env)
+      return '' if rack_env.nil?
+
+      if @check_cdn_headers
+        %w[HTTP_CLIENT_IP HTTP_X_FORWARDED_FOR HTTP_X_REAL_IP].each do |header|
+          value = rack_env[header].to_s
+          next if value.empty?
+
+          ip = value.split(',').first.to_s.strip
+          return ip if valid_ip?(ip)
+        end
+      end
+
+      rack_env.fetch('REMOTE_ADDR', '')
+    end
+
+    def rack_user_agent(rack_env)
+      rack_env&.fetch('HTTP_USER_AGENT', '') || ''
+    end
+
+    def valid_ip?(ip)
+      IPAddr.new(ip)
+      true
+    rescue IPAddr::InvalidAddressError, IPAddr::AddressFamilyError
+      false
+    end
+
+    def post_json(url, payload)
+      uri = URI(url)
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Post.new(uri)
+        request['Content-Type'] = 'application/json'
+        request['Accept']       = 'application/json'
+        request.body            = JSON.generate(payload)
+        response = http.request(request)
+        JSON.parse(response.body)
+      end
+    end
+  end
+end

data/lib/eu_captcha/error.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Myra Security GmbH
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+module EuCaptcha
+  # Raised when the client is misconfigured, for example when +sitekey+ or +secret+ are empty.
+  class Error < StandardError; end
+end

data/lib/eu_captcha/result.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Myra Security GmbH
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+module EuCaptcha
+  # Holds the outcome of a single {Client#validate} call.
+  #
+  # The three state values map directly to the API response fields:
+  #
+  # * +state_network+ – whether the HTTP request completed without a transport error.
+  # * +state_token+   – whether the API reported the submitted token as valid
+  #                     (+success+ field in the JSON response).
+  # * +state_train+   – the +train+ flag from the API response (+true+/+false+),
+  #                     or +nil+ when no response was received (network failure).
+  class Result
+    # @param state_network [Boolean] Whether the API request completed successfully.
+    # @param state_token   [Boolean] Whether the captcha token was accepted as valid by the API.
+    # @param state_train   [Boolean, nil] The +train+ flag from the API response. +true+ means the
+    #   API skipped real validation and forced success (misconfigured credentials or disabled
+    #   protection). +false+ means normal operation. +nil+ when no API response was received
+    #   (network failure).
+    def initialize(state_network:, state_token:, state_train: nil)
+      @state_network = state_network
+      @state_token   = state_token
+      @state_train   = state_train
+    end
+
+    # Returns +true+ only if the API request succeeded, the token was valid,
+    # and the +train+ flag is not set.
+    #
+    # When +train+ is +true+ the API forced +success+ to +true+ without performing
+    # real validation (misconfigured credentials or disabled protection). This
+    # method treats that case as a failure so misconfigured sites fail securely
+    # by default. Use {#train} to inspect the flag directly.
+    #
+    # @return [Boolean]
+    def success?
+      @state_network && @state_token && !@state_train
+    end
+
+    # Returns +true+ if the API request completed without a network or HTTP error.
+    #
+    # @return [Boolean]
+    def success_network?
+      @state_network
+    end
+
+    # Returns +true+ if the API confirmed the captcha token as valid.
+    #
+    # Note: this reflects the raw +success+ field from the API response. When
+    # {#train} returns +true+, the API forced this field to +true+ without real
+    # validation. Prefer {#success?} for the safe combined check.
+    #
+    # @return [Boolean]
+    def success_token?
+      @state_token
+    end
+
+    # Returns the +train+ flag from the API response.
+    #
+    # +true+  means the API skipped real validation and forced +success+ to +true+ —
+    # typically because the sitekey does not exist, the secret does not match,
+    # or the sitekey's protection toggle is disabled. In production this means
+    # every submission appears successful regardless of whether the user solved
+    # the captcha. Check your sitekey and secret immediately if you see this.
+    #
+    # +false+ means normal operation and {#success_token?} reflects the real result.
+    #
+    # +nil+   means no API response was received (network failure) so the train
+    # state is unknown.
+    #
+    # @return [Boolean, nil]
+    def train
+      @state_train
+    end
+  end
+end

data/lib/eu_captcha/version.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Myra Security GmbH
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+module EuCaptcha
+  VERSION = '1.0.0'
+end

data/lib/eu_captcha.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Myra Security GmbH
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+require_relative 'eu_captcha/version'
+require_relative 'eu_captcha/error'
+require_relative 'eu_captcha/result'
+require_relative 'eu_captcha/client'

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification
+name: eu_captcha
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Myra Security GmbH
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: EU captcha protects your website/API against abuse like form spam and
+  credential stuffing
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/eu_captcha.rb
+- lib/eu_captcha/client.rb
+- lib/eu_captcha/error.rb
+- lib/eu_captcha/result.rb
+- lib/eu_captcha/version.rb
+homepage: https://eu-captcha.eu
+licenses:
+- BSD-2-Clause
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.7
+specification_version: 4
+summary: EU-Captcha server-side verification client for Ruby
+test_files: []