capjs-server 0.1.0__tar.gz

capjs_server-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: CI
+on: [push, pull_request]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+      - run: uv run nox -s "tests-${{ matrix.python-version }}"
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+      - run: uv run nox -s lint
+  publish:
+    needs: [test, lint]
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+      - run: uv build
+      - uses: pypa/gh-action-pypi-publish@release/v1

capjs_server-0.1.0/.gitignore

@@ -0,0 +1,9 @@
+__pycache__/
+*.pyc
+*.egg-info/
+dist/
+build/
+.nox/
+.venv/
+*.xml
+.coverage

capjs_server-0.1.0/LICENSE

@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to the Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by the Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding any notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 VSHN AG
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

capjs_server-0.1.0/PKG-INFO

@@ -0,0 +1,120 @@
+Metadata-Version: 2.4
+Name: capjs-server
+Version: 0.1.0
+Summary: Python server-side implementation of the Cap.js proof-of-work CAPTCHA protocol
+Project-URL: Homepage, https://github.com/vshn/capjs-server
+Project-URL: Documentation, https://github.com/vshn/capjs-server#readme
+Project-URL: Issues, https://github.com/vshn/capjs-server/issues
+Project-URL: Source, https://github.com/vshn/capjs-server
+License-Expression: Apache-2.0
+License-File: LICENSE
+Keywords: bot-protection,capjs,captcha,proof-of-work,spam
+Classifier: Development Status :: 4 - Beta
+Classifier: Framework :: Django
+Classifier: Framework :: Flask
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Provides-Extra: django
+Requires-Dist: django>=4.2; extra == 'django'
+Description-Content-Type: text/markdown
+
+# capjs-server
+
+Python server-side implementation of the [Cap.js](https://capjs.js.org/) proof-of-work CAPTCHA protocol. Framework-agnostic core with optional Django integration.
+
+Cap.js is a privacy-friendly, cookie-free CAPTCHA that uses proof-of-work challenges instead of image recognition. This package provides the server side — challenge creation, solution verification, and token validation.
+
+## Installation
+
+```bash
+pip install capjs-server
+
+# With Django integration
+pip install capjs-server[django]
+```
+
+## Quick Start
+
+```python
+from capjs_server import CapServer
+
+cap = CapServer(secret_key="your-secret-key")
+
+# Create challenge → return as JSON to the Cap.js widget
+challenge = cap.create_challenge()
+
+# Verify solutions from the widget → return as JSON
+result = cap.redeem(challenge["token"], solutions)
+
+# Validate verification token in your form handler
+if cap.validate(request.POST["cap-token"]):
+    process_form()
+```
+
+## Django Integration
+
+```python
+# settings.py (all optional — sensible defaults)
+CAP_SECRET_KEY = SECRET_KEY         # defaults to Django's SECRET_KEY
+CAP_CHALLENGE_COUNT = 50            # sub-challenges per solve
+CAP_CHALLENGE_DIFFICULTY = 4        # target prefix length (hex chars)
+
+# urls.py
+from capjs_server.django.views import CapChallengeView, CapRedeemView
+
+urlpatterns = [
+    path("cap/challenge", CapChallengeView.as_view()),
+    path("cap/redeem", CapRedeemView.as_view()),
+]
+
+# views.py
+from capjs_server.django import validate_cap_token
+
+def contact(request):
+    if not validate_cap_token(request):
+        return HttpResponseForbidden()
+    # process form...
+```
+
+## Configuration
+
+| Parameter | Default | Description |
+|-----------|---------|-------------|
+| `secret_key` | *(required)* | HMAC signing key. Keep stable across deploys. |
+| `challenge_count` | `50` | Sub-challenges per solve |
+| `challenge_size` | `32` | Salt length in hex chars |
+| `challenge_difficulty` | `4` | Target prefix length in hex chars |
+| `challenge_expiry_ms` | `600000` | Challenge token lifetime (10 min) |
+| `token_expiry_ms` | `300000` | Verification token lifetime (5 min) |
+
+## Testing
+
+A brute-force solver is included for writing integration tests without a browser:
+
+```python
+from capjs_server import CapServer
+from capjs_server.testing import solve
+
+cap = CapServer(secret_key="test", challenge_count=2, challenge_difficulty=1)
+challenge = cap.create_challenge()
+solutions = solve(challenge["token"], challenge["challenge"])
+result = cap.redeem(challenge["token"], solutions)
+assert result["success"]
+```
+
+## How It Works
+
+All state is encoded in HMAC-signed tokens — no server-side storage. This makes it safe for multi-instance deployments (Kubernetes, Cloud Run, serverless).
+
+1. **Challenge**: Server generates a random nonce and signs it with difficulty parameters into a token
+2. **Solve**: The Cap.js widget finds nonces whose SHA-256 hash starts with a PRNG-derived prefix
+3. **Redeem**: Server verifies the HMAC, checks solutions, and issues a signed verification token
+4. **Validate**: Server verifies the verification token's HMAC and expiry
+
+## License
+
+Apache-2.0 — same as Cap.js.

capjs_server-0.1.0/README.md

@@ -0,0 +1,96 @@
+# capjs-server
+
+Python server-side implementation of the [Cap.js](https://capjs.js.org/) proof-of-work CAPTCHA protocol. Framework-agnostic core with optional Django integration.
+
+Cap.js is a privacy-friendly, cookie-free CAPTCHA that uses proof-of-work challenges instead of image recognition. This package provides the server side — challenge creation, solution verification, and token validation.
+
+## Installation
+
+```bash
+pip install capjs-server
+
+# With Django integration
+pip install capjs-server[django]
+```
+
+## Quick Start
+
+```python
+from capjs_server import CapServer
+
+cap = CapServer(secret_key="your-secret-key")
+
+# Create challenge → return as JSON to the Cap.js widget
+challenge = cap.create_challenge()
+
+# Verify solutions from the widget → return as JSON
+result = cap.redeem(challenge["token"], solutions)
+
+# Validate verification token in your form handler
+if cap.validate(request.POST["cap-token"]):
+    process_form()
+```
+
+## Django Integration
+
+```python
+# settings.py (all optional — sensible defaults)
+CAP_SECRET_KEY = SECRET_KEY         # defaults to Django's SECRET_KEY
+CAP_CHALLENGE_COUNT = 50            # sub-challenges per solve
+CAP_CHALLENGE_DIFFICULTY = 4        # target prefix length (hex chars)
+
+# urls.py
+from capjs_server.django.views import CapChallengeView, CapRedeemView
+
+urlpatterns = [
+    path("cap/challenge", CapChallengeView.as_view()),
+    path("cap/redeem", CapRedeemView.as_view()),
+]
+
+# views.py
+from capjs_server.django import validate_cap_token
+
+def contact(request):
+    if not validate_cap_token(request):
+        return HttpResponseForbidden()
+    # process form...
+```
+
+## Configuration
+
+| Parameter | Default | Description |
+|-----------|---------|-------------|
+| `secret_key` | *(required)* | HMAC signing key. Keep stable across deploys. |
+| `challenge_count` | `50` | Sub-challenges per solve |
+| `challenge_size` | `32` | Salt length in hex chars |
+| `challenge_difficulty` | `4` | Target prefix length in hex chars |
+| `challenge_expiry_ms` | `600000` | Challenge token lifetime (10 min) |
+| `token_expiry_ms` | `300000` | Verification token lifetime (5 min) |
+
+## Testing
+
+A brute-force solver is included for writing integration tests without a browser:
+
+```python
+from capjs_server import CapServer
+from capjs_server.testing import solve
+
+cap = CapServer(secret_key="test", challenge_count=2, challenge_difficulty=1)
+challenge = cap.create_challenge()
+solutions = solve(challenge["token"], challenge["challenge"])
+result = cap.redeem(challenge["token"], solutions)
+assert result["success"]
+```
+
+## How It Works
+
+All state is encoded in HMAC-signed tokens — no server-side storage. This makes it safe for multi-instance deployments (Kubernetes, Cloud Run, serverless).
+
+1. **Challenge**: Server generates a random nonce and signs it with difficulty parameters into a token
+2. **Solve**: The Cap.js widget finds nonces whose SHA-256 hash starts with a PRNG-derived prefix
+3. **Redeem**: Server verifies the HMAC, checks solutions, and issues a signed verification token
+4. **Validate**: Server verifies the verification token's HMAC and expiry
+
+## License
+
+Apache-2.0 — same as Cap.js.

capjs_server-0.1.0/noxfile.py

@@ -0,0 +1,16 @@
+import nox
+
+nox.options.default_venv_backend = "uv"
+
+
+@nox.session(python=["3.10", "3.11", "3.12", "3.13", "3.14"])
+def tests(session: nox.Session) -> None:
+    session.install("-e", ".[django]", "--group", "dev")
+    session.run("pytest", *session.posargs)
+
+
+@nox.session
+def lint(session: nox.Session) -> None:
+    session.install("ruff")
+    session.run("ruff", "check", "src/", "tests/")
+    session.run("ruff", "format", "--check", "src/", "tests/")

capjs_server-0.1.0/pyproject.toml

@@ -0,0 +1,55 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "capjs-server"
+version = "0.1.0"
+description = "Python server-side implementation of the Cap.js proof-of-work CAPTCHA protocol"
+readme = "README.md"
+license = "Apache-2.0"
+requires-python = ">=3.10"
+keywords = ["captcha", "proof-of-work", "capjs", "spam", "bot-protection"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Framework :: Django",
+    "Framework :: Flask",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Apache Software License",
+    "Programming Language :: Python :: 3",
+    "Topic :: Internet :: WWW/HTTP",
+    "Topic :: Security",
+]
+
+[project.optional-dependencies]
+django = ["django>=4.2"]
+
+[project.urls]
+Homepage = "https://github.com/vshn/capjs-server"
+Documentation = "https://github.com/vshn/capjs-server#readme"
+Issues = "https://github.com/vshn/capjs-server/issues"
+Source = "https://github.com/vshn/capjs-server"
+
+[dependency-groups]
+dev = [
+    "nox[uv]>=2024.4",
+    "pytest>=8.0",
+    "pytest-cov>=5.0",
+    "ruff>=0.9",
+    "django>=5.1",
+    "pytest-django>=4.8",
+]
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/capjs_server"]
+
+[tool.pytest.ini_options]
+addopts = "--cov=capjs_server --cov-report=term-missing"
+pythonpath = ["src", "."]
+DJANGO_SETTINGS_MODULE = "tests.django_settings"
+
+[tool.ruff]
+target-version = "py310"
+
+[tool.ruff.lint]
+select = ["E", "F", "I", "W"]

capjs_server-0.1.0/src/capjs_server/__init__.py

@@ -0,0 +1,107 @@
+"""Cap.js proof-of-work CAPTCHA server for Python.
+
+Usage::
+
+    from capjs_server import CapServer
+
+    cap = CapServer(secret_key="your-secret")
+    challenge = cap.create_challenge()
+    result = cap.redeem(token, solutions)
+    if cap.validate(verification_token):
+        process_form()
+"""
+
+import hashlib
+import logging
+import secrets
+import time
+
+from .prng import prng
+from .tokens import (
+    make_challenge_token,
+    make_verification_token,
+    verify_challenge_token,
+    verify_verification_token,
+)
+
+__all__ = ["CapServer"]
+__version__ = "0.1.0"
+
+logger = logging.getLogger(__name__)
+
+
+class CapServer:
+    """Stateless Cap.js proof-of-work CAPTCHA server.
+
+    All state is encoded in HMAC-signed tokens, so this works correctly
+    with multi-instance deployments (Cloud Run, Kubernetes, etc.).
+
+    Args:
+        secret_key: Secret used for HMAC token signatures. Keep this stable
+            across deployments — changing it invalidates all outstanding tokens.
+        challenge_count: Number of sub-challenges per solve (default 50).
+        challenge_size: Salt length in hex chars (default 32).
+        challenge_difficulty: Target prefix length in hex chars (default 4).
+        challenge_expiry_ms: Challenge expiry in milliseconds (default 600000 = 10 min).
+        token_expiry_ms: Verification token expiry in milliseconds
+            (default 300000 = 5 min).
+    """
+
+    def __init__(
+        self,
+        secret_key: str,
+        *,
+        challenge_count: int = 50,
+        challenge_size: int = 32,
+        challenge_difficulty: int = 4,
+        challenge_expiry_ms: int = 600_000,
+        token_expiry_ms: int = 300_000,
+    ):
+        self._secret = secret_key.encode()
+        self._count = challenge_count
+        self._size = challenge_size
+        self._difficulty = challenge_difficulty
+        self._challenge_expiry_ms = challenge_expiry_ms
+        self._token_expiry_ms = token_expiry_ms
+
+    def create_challenge(self) -> dict:
+        """Generate a new proof-of-work challenge.
+
+        Returns a dict with keys ``challenge``, ``token``, ``expires``
+        suitable for JSON serialization to the Cap.js widget.
+        """
+        nonce = secrets.token_hex(25)
+        expires = time.time() * 1000 + self._challenge_expiry_ms
+        config = {"c": self._count, "s": self._size, "d": self._difficulty}
+        token = make_challenge_token(self._secret, nonce, expires, config)
+        return {"challenge": config, "token": token, "expires": expires}
+
+    def redeem(self, token: str, solutions: list[int]) -> dict:
+        """Verify proof-of-work solutions and issue a verification token.
+
+        Returns a dict with ``success`` (bool), and on success: ``token``, ``expires``.
+        """
+        parsed = verify_challenge_token(self._secret, token)
+        if parsed is None:
+            return {"success": False}
+
+        config = parsed["config"]
+        count, size, difficulty = config["c"], config["s"], config["d"]
+
+        if len(solutions) != count:
+            return {"success": False}
+
+        for i in range(1, count + 1):
+            salt = prng(token + str(i), size)
+            target = prng(token + str(i) + "d", difficulty)
+            h = hashlib.sha256((salt + str(solutions[i - 1])).encode()).hexdigest()
+            if not h.startswith(target):
+                return {"success": False}
+
+        expires = time.time() * 1000 + self._token_expiry_ms
+        vertoken = make_verification_token(self._secret, expires)
+        return {"success": True, "token": vertoken, "expires": expires}
+
+    def validate(self, token) -> bool:
+        """Validate a verification token. Returns True if valid."""
+        return verify_verification_token(self._secret, token)

capjs_server-0.1.0/src/capjs_server/django/__init__.py

@@ -0,0 +1,53 @@
+"""Django integration for capjs-server.
+
+Requires ``pip install capjs-server[django]``.
+
+Quick start::
+
+    # settings.py (all optional — sensible defaults)
+    CAP_SECRET_KEY = SECRET_KEY     # defaults to SECRET_KEY
+    CAP_CHALLENGE_COUNT = 50
+    CAP_CHALLENGE_DIFFICULTY = 4
+
+    # urls.py
+    from capjs_server.django.views import CapChallengeView, CapRedeemView
+    urlpatterns = [
+        path("cap/challenge", CapChallengeView.as_view()),
+        path("cap/redeem", CapRedeemView.as_view()),
+    ]
+
+    # views.py
+    from capjs_server.django import validate_cap_token
+    if not validate_cap_token(request):
+        return HttpResponseForbidden()
+"""
+
+from functools import lru_cache
+
+from django.conf import settings
+
+from capjs_server import CapServer
+
+__all__ = ["get_cap_server", "validate_cap_token"]
+
+
+@lru_cache(maxsize=1)
+def get_cap_server() -> CapServer:
+    """Return a CapServer configured from Django settings."""
+    return CapServer(
+        secret_key=getattr(settings, "CAP_SECRET_KEY", settings.SECRET_KEY),
+        challenge_count=getattr(settings, "CAP_CHALLENGE_COUNT", 50),
+        challenge_size=getattr(settings, "CAP_CHALLENGE_SIZE", 32),
+        challenge_difficulty=getattr(settings, "CAP_CHALLENGE_DIFFICULTY", 4),
+        challenge_expiry_ms=getattr(settings, "CAP_CHALLENGE_EXPIRY", 600_000),
+        token_expiry_ms=getattr(settings, "CAP_TOKEN_EXPIRY", 300_000),
+    )
+
+
+def validate_cap_token(request, field_name: str = "cap-token") -> bool:
+    """Validate the Cap.js verification token from a Django request.
+
+    Reads the token from ``request.POST[field_name]`` and validates it.
+    """
+    token = request.POST.get(field_name, "")
+    return get_cap_server().validate(token)