@friendlycaptcha/server-sdk 0.1.2 → 0.2.0

package/example/package.json

@@ -1,24 +0,0 @@
-{
-  "name": "friendly-captcha-example",
-  "version": "1.0.0",
-  "description": "Friendly Captcha V2 Javascript SDK integration example",
-  "main": "index.js",
-  "type": "module",
-  "private": true,
-  "scripts": {
-    "start": "node --import tsx src/index.ts"
-  },
-  "author": "Friendly Captcha GmbH",
-  "license": "MIT",
-  "dependencies": {
-    "@friendlycaptcha/server-sdk": "^0.1.0",
-    "ejs": "^3.1.9",
-    "express": "^4.18.2"
-  },
-  "devDependencies": {
-    "@types/express": "^4.17.21",
-    "@types/node": "^20.11.5",
-    "tsx": "^4.7.0",
-    "typescript": "^5.3.3"
-  }
-}

package/example/src/index.ts

@@ -1,84 +0,0 @@
-import express, { Request, Response } from "express";
-import { FriendlyCaptchaClient } from "@friendlycaptcha/server-sdk";
-
-type FormMessage = {
-  subject: string;
-  message: string;
-};
-
-const app = express();
-const port = process.env.PORT || 3000;
-
-const FRC_SITEKEY = process.env.FRC_SITEKEY;
-const FRC_APIKEY = process.env.FRC_APIKEY;
-
-// Optionally we can pass in custom endpoints to be used, such as "eu".
-const FRC_SITEVERIFY_ENDPOINT = process.env.FRC_SITEVERIFY_ENDPOINT;
-const FRC_WIDGET_ENDPOINT = process.env.FRC_WIDGET_ENDPOINT;
-
-if (!FRC_SITEKEY || !FRC_APIKEY) {
-  console.error(
-    "Please set the FRC_SITEKEY and FRC_APIKEY environment values before running this example to your Friendly Captcha sitekey and API key respectively.",
-  );
-  process.exit(1);
-}
-
-const frcClient = new FriendlyCaptchaClient({
-  apiKey: FRC_APIKEY,
-  sitekey: FRC_SITEKEY,
-  siteverifyEndpoint: FRC_SITEVERIFY_ENDPOINT, // optional, defaults to "global"
-});
-
-app.set("view engine", "ejs");
-app.use(express.urlencoded({ extended: true }));
-
-app.get("/", (req: Request, res: Response) => {
-  res.render("index", {
-    message: "",
-    sitekey: FRC_SITEKEY,
-    widgetEndpoint: FRC_WIDGET_ENDPOINT,
-  });
-});
-
-app.post("/", async (req: Request, res: Response) => {
-  const formData = req.body;
-  const formMessage = formData as FormMessage;
-
-  const frcCaptchaResponse = formData["frc-captcha-response"];
-  const result = await frcClient.verifyCaptchaResponse(frcCaptchaResponse);
-  if (!result.wasAbleToVerify()) {
-    // In this case we were not actually able to verify the response embedded in the form, but we may still want to accept it.
-    // It could mean there is a network issue or that the service is down. In those cases you generally want to accept submissions anyhow.
-    // That's why we use `shouldAccept()` below to actually accept or reject the form submission. It will return true in these cases.
-
-    if (result.isClientError()) {
-      // Something is wrong with our configuration, check your API key!
-      // Send yourself an alert to fix this! Your site is unprotected until you fix this.
-      console.error("CAPTCHA CONFIG ERROR: ", result.getErrorCode(), result.getResponseError());
-    } else {
-      console.error("Failed to verify captcha response: ", result.getErrorCode(), result.getResponseError());
-    }
-  }
-
-  if (!result.shouldAccept()) {
-    res.render("index", {
-      message: "❌ Anti-robot check failed, please try again.",
-      sitekey: FRC_SITEKEY,
-      widgetEndpoint: FRC_WIDGET_ENDPOINT,
-    });
-    return;
-  }
-
-  // The captcha was OK, process the form.
-  formMessage; // Normally we would use the form data in `formMessage` here and submit it to our database.
-
-  res.render("index", {
-    message: "✅ Your message has been submitted successfully.",
-    sitekey: FRC_SITEKEY,
-    widgetEndpoint: FRC_WIDGET_ENDPOINT,
-  });
-});
-
-app.listen(port, () => {
-  console.log(`Server running at http://localhost:${port}`);
-});

package/example/tsconfig.json

@@ -1,13 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "es6",
-    "module": "commonjs",
-    "outDir": "./dist",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true
-  },
-  "include": ["src/**/*.ts"],
-  "exclude": ["node_modules"]
-}

package/example/views/index.ejs

@@ -1,86 +0,0 @@
-<!doctype html>
-<html lang="en">
-
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <meta http-equiv="X-UA-Compatible" content="ie=edge" />
-  <title>Friendly Captcha Javascript SDK example</title>
-  <style>
-    * {
-      box-sizing: border-box;
-    }
-
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans",
-        "Helvetica Neue", sans-serif;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      height: 100vh;
-      width: 100vw;
-      background-color: #f2f2f2;
-    }
-
-    h1 {
-      font-size: 1.4em;
-    }
-
-    main {
-      width: 100%;
-      max-width: 680px;
-    }
-
-    .message {
-      width: 100%;
-      padding: 0.5em 2em;
-      margin: 1.5em 0;
-      border-radius: 8px;
-    }
-
-    .message h2 {
-      margin-bottom: 0;
-    }
-
-    label {
-      display: block;
-    }
-  </style>
-
-  <script type="module" src="https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk@0.1.8/site.min.js" async defer></script>
-  <script nomodule src="https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk@0.1.8/site.compat.min.js" async
-    defer></script>
-
-  <!-- You can change the data-api-endpoint via this tag. More info here https://developer.friendlycaptcha.com/docs/sdk/configuration -->
-  <!-- <meta name="frc-api-endpoint" content=".">  -->
-</head>
-
-<body>
-  <main>
-    <h1>Friendly Captcha JavaScript SDK form</h1>
-    <% if (message) { %>
-      <p>
-        <%= message %>
-      </p>
-      <% } %>
-        <form method="POST">
-          <div class="form-group">
-            <label>Subject:</label><br />
-            <input type="text" name="subject" /><br />
-            <label>Message:</label><br />
-            <textarea name="message"></textarea><br />
-            <div class="frc-captcha" data-sitekey="<%= sitekey %>" <% if (widgetEndpoint) { %> data-api-endpoint="<%=
-                widgetEndpoint %>" <% } %>></div>
-            <input style="margin-top: 1em" type="submit" value="Submit" />
-          </div>
-        </form>
-  </main>
-
-  <script>
-    if (window.history.replaceState) {
-      window.history.replaceState(null, null, window.location.href);
-    }
-  </script>
-</body>
-
-</html>

package/src/api/errors.ts

@@ -1,77 +0,0 @@
-export type SiteverifyErrorCode =
-  | typeof SITEKEY_INVALID
-  | typeof AUTH_INVALID
-  | typeof AUTH_REQUIRED
-  | typeof BAD_REQUEST
-  | typeof RESPONSE_TIMEOUT
-  | typeof RESPONSE_DUPLICATE
-  | typeof RESPONSE_INVALID
-  | typeof RESPONSE_MISSING
-  | typeof INTERNAL_SERVER_ERROR;
-
-/**
- * The API key you provided was invalid.
- *
- * HTTP status 401.
- */
-export const AUTH_INVALID = "auth_invalid";
-/**
- * You forgot to set the `X-API-Key` header.
- *
- * HTTP status 401.
- */
-export const AUTH_REQUIRED = "auth_required";
-
-/**
- * The sitekey in your request is invalid.
- *
- * HTTP status 400.
- */
-export const SITEKEY_INVALID = "sitekey_invalid";
-
-/**
- * Something else is wrong with your request, e.g. your request body is empty.
- */
-export const BAD_REQUEST = "bad_request";
-/**
- * The response has expired.
- *
- * HTTP status 200.
- */
-export const RESPONSE_TIMEOUT = "response_timeout";
-/**
- * The response has already been used.
- *
- * HTTP status 200.
- */
-export const RESPONSE_DUPLICATE = "response_duplicate";
-/**
- * The response you provided was invalid (perhaps the user tried to work around the captcha).
- *
- * HTTP status 200.
- */
-export const RESPONSE_INVALID = "response_invalid";
-/**
- * You forgot to add the response parameter.
- *
- * HTTP status 400.
- */
-export const RESPONSE_MISSING = "response_missing";
-/**
- * Something went wrong within the server. (Should never happen).
- *
- * HTTP status 500.
- */
-export const INTERNAL_SERVER_ERROR = "internal_server_error";
-
-export const ERROR_CODE_TO_STATUS: Record<SiteverifyErrorCode, number> = {
-  [SITEKEY_INVALID]: 400,
-  [AUTH_INVALID]: 401,
-  [AUTH_REQUIRED]: 401,
-  [BAD_REQUEST]: 400,
-  [RESPONSE_TIMEOUT]: 200,
-  [RESPONSE_DUPLICATE]: 200,
-  [RESPONSE_INVALID]: 200,
-  [RESPONSE_MISSING]: 400,
-  [INTERNAL_SERVER_ERROR]: 500,
-};

package/src/api/index.ts

@@ -1 +0,0 @@
-export * from "./types.js";

package/src/api/types.ts

@@ -1,66 +0,0 @@
-import { SiteverifyErrorCode } from "./errors";
-
-/**
- * The request we make to the Frienldy Captcha API.
- * @internal
- */
-export interface SiteverifyRequest {
-  /**
-   * The response value that the user submitted in the frc-captcha-response field
-   */
-  response: string;
-  /**
-   * Optional: the sitekey that you want to make sure the puzzle was generated from.
-   */
-  sitekey?: string;
-}
-
-/**
- * @public
- */
-export interface SiteverifyResponseData {
-  challenge: SiteverifyResponseChallengeData;
-}
-
-/**
- * @public
- */
-export interface SiteverifyResponseChallengeData {
-  /**
-   * Timestamp when the captcha challenge was completed (RFC3339).
-   */
-  timestamp: string;
-  /**
-   * The origin of the site where the captcha was solved (if known, can be empty string if not known).
-   */
-  origin: string;
-}
-
-/**
- * @public
- */
-export interface SiteverifySuccessResponse {
-  success: true;
-  data: SiteverifyResponseData;
-}
-
-/**
- * @public
- */
-export interface SiteverifyErrorResponseErrorData {
-  error_code: SiteverifyErrorCode;
-  detail: string;
-}
-
-/**
- * @public
- */
-export interface SiteverifyErrorResponse {
-  success: false;
-  error: SiteverifyErrorResponseErrorData;
-}
-
-/**
- * @public
- */
-export type SiteverifyResponse = SiteverifySuccessResponse | SiteverifyErrorResponse;

package/src/client/client.ts

@@ -1,157 +0,0 @@
-import type { SiteverifyRequest } from "../api/index.js";
-import {
-  FAILED_DUE_TO_CLIENT_ERROR_CODE,
-  FAILED_TO_DECODE_RESPONSE_ERROR_CODE,
-  FAILED_TO_ENCODE_ERROR_CODE,
-  REQUEST_FAILED_ERROR_CODE,
-  REQUEST_FAILED_TIMEOUT_ERROR_CODE,
-} from "./errors.js";
-import { VerifyResult } from "./result.js";
-import { SDK_VERSION } from "./version.gen.js";
-
-/**
- * Configuration options when creating a new `FriendlyCaptchaClient`.
- * @public
- */
-export interface FriendlyCaptchaOptions {
-  sitekey?: string;
-  /**
-   * Friendly Captcha API Key.
-   */
-  apiKey: string;
-
-  /**
-   * The endpoint to use for the API. Can be "eu", "global", or a custom URL.
-   *
-   * Defaults to `"global"`.
-   */
-  siteverifyEndpoint?: string;
-
-  /**
-   * Whether to use strict mode, which rejects all captcha responses which were not strictly verified.
-   *
-   * This is not recommended. Defaults to `false`.
-   */
-  strict?: boolean;
-
-  /**
-   * The fetch implementation to use. Defaults to `globalThis.fetch`.
-   */
-  fetch?: typeof globalThis.fetch;
-}
-
-const GLOBAL_SITEVERIFY_ENDPOINT = "https://global.frcapi.com/api/v2/captcha/siteverify";
-const EU_SITEVERIFY_ENDPOINT = "https://eu.frcapi.com/api/v2/captcha/siteverify";
-
-/**
- * A client for the Friendly Captcha API.
- * @public
- */
-export class FriendlyCaptchaClient {
-  private sitekey?: string;
-  private apiKey: string;
-  private siteverifyEndpoint: string;
-  private strict: boolean;
-
-  private fetch: typeof globalThis.fetch;
-
-  constructor(opts: FriendlyCaptchaOptions) {
-    this.sitekey = opts.sitekey;
-
-    if (!opts.apiKey) {
-      throw new Error("api key is required");
-    }
-    this.apiKey = opts.apiKey;
-
-    let siteverifyEndpoint = opts.siteverifyEndpoint || "global";
-    if (siteverifyEndpoint === "global") {
-      siteverifyEndpoint = GLOBAL_SITEVERIFY_ENDPOINT;
-    } else if (siteverifyEndpoint === "eu") {
-      siteverifyEndpoint = EU_SITEVERIFY_ENDPOINT;
-    }
-    this.siteverifyEndpoint = siteverifyEndpoint;
-
-    this.strict = !!opts.strict;
-    this.fetch = opts.fetch || globalThis.fetch;
-  }
-
-  /**
-   * Verify a captcha response.
-   *
-   * @param response - The response token from the captcha.
-   * @param opts - Optional options object:
-   *   * `timeout`: The timeout in milliseconds. Defaults to 20 seconds.
-   *   * `sitekey`: The sitekey to use for this request. Defaults to the sitekey passed to the constructor (if any).
-   * @returns A promise that always resolves to a `VerifyResult` object, which contains the fields `shouldAccept()` and `wasAbleToVerify()`. This promise never rejects.
-   */
-  public verifyCaptchaResponse(
-    response: string,
-    opts: { timeout?: number; sitekey?: string } = {},
-  ): Promise<VerifyResult> {
-    const siteverifyRequest: SiteverifyRequest = {
-      response,
-    };
-    if (this.sitekey || opts.sitekey) {
-      siteverifyRequest.sitekey = this.sitekey || opts.sitekey;
-    }
-
-    const result = new VerifyResult(this.strict);
-    let body: string;
-
-    try {
-      body = JSON.stringify(siteverifyRequest);
-    } catch (e) {
-      result.clientErrorType = FAILED_TO_ENCODE_ERROR_CODE;
-      return Promise.resolve(result);
-    }
-
-    const headers = {
-      "Content-Type": "application/json",
-      Accept: "application/json",
-      "Frc-Sdk": "friendly-captcha-javascript-sdk@" + SDK_VERSION,
-      "X-Api-Key": this.apiKey,
-    };
-
-    const timeout = opts?.timeout || 20_000;
-
-    return new Promise((resolve) => {
-      const controller = new AbortController();
-      const signal = controller.signal;
-      setTimeout(() => {
-        controller.abort();
-        result.clientErrorType = REQUEST_FAILED_TIMEOUT_ERROR_CODE;
-        resolve(result);
-      }, timeout);
-
-      this.fetch(this.siteverifyEndpoint, {
-        method: "POST",
-        headers,
-        body,
-        signal,
-      })
-        .then((response) => {
-          result.status = response.status;
-          if (response.status >= 400 && response.status < 500) {
-            result.clientErrorType = FAILED_DUE_TO_CLIENT_ERROR_CODE;
-          }
-          return response.json().catch(() => {
-            result.clientErrorType = FAILED_TO_DECODE_RESPONSE_ERROR_CODE;
-            resolve(result);
-          });
-        })
-        .then((json) => {
-          if (typeof json !== "object" || json === null) {
-            result.clientErrorType = FAILED_TO_DECODE_RESPONSE_ERROR_CODE;
-            resolve(result);
-            return;
-          }
-          result.response = json;
-          resolve(result);
-        })
-        .catch((e) => {
-          result.clientErrorType = REQUEST_FAILED_ERROR_CODE;
-          resolve(result);
-        });
-    });
-  }
-}

package/src/client/errors.ts

@@ -1,42 +0,0 @@
-/**
- * Failed to encode the captcha response. This means the captcha response was invalid and should never be accepted.
- *
- * @public
- */
-export const FAILED_TO_ENCODE_ERROR_CODE = "failed_to_encode_request";
-/**
- *
- * The request couldn't be made, perhaps there is a network outage, DNS issue, or the API is unreachable.
- *
- * @public
- */
-export const REQUEST_FAILED_ERROR_CODE = "request_failed";
-/**
- *
- * The request couldn't be made, perhaps there is a network outage, DNS issue, or the API is unreachable.
- *
- * @public
- */
-export const REQUEST_FAILED_TIMEOUT_ERROR_CODE = "request_failed_due_to_timeout";
-/**
- * An error occured on the client side that could've been prevented. This generally means your configuration is wrong.
- *
- * Check your API key and sitekey.
- * @public
- */
-export const FAILED_DUE_TO_CLIENT_ERROR_CODE = "request_failed_due_to_client_error";
-/**
- * The response from the Friendly Captcha API could not be decoded.
- *
- * @public
- */
-export const FAILED_TO_DECODE_RESPONSE_ERROR_CODE = "verification_response_could_not_be_decoded";
-/**
- * @public
- */
-export type VerifyClientErrorCode =
-  | typeof FAILED_TO_ENCODE_ERROR_CODE
-  | typeof REQUEST_FAILED_ERROR_CODE
-  | typeof REQUEST_FAILED_TIMEOUT_ERROR_CODE
-  | typeof FAILED_DUE_TO_CLIENT_ERROR_CODE
-  | typeof FAILED_TO_DECODE_RESPONSE_ERROR_CODE;

package/src/client/index.ts

@@ -1,3 +0,0 @@
-export * from "./client.js";
-export * from "./result.js";
-export * from "./errors.js";