turnstile-captcha 0.1.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 90f0930df0270dc3176b2f4ffbb9313b67b6ec5e754e8dcaede32eb423d8b1d3
+  data.tar.gz: 588984312cb99edfe8a1ce598b97a6d8bf0595ba22e21218c41c5d1578d9da43
+SHA512:
+  metadata.gz: 3329bec1812bfa6716bc06f49c4e7ef5d470bf1b07d8e79853d468353a28a6d53f86203e092720c481e76e6f4be1d3efa930b6f3a87ea080bbd3454a53391c4b
+  data.tar.gz: 8e491f31f09d8f18f03cc4f53b5a42cb7b6b71e2850942835adcbbc297af8794dc5155fc4db42c8b7b3edaf0dfdbcac8cb099daa05e0371687c85954a524a4a5

data/README.md

@@ -0,0 +1,130 @@
+# Turnstile
+
+A gem to add [Cloudflare Turnstile](https://blog.cloudflare.com/turnstile-private-captcha-alternative/) to your Rails app.
+
+```ruby
+gem 'turnstile-captcha', require: 'turnstile'
+```
+
+And then execute:
+
+    $ bundle install
+
+## Usage
+
+Create an initializer and configure Turnstile with your Site Key and Secret Key:
+
+```ruby
+# config/initializers/turnstile.rb
+
+Turnstile.configure do |config|
+  config.site_key = ...
+  config.secret_key = ...
+end
+```
+
+You now have access to the Turnstile view and controller helpers.
+
+To output the required tags, use `captcha_javascript_tag`, eg in your `<head>` tag:
+
+```erb
+# application.html.erb
+
+<html>
+  <head>
+    ...
+    <%= captcha_javascript_tag %>
+    ...
+  </head>
+  ...
+</html>
+```
+
+And in your form, output the placeholder tag. You can provide an [`action`](https://developers.cloudflare.com/turnstile/get-started/client-side-rendering/#configurations):
+
+```erb
+<%= form_for @user do |f| %>
+  ..
+  <%= captcha_placeholder_tag action: "login" %>
+  ..
+<% end %>
+```
+
+You can also output both of these tags together, eg. if you only have a single form on the page:
+
+```erb
+<%= form_for @user do |f| %>
+  ...
+  <%= captcha_tags action: "login" %>
+  ...
+<% end %>
+```
+
+Upon submission, you can now validate the request using `valid_captcha?`:
+
+```ruby
+class SessionsController < ..
+  def create
+    if valid_captcha?
+      # Perform
+    end
+  end
+end
+```
+
+Inspired by the [recaptcha gem](https://github.com/ambethia/recaptcha) you can provide a `model:` option.
+In case of captcha failure, an `:invalid_captcha` error will be added to the provided model on the `:base`,
+which can be localized using Rails I18n.
+
+```ruby
+class UsersController < ..
+  def create
+    @user = User.new(..)
+
+    if valid_captcha?(model: @user)
+      # Perform
+    else
+      # @user.errors.details
+      # => {:base=>[{error: :invalid_captcha}]}
+    end
+  end
+end
+```
+
+## Configuration
+
+You can add an `on_failure` handler to for instance instrument failures.
+The proc will be called with the verification result from Cloudflare:
+
+```ruby
+Turnstile.configure do |config|
+  config.on_failure = ->(verification) { ErrorNotifier.notify("Captcha failure: #{verification.result}") }
+end
+```
+
+It is also possible to globally disable/enable Turnstile captcha validation, eg. in CI:
+
+```ruby
+Turnstile.configure do |config|
+  config.enabled = ENV["ENABLE_TURNSTILE"]
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/pfeiffer/turnstile-captcha. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/pfeiffer/turnstile-captcha/blob/master/CODE_OF_CONDUCT.md).
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Turnstile project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/pfeiffer/turnstile-captcha/blob/master/CODE_OF_CONDUCT.md).

data/lib/turnstile/configuration.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class Turnstile::Configuration
+  DEFAULTS = {
+    enabled: true,
+    server_url: "https://challenges.cloudflare.com/turnstile/v0/siteverify",
+    script_url: "https://challenges.cloudflare.com/turnstile/v0/api.js"
+  }.freeze
+
+  attr_accessor :site_key, :secret_key, :enabled, :script_url, :server_url, :on_failure
+
+  def initialize
+    @enabled = DEFAULTS[:enabled]
+    @server_url = DEFAULTS[:server_url]
+    @script_url = DEFAULTS[:script_url]
+    @on_failure = nil
+  end
+end

data/lib/turnstile/controller_methods.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Turnstile::ControllerMethods
+  def valid_captcha?(*args)
+    return true unless Turnstile.configuration.enabled
+
+    options = args.extract_options!
+    verification = Turnstile::Verification.new(response: params["cf-turnstile-response"], remote_ip: request.remote_ip)
+
+    return true if verification.success?
+
+    Turnstile.configuration.on_failure&.call(verification)
+
+    if options[:model].respond_to?(:errors)
+      options[:model].errors.add(:base, :invalid_captcha, message: "Captcha verification failed")
+    end
+
+    false
+  end
+end

data/lib/turnstile/railtie.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class Turnstile::Railtie < Rails::Railtie
+  ActiveSupport.on_load(:action_view) do
+    include Turnstile::ViewHelpers
+  end
+
+  ActiveSupport.on_load(:action_controller) do
+    include Turnstile::ControllerMethods
+  end
+end

data/lib/turnstile/verification.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require "faraday"
+require "hashie/mash"
+
+class Turnstile::Verification
+  attr_reader :response, :remote_ip
+
+  def initialize(response:, remote_ip:)
+    @response = response
+    @remote_ip = remote_ip
+  end
+
+  def result
+    @result ||= begin
+      response = perform_verification
+
+      Hashie::Mash.new(response.body)
+    end
+  end
+
+  def success?
+    result.success?
+  end
+
+  private
+
+  def perform_verification
+    client.post \
+      Turnstile.configuration.server_url,
+      response: response,
+      secret: Turnstile.configuration.secret_key,
+      remoteip: remote_ip
+  end
+
+  def client
+    @client ||= Faraday.new do |conn|
+      conn.request :url_encoded
+      conn.response :json
+    end
+  end
+end

data/lib/turnstile/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Turnstile
+  VERSION = "0.1.3"
+end

data/lib/turnstile/view_helpers.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Turnstile::ViewHelpers
+  def captcha_tags(options = {})
+    [
+      captcha_javascript_tag,
+      captcha_placeholder_tag(options)
+    ].join.html_safe
+  end
+
+  def captcha_javascript_tag
+    javascript_include_tag Turnstile.configuration.script_url, async: true, defer: true
+  end
+
+  def captcha_placeholder_tag(options = {})
+    action = options.delete(:action)
+    attrs = {
+      class: "cf-turnstile",
+      data: {
+        action: action,
+        sitekey: Turnstile.configuration.site_key
+      }
+    }.deep_merge(options)
+
+    content_tag :div, "", attrs
+  end
+end

data/lib/turnstile.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require "turnstile/version"
+require "turnstile/configuration"
+require "turnstile/controller_methods"
+require "turnstile/view_helpers"
+require "turnstile/verification"
+
+require "turnstile/railtie" if defined?(Rails)
+
+module Turnstile
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+end

metadata

@@ -0,0 +1,139 @@
+--- !ruby/object:Gem::Specification
+name: turnstile-captcha
+version: !ruby/object:Gem::Version
+  version: 0.1.3
+platform: ruby
+authors:
+- Mattias Pfeiffer
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-11-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.0
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Use Turnstile by Cloudflare to perform captcha validation in your Rails
+  app
+email:
+- mattias@pfeiffer.dk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/turnstile.rb
+- lib/turnstile/configuration.rb
+- lib/turnstile/controller_methods.rb
+- lib/turnstile/railtie.rb
+- lib/turnstile/verification.rb
+- lib/turnstile/version.rb
+- lib/turnstile/view_helpers.rb
+homepage: https://github.com/pfeiffer/turnstile-captcha
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/pfeiffer/turnstile-captcha
+  source_code_uri: https://github.com/pfeiffer/turnstile-captcha/
+  changelog_uri: https://github.com/pfeiffer/turnstile-captcha/blog/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: Use Turnstile by Cloudflare to perform captcha validation in your Rails app
+test_files: []