Compare commits
29 commits
Author | SHA1 | Date | |
---|---|---|---|
55792606ce | |||
|
8457c4642e | ||
c4c82196ca | |||
fc3e44aa2e | |||
cc340c071e | |||
|
cd419ba8a3 | ||
e3c123687e | |||
27080e3e60 | |||
073d5ed239 | |||
e7b283b282 | |||
cf24b937e4 | |||
457ec237d2 | |||
e3de4168e6 | |||
b02b24059d | |||
5eeaf559c7 | |||
b5370ecc0b | |||
dfeb9183ba | |||
4636d94374 | |||
f6a6bf371c | |||
0850e7b79b | |||
4bea62056e | |||
a1d1e7413d | |||
b79e6fa2ba | |||
a3c0e1022f | |||
3e2cc350be | |||
4a580b599a | |||
20ea76ea29 | |||
5b1f02ff43 | |||
49681cc591 |
|
@ -1,13 +1,15 @@
|
|||
pipeline:
|
||||
steps:
|
||||
build:
|
||||
image: python
|
||||
image: realaravinth/nvm-node16-insecure
|
||||
environment:
|
||||
- NVM_DIR="$HOME/.nvm"
|
||||
when:
|
||||
event: [ push, pull_request, tag, deployment ]
|
||||
event: [push, pull_request, tag, deployment]
|
||||
branch: master
|
||||
commands:
|
||||
- curl -fsSL https://deb.nodesource.com/setup_16.x | bash - &&\
|
||||
- apt update && apt-get -y --no-install-recommends install nodejs tar gpg curl wget
|
||||
- make env
|
||||
- make
|
||||
- make ci-deploy
|
||||
secrets: [ FORGEJO_WRITE_DEPLOY_KEY, LIBREPAGES_DEPLOY_SECRET ]
|
||||
- apt-get update
|
||||
- apt update && apt-get -y --no-install-recommends install curl tar gnupg curl wget git build-essential
|
||||
- npm install yarn
|
||||
- make env
|
||||
- make ci-deploy
|
||||
secrets: [FORGEJO_WRITE_DEPLOY_KEY, LIBREPAGES_DEPLOY_SECRET]
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
[[docs]]
|
||||
name = "Introduction"
|
||||
name = "Webmasters"
|
||||
weight = 510
|
||||
identifier = "Introduction"
|
||||
url = "/docs/introduction/"
|
||||
identifier = "Webmasters"
|
||||
url = "/docs/webmasters/"
|
||||
|
||||
[[docs]]
|
||||
name = "Terminology"
|
||||
name = "User Manual"
|
||||
weight = 520
|
||||
identifier = "Terminology"
|
||||
url = "/docs/terminology/"
|
||||
identifier = "user-manual"
|
||||
url = "/docs/user-manual/"
|
||||
|
||||
[[docs]]
|
||||
name = "Self-Hosted"
|
||||
name = "Self-Hosting"
|
||||
weight = 530
|
||||
identifier = "Self-Hosted"
|
||||
url = "/docs/self-hosted/"
|
||||
identifier = "Self-Hosting"
|
||||
url = "/docs/self-hosting/"
|
||||
|
||||
[[docs]]
|
||||
name = "API"
|
||||
|
@ -51,10 +51,9 @@
|
|||
name = "Contact"
|
||||
url = "/contact/"
|
||||
weight = 40
|
||||
|
||||
[[main]]
|
||||
name = "Docs"
|
||||
url = "/docs/introduction/installing-captcha/"
|
||||
url = "/docs/webmasters/installing-captcha/"
|
||||
weight = 500
|
||||
|
||||
|
||||
|
|
|
@ -69,7 +69,7 @@ mCaptcha docs over the months have become inconsistent and incorrect. I
|
|||
cleaned up some of the mess and added [a
|
||||
tutorial](/docs/introduction/installing-captcha/) to help folks install
|
||||
mCaptcha on their website. The docs also gets [a
|
||||
glossary](/docs/terminology/access-token/), which contain explanations
|
||||
glossary](/docs/webmasters/terminology/), which contain explanations
|
||||
to mCaptcha jargon.
|
||||
|
||||
## New releases: glue libraries
|
||||
|
|
73
content/blog/10-20-mcaptcha-net/index.md
Normal file
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
title: "Introducing mCaptcha net"
|
||||
description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
|
||||
date: 2023-10-19
|
||||
lastmod: 2023-10-19
|
||||
draft: false
|
||||
weight: 50
|
||||
images: ["icon.png"]
|
||||
contributors: ["Aravinth Manivannan"]
|
||||
---
|
||||
|
||||
mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer
|
||||
Denial-of-Service protection, because of [its excellent accessibility
|
||||
characteristics](https://www.w3.org/TR/turingtest/#proof-of-work). PoW
|
||||
within mCaptcha is configuration --- webmasters can configure
|
||||
[difficulty factors](/docs/terminology/difficulty-factor) for their
|
||||
installations, which determines waiting time for visitors. But PoW can
|
||||
become inaccessible if webmasters choose a very high difficulty factor.
|
||||
So they have to maintain a balance which imposes sufficient load on DDoS
|
||||
attackers while also being accessible to common folk.
|
||||
|
||||
{{< alert icon="⭐" text=" mCaptcha installation: integration of the mCaptcha widget to a service." >}}
|
||||
|
||||
To help webmasters correctly configure difficult factors, we are
|
||||
building a feedback loop which would gather performance statistics from
|
||||
voluntary mCaptcha installations and make them available to other
|
||||
mCaptcha installations. The performance statistics can be used by all
|
||||
mCaptcha instances to automatically optimize an installation. We are
|
||||
calling this the mCaptcha net.
|
||||
|
||||
## Participation is optional
|
||||
|
||||
Participation in the mCaptcha net is disabled by default and is
|
||||
optional as it has privacy implications: it will reveal the
|
||||
existence of an mCaptcha instance.
|
||||
|
||||
The admins of mCaptcha instances can choose to upload truly anonymous
|
||||
PoW performance statistics to a number of [mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances.
|
||||
The data uploaded is public and so is accessible to all mCaptcha
|
||||
instances.
|
||||
|
||||
We also offer opt-in controls at installation level:
|
||||
|
||||
{{% img src="installation-level-opt-in.png" alt="A screenshot of the 'add sitekey' form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." caption="Add sitekey form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." %}}
|
||||
|
||||
## Ensuring anonymity
|
||||
|
||||
mCaptcha doesn't fingerprint its users. Performance parameters include:
|
||||
|
||||
1. Time taken to generate PoW
|
||||
2. The difficulty factor for which the PoW was computed
|
||||
3. Type of client library used.
|
||||
|
||||
```json
|
||||
"time":14,
|
||||
"difficulty_factor":50000,
|
||||
"worker_type":"wasm"
|
||||
```
|
||||
|
||||
This doesn't include the usual fingerprinting parameters like
|
||||
User-Agent, cookies, and IP address. Additionally, we use pseudo IDs
|
||||
at both mCaptcha/mCaptcha and mCaptcha/survey to avoid exposing installations.
|
||||
|
||||
{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCapctha/survey showing both of them talking to eachother" caption="mCaptcha/mCaptcha uploading performance statistics to a mCaptcha/survey instance" %}}
|
||||
|
||||
## Status
|
||||
|
||||
We now have performance statistics uploads to mCaptcha/survey instances
|
||||
working. Pull request [mCaptcha/mCaptcha#92](https://github.com/mCaptcha/mCaptcha/pull/92)
|
||||
added abilities to mCaptcha to upload statistics to mCaptcha/survey instances and
|
||||
[mCaptcha/survey#40](https://git.batsense.net/mCaptcha/survey/pulls/17) enable survey to process the uploaded data. We will soon build a
|
||||
self-tuning algorithm within mCaptcha to use this data and optimize
|
||||
installations automatically.
|
BIN
content/blog/10-20-mcaptcha-net/installation-level-opt-in.png
Normal file
After Width: | Height: | Size: 52 KiB |
BIN
content/blog/10-20-mcaptcha-net/working-rpc.png
Normal file
After Width: | Height: | Size: 315 KiB |
34
content/blog/testing-on-screenreaders.md
Normal file
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
title: "Testing on screenreaders"
|
||||
description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
|
||||
date: 2024-02-10
|
||||
lastmod: 2024-02-12
|
||||
draft: false
|
||||
weight: 50
|
||||
images: ["icon.png"]
|
||||
contributors: ["Aravinth Manivannan"]
|
||||
---
|
||||
|
||||
[HAN University of Applied Sciences](www.han.nl) kindly did an
|
||||
accessibility test of the mCaptcha widget and the showcase site, which
|
||||
features a real world integration of mCaptcha in a third-party service.
|
||||
The report motived us to make screen reader testing an integral part of
|
||||
the release process.
|
||||
|
||||
Here are the results:
|
||||
|
||||
## Android in-built screen reader on Fennec
|
||||
|
||||
<iframe title="Testing mCaptcha on Android screenreader with Fennec browser" width="560" height="315" src="https://peertube.batsense.net/videos/embed/e9579d73-b19e-4051-9337-8432fc15c3b3" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>
|
||||
|
||||
## NVDA on Microsoft Windows and Mozilla Firefox
|
||||
|
||||
<iframe title="Testing mCaptcha on NVDA screen reader on MS Windows with Mozilla Firefox browser" width="560" height="315" src="https://peertube.batsense.net/videos/embed/cf534270-8089-4aad-95b3-543c467a6a12" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>
|
||||
|
||||
## macOS in-built screen reader on Google Chrome
|
||||
|
||||
<iframe title="Testing mCaptcha on macOS in-built screen reader and Google Chrome browser" width="560" height="315" src="https://peertube.batsense.net/videos/embed/45be4f8c-1978-4650-b9f1-972cfead8420" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>
|
||||
|
||||
## iOS in-built screen reader on Safari
|
||||
|
||||
<iframe title="Testing mCaptcha on iOS screenreader with Safari" width="560" height="315" src="https://peertube.batsense.net/videos/embed/ac9722a4-3dce-4c40-bb0c-7bc8d721c3db" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>
|
|
@ -1,130 +0,0 @@
|
|||
---
|
||||
title: "Deploy bare metal"
|
||||
description: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
|
||||
lead: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
|
||||
date: 2021-07-21 14:49
|
||||
lastmod: 2021-07-21 14:49
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Self-Hosted"
|
||||
weight: 532
|
||||
toc: true
|
||||
---
|
||||
|
||||
### 2. Configure
|
||||
|
||||
mcaptcha is highly configurable.
|
||||
|
||||
Configuration is applied/merged in the following order:
|
||||
|
||||
1. path to configuration file passed in via `MCAPTCHA_CONFIG`
|
||||
2. `./config/default.toml`
|
||||
3. `/etc/mcaptcha/config.toml`
|
||||
4. environment variables.
|
||||
|
||||
|
||||
|
||||
### 1. Install postgres if you don't have it already.
|
||||
For Debian based distributions:
|
||||
```bash
|
||||
sudo apt install postgres
|
||||
```
|
||||
|
||||
### 2. Create new user for running `mcaptcha`
|
||||
|
||||
```bash
|
||||
$ sudo useradd -b /srv -m -s /usr/bin/zsh mcaptcha
|
||||
```
|
||||
|
||||
### 3. Create new user in Postgres
|
||||
|
||||
```bash
|
||||
$ sudo -iu postgres # switch to `postgres` user
|
||||
$ psql
|
||||
postgres=# CREATE USER mcaptcha WITH PASSWORD 'my super long password and yes you need single quote`;
|
||||
$ createdb -O mcaptcha mcaptcha # create db 'mcaptcha' with 'mcaptcha' as owner
|
||||
```
|
||||
|
||||
### 4. Install and load [`mCaptcha/cache`](https://github.com/mCaptcha/cache) module:
|
||||
|
||||
See [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more
|
||||
details.
|
||||
|
||||
### 4. Build `mcaptcha`
|
||||
|
||||
To build `mcaptcha`, you need the following dependencies:
|
||||
|
||||
1. rust
|
||||
2. node(`v14.16.0`)
|
||||
3. yarn(JavaScript package manager)
|
||||
4. make
|
||||
|
||||
## How to build
|
||||
|
||||
1. Install Cargo using [rustup](https://rustup.rs/) with:
|
||||
|
||||
```bash
|
||||
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
||||
```
|
||||
|
||||
2. Install node(`v14.16.0`)
|
||||
|
||||
3. Install yarn(JavaScript package manager)
|
||||
|
||||
4. Build with make:
|
||||
|
||||
```bash
|
||||
$ make dev-env && \
|
||||
make release
|
||||
```
|
||||
|
||||
### 5. Install package:
|
||||
|
||||
```bash
|
||||
$ sudo cp ./target/release/mcaptcha /usr/bin/ && \
|
||||
mkdir sudo /etc/mcaptcha && \
|
||||
sudo cp config/default.toml /etc/mcaptcha/config.toml
|
||||
```
|
||||
|
||||
### 6. Systemd service configuration:
|
||||
|
||||
1. Copy the following to `/etc/systemd/system/mcaptcha.service`:
|
||||
|
||||
```systemd
|
||||
[Unit]
|
||||
Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=mcaptcha
|
||||
ExecStart=/usr/bin/mcaptcha
|
||||
Restart=on-failure
|
||||
RestartSec=1
|
||||
SuccessExitStatus=3 4
|
||||
RestartForceExitStatus=3 4
|
||||
SystemCallArchitectures=native
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPrivileges=true
|
||||
Environment="RUST_LOG=info"
|
||||
|
||||
[Unit]
|
||||
After=sound.target
|
||||
Wants=network-online.target
|
||||
Wants=network-online.target
|
||||
Requires=postgresql.service
|
||||
After=syslog.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
2. Enable service:
|
||||
|
||||
```bash
|
||||
$ sudo systemctl daemon-reload && \
|
||||
sudo systemctl enable mcaptcha && \ # Auto startup during boot
|
||||
sudo systemctl start mcaptcha
|
||||
``
|
||||
```
|
|
@ -1,101 +0,0 @@
|
|||
---
|
||||
title: "Database and cache"
|
||||
description: "mCaptcha server requires dependencies like a Postgres
|
||||
database and a Redis cache"
|
||||
lead: "mCaptcha server requires dependencies like a Postgres
|
||||
database and a Redis cache"
|
||||
date: 2021-07-21 14:49
|
||||
lastmod: 2021-07-21 14:49
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Self-Hosted"
|
||||
weight: 534
|
||||
toc: true
|
||||
---
|
||||
|
||||
## Notes
|
||||
|
||||
### Database
|
||||
|
||||
- Database migrations are baked into the server binary so don't worry
|
||||
about them.
|
||||
|
||||
- When compiling from source, unset database configuration(comment out
|
||||
database configuration/ `unset` relevant environment variables).
|
||||
`mCaptcha` uses [`sqlx`](https://crates.io/crates/sqlx) database client
|
||||
library which checks SQL queries at compile time. So if you are starting
|
||||
with a fresh database without migrations applied, compilation will fail.
|
||||
|
||||
### Redis
|
||||
|
||||
- Redis is an optional dependency. Currently, the non-Redis configuration
|
||||
doesn't persist CAPTCHA heat. So if there's a systems failure, CAPTCHA
|
||||
heat will be reset and visitor count will start from 0. For small
|
||||
installations, this should post a problem as heat is short lived and is
|
||||
reset anyways at cool down period.
|
||||
|
||||
- mCaptcha uses a custom Redis module called
|
||||
[cache](https://github.com/mCaptcha/cache) to overcome some of Redis'
|
||||
limitations.
|
||||
|
||||
|
||||
## Instructions
|
||||
|
||||
Once again, there are two ways to go about this:
|
||||
|
||||
1. Docker
|
||||
2. Bare metal
|
||||
|
||||
### Docker
|
||||
|
||||
### Database
|
||||
|
||||
Download and run Postgres
|
||||
|
||||
```bash
|
||||
docker create --name mcaptcha-postgres \
|
||||
-e POSTGRES_PASSWORD=<database-password> \
|
||||
-p 5432:5432 \
|
||||
postgres && docker start mcaptcha-postgres
|
||||
```
|
||||
|
||||
### Redis
|
||||
|
||||
```bash
|
||||
docker create --name mcaptcha-cache \
|
||||
-p 6379:6379 \
|
||||
mcaptcha/cache && docker start mcaptcha-cache
|
||||
```
|
||||
|
||||
See [mCaptcha/cache](https://github.com/mCaptcha/cache) for more
|
||||
details.
|
||||
|
||||
### 1. Install Postgres if you don't have it already.
|
||||
|
||||
For Debian based distributions:
|
||||
|
||||
```bash
|
||||
sudo apt install postgres
|
||||
```
|
||||
|
||||
### 2. Create new user for running `mCaptcha`
|
||||
|
||||
```bash
|
||||
$ sudo useradd -b /srv -m -s /usr/bin/bash mcaptcha
|
||||
```
|
||||
|
||||
### 3. Create new user in Postgres
|
||||
|
||||
```bash
|
||||
$ sudo -iu postgres # switch to `postgres` user
|
||||
$ psql
|
||||
postgres=# CREATE USER mcaptcha WITH PASSWORD 'my super long password and yes you need single quote';
|
||||
$ createdb -O mcaptcha mcaptcha # create db 'mcaptcha' with 'mcaptcha' as owner
|
||||
```
|
||||
|
||||
### 4. Install [`mCaptcha/cache`](https://github.com/mCaptcha/cache)
|
||||
|
||||
See [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more
|
||||
details.
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
title : "Self-Hosted"
|
||||
title : "Self-Hosting"
|
||||
description: "Instructions to self-host mCaptcha"
|
||||
lead: ""
|
||||
date: 2021-07-21 15:44
|
50
content/docs/self-hosting/ansible.md
Normal file
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
title: "Using Ansible"
|
||||
description: "Deploy mCaptcha software using Ansible playbooks"
|
||||
lead: "Deploy mCaptcha software using Ansible playbooks"
|
||||
date: 2023-12-03 15:14
|
||||
lastmod: 2023-12-09 03:09
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Self-Hosting"
|
||||
weight: 533
|
||||
toc: true
|
||||
---
|
||||
|
||||
Ansible playbooks to install mCaptcha are available [here](https://git.batsense.net/mCaptcha/iac).
|
||||
|
||||
## Instructions
|
||||
|
||||
### Installation
|
||||
|
||||
1. Clone the repository:
|
||||
|
||||
```bash
|
||||
git clone https://git.batsense.net/mCaptcha/iac && cd iac
|
||||
```
|
||||
|
||||
2. Create inventory file. You should have SSH access to the remote
|
||||
machine, and the user must have `sudo` privileges. Example inventory
|
||||
file:
|
||||
|
||||
```ini
|
||||
[mcaptcha_hosts]
|
||||
"mcaptcha_hosts"
|
||||
<node name> ansible_host=<node IP> ansible_user=<remote username>
|
||||
```
|
||||
|
||||
It is important that the group name be `mcaptcha_hosts`.
|
||||
|
||||
3. Configure installation by editing [ansible/vars/mcaptcha/vars.yml](https://git.batsense.net/mCaptcha/iac/src/branch/master/ansible/vars/mcaptcha/vars.yml). Most parameters have defaults, and the required parameters are annotated.
|
||||
4. Run playbook:
|
||||
|
||||
```bash
|
||||
ansible-playbook -i path/to/inventory-file -f 10 ./ansible/mcaptcha.yml
|
||||
```
|
||||
|
||||
### Update
|
||||
|
||||
1. Pull changes from Git repository
|
||||
2. Rerun playbook
|
180
content/docs/self-hosting/bare-metal.md
Normal file
|
@ -0,0 +1,180 @@
|
|||
---
|
||||
title: "Deploy bare metal"
|
||||
description: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
|
||||
lead: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
|
||||
date: 2021-07-21 14:49
|
||||
lastmod: 2021-07-21 14:49
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Self-Hosting"
|
||||
weight: 532
|
||||
toc: true
|
||||
---
|
||||
|
||||
## 1. Install Database
|
||||
|
||||
The following databases are supported:
|
||||
|
||||
1. Postgres
|
||||
2. MariaDB
|
||||
|
||||
Please install the database of your choice. Then:
|
||||
|
||||
1. Create new database user for mCaptcha
|
||||
2. Create new database for mCaptcha
|
||||
|
||||
mCaptcha binary has migrations baked-in and is applied on start up. The
|
||||
choice of database is described using the [scheme](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL#scheme) of the database URL. For
|
||||
instance:
|
||||
|
||||
1. Postgres: `postgres://mcaptcha:password@localhost:5432/mcaptcha`
|
||||
2. Mariadb: `mysql://mcaptcha:password@localhost:3306/mcaptcha`
|
||||
|
||||
## 2. Optionally, install mCaptcha/cache
|
||||
|
||||
We recommend this for larger instances. For single-user instances or for
|
||||
instances that protect personal websites, we recommend using the
|
||||
internal cache system. To do so, please comment out the
|
||||
[`redis`](https://github.com/mCaptcha/mCaptcha/blob/d4967626ee59504b32b0f85e409b4e3444ddc4f0/config/default.toml#L54) section of the configuration file.
|
||||
|
||||
Please see [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more details.
|
||||
|
||||
## 3. Install mCaptcha
|
||||
|
||||
### 3.1 Install from source
|
||||
|
||||
To build `mcaptcha`, you need the following dependencies:
|
||||
|
||||
1. rust
|
||||
2. node(`v20`)
|
||||
3. yarn(JavaScript package manager)
|
||||
4. make
|
||||
|
||||
With all dependencies installed, run:
|
||||
|
||||
```
|
||||
make dev-env && make release
|
||||
```
|
||||
|
||||
And the following commands to install the compiled binary:
|
||||
|
||||
```
|
||||
sudo cp ./target/release/mcaptcha /usr/bin/ && \
|
||||
mkdir sudo /etc/mcaptcha && \
|
||||
sudo cp config/default.toml /etc/mcaptcha/config.toml
|
||||
```
|
||||
|
||||
### 3.2 Install pre-compiled binary
|
||||
|
||||
#### i. Download assets
|
||||
|
||||
```
|
||||
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.asc
|
||||
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
|
||||
wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
|
||||
```
|
||||
|
||||
### ii Verify checksum
|
||||
|
||||
```
|
||||
sha256sum -c mcaptcha-master-linux-amd64.tar.gz.sha256
|
||||
```
|
||||
|
||||
### iii Verify GPG signature
|
||||
|
||||
All mcaptcha binaries are signed with [our GPG
|
||||
key](https://keyserver.ubuntu.com/pks/lookup?search=73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73&fingerprint=on&op=index).
|
||||
Please verify signatures to verify authenticity.
|
||||
|
||||
```
|
||||
gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
|
||||
gpg --verify mcaptcha-master-linux-amd64.tar.gz.asc
|
||||
```
|
||||
|
||||
### iv. Install
|
||||
|
||||
```
|
||||
tar -xvzf mcaptcha-master-linux-amd64.tar.gz \
|
||||
&& sudo cp mcaptcha-master-linux-amd64/mcaptcha /usr/local/bin \
|
||||
&& sudo mkdir /etc/mcaptcha \
|
||||
&& sudo cp mcaptcha-master-linux-amd64/config.toml /etc/mcaptcha/
|
||||
```
|
||||
|
||||
### 4. Configuration
|
||||
|
||||
mCaptcha is highly configurable.
|
||||
|
||||
Configuration is applied/merged in the following order:
|
||||
|
||||
1. path to configuration file passed in via `MCAPTCHA_CONFIG`
|
||||
2. `./config/default.toml`
|
||||
3. `/etc/mcaptcha/config.toml`
|
||||
4. environment variables. Please see
|
||||
[here](https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIGURATION.md) for a full list of environment variables.
|
||||
|
||||
### 5. Systemd service configuration:
|
||||
|
||||
1. Copy the following to `/etc/systemd/system/mcaptcha.service`:
|
||||
|
||||
```
|
||||
[Unit]
|
||||
Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=mcaptcha
|
||||
ExecStart=/usr/bin/mcaptcha
|
||||
Restart=on-failure
|
||||
RestartSec=1
|
||||
SuccessExitStatus=3 4
|
||||
RestartForceExitStatus=3 4
|
||||
SystemCallArchitectures=native
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPrivileges=true
|
||||
Environment="RUST_LOG=info"
|
||||
|
||||
[Unit]
|
||||
After=sound.target
|
||||
Wants=network-online.target
|
||||
Wants=network-online.target
|
||||
Requires=postgresql.service
|
||||
After=syslog.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
2. Enable service:
|
||||
|
||||
```
|
||||
sudo systemctl daemon-reload && \
|
||||
sudo systemctl enable mcaptcha && \ # Auto startup during boot
|
||||
sudo systemctl start mcaptcha
|
||||
```
|
||||
|
||||
### 6. Install and configure Nginx
|
||||
|
||||
mCaptcha doesn't implement SSL yet. Please use a reverse proxy like
|
||||
Nginx to add SSL to your deployment. Here's an example virtual host
|
||||
configuration for Nginx:
|
||||
|
||||
```
|
||||
server {
|
||||
server_name <your mcaptcha hostname>;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:<mcaptcha_port>;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
}
|
||||
```
|
|
@ -7,8 +7,8 @@ draft: false
|
|||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Self-Hosted"
|
||||
weight: 533
|
||||
parent: "Self-Hosting"
|
||||
weight: 534
|
||||
toc: true
|
||||
---
|
||||
|
||||
|
@ -33,7 +33,7 @@ for configurable options.
|
|||
|
||||
If you have already have a Postgres instance running, then:
|
||||
|
||||
```bash
|
||||
```
|
||||
docker run -p <host-machine-port>:<port-in-configuration-file> \
|
||||
--add-host=database:<database-ip-addrss> \
|
||||
-e RUST_LOG=debug \
|
||||
|
@ -42,18 +42,26 @@ docker run -p <host-machine-port>:<port-in-configuration-file> \
|
|||
```
|
||||
|
||||
If you don't have a Postgres instance running, you can either install
|
||||
one using a package manager or launch one with docker. A [docker-compose
|
||||
configuration]('../docker-compose.yml) is available that will launch both
|
||||
a database instance mcaptcha instance.
|
||||
one using a package manager or launch one with docker.
|
||||
|
||||
## With docker-compose
|
||||
|
||||
1. Follow steps above to build docker image.
|
||||
1. Download docker-compose file and the configuration file:
|
||||
|
||||
2. Set database password [docker-compose configuration]('../docker-compose.yml).
|
||||
```
|
||||
wget https://raw.githubusercontent.com/mCaptcha/mCaptcha/master/.env.docker-compose
|
||||
wget https://raw.githubusercontent.com/mCaptcha/mCaptcha/master/docker-compose.yml
|
||||
```
|
||||
|
||||
3. Launch network
|
||||
2. Configure deployment using `.env.docker-compose` environment variable
|
||||
file
|
||||
|
||||
```bash
|
||||
3. Launch containers:
|
||||
|
||||
```
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
4. Configure SSL using reverse proxy: mCaptcha doesn't support SSL at
|
||||
the moment, so please use a reverse proxy to secure your instance. A
|
||||
reference nginx virtual host configuration file is available [here](../bare-metal/#6-install-and-configure-nginx).
|
|
@ -8,7 +8,7 @@ draft: false
|
|||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Self-Hosted"
|
||||
parent: "Self-Hosting"
|
||||
weight: 531
|
||||
toc: true
|
||||
---
|
||||
|
@ -19,3 +19,4 @@ There are two main ways to self-host mCaptcha:
|
|||
|
||||
1. [Bare metal](./bare-metal)
|
||||
2. [With Docker](./docker)
|
||||
2. [With Ansible](./ansible)
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
title : "Terminology"
|
||||
description: "Information about terminology used in mCaptcha, some of which unique to the project"
|
||||
lead: ""
|
||||
date: 2022-07-27T08:48:45+00:00
|
||||
lastmod: 2020-07-27T08:48:45+00:00
|
||||
draft: false
|
||||
images: []
|
||||
---
|
|
@ -1,37 +0,0 @@
|
|||
---
|
||||
title: "Access token"
|
||||
description: "mCaptcha implements leaky bucket algorithm to measure
|
||||
current traffic levels. Cooldown period specifies the leak or the time
|
||||
after which a visitor addition is decremented."
|
||||
lead: ""
|
||||
date: 2022-07-22
|
||||
lastmod: 2022-07-22 20:17
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Terminology"
|
||||
weight: 521
|
||||
toc: true
|
||||
---
|
||||
|
||||
When a visitor solves the CAPTCHA and sends their solution to an
|
||||
mCaptcha instance, the solution will be verified for correctness. If the
|
||||
solution is correct, mCaptcha will return a single use access token.
|
||||
|
||||
This access token should be attached to the visitor's requited to the
|
||||
protected service and the protected service should validity of the
|
||||
access token with the mCaptcha instance and only allow access to
|
||||
protected resource if the access token is valid.
|
||||
|
||||
## Validate access token:
|
||||
|
||||
```bash
|
||||
curl --location --request POST 'https://mcaptcha.example.net/api/v1/pow/siteverify' \
|
||||
--header 'Content-Type: application/json' \
|
||||
--data-raw '{
|
||||
"token": "replace this with the access token presented by visitor",
|
||||
"key": "replace this with the sitekey associated with the CAPTCHA"
|
||||
"secret": "replace this with mCaptcha account secret, available in settings"
|
||||
}'
|
||||
```
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
title: "Cooldown Period"
|
||||
description: "mCaptcha implements leaky bucket algorithm to measure
|
||||
current traffic levels. Cooldown period specifies the leak or the time
|
||||
after which a visitor addition is decremented."
|
||||
lead: ""
|
||||
date: 2022-07-22
|
||||
lastmod: 2022-07-22 20:17
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Terminology"
|
||||
weight: 522
|
||||
toc: true
|
||||
---
|
||||
|
||||
mCaptcha implements leaky bucket algorithm to measure
|
||||
current traffic levels. Cooldown period specifies the leak or the time
|
||||
after which a visitor addition is decremented.
|
||||
|
||||
For instance, if initial traffic level is 0 and a user visits one
|
||||
second later, the traffic level will be incremented to 1. Now, if the
|
||||
cooldown period is set to 30 seconds, the traffic level will be
|
||||
decremented after 30 seconds. So after 30 seconds, the traffic level will
|
||||
go from 1 to 0.
|
||||
|
||||
## Easy Mode: Default cooldown
|
||||
|
||||
When configuring mCaptcha in [easy Mode](/docs/introduction/configuring-difficulty-factor/#easy-option), the default cooldown period is set to 30 seconds.
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
title: "Difficulty Factor"
|
||||
description: "Difficulty factor determines the time it takes to solve a CAPTCHA, there are two modes to setting difficulty factor: advance and easy, this page documents both modes."
|
||||
lead: ""
|
||||
date: 2022-07-22
|
||||
lastmod: 2022-07-22 20:17
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Terminology"
|
||||
weight: 523
|
||||
toc: true
|
||||
---
|
||||
|
||||
Difficulty factor determines the time it takes to solve a CAPTCHA. The
|
||||
higher the difficulty factor, the longer it will take to generate a
|
||||
proof of work for it to solve the CAPTCHA.
|
||||
|
||||
mCaptcha's proof of work based mechanism makes it highly accessible to
|
||||
people with special needs but it is important to choose the difficulty factor
|
||||
with care as very high difficulty factors will make the CAPTCHA
|
||||
inaccessible to users on slow devices.
|
|
@ -1,49 +0,0 @@
|
|||
---
|
||||
title: "Visitor Threshold"
|
||||
description: "Visitor threshold is used to split traffic into levels. If
|
||||
the traffic level supersceedes the configured threshold, then mCaptcha will
|
||||
increase difficulty factor based on the configuration provided."
|
||||
lead: ""
|
||||
date: 2022-07-22
|
||||
lastmod: 2022-07-22 20:17
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Terminology"
|
||||
weight: 525
|
||||
toc: true
|
||||
---
|
||||
|
||||
mCaptcha's variable difficulty factor mechanism requires a website's traffic
|
||||
statistics be split into levels, so that it can deploy the right
|
||||
difficulty factor for each level.
|
||||
|
||||
Visitor threshold is used to traffic into levels and mCaptcha accepts a
|
||||
difficulty configuration for each of these levels. When current traffic
|
||||
exceeds a difficulty factor, mCaptcha will increase the difficulty
|
||||
factor to the next configured level.
|
||||
|
||||
For instance, consider the configuration given below:
|
||||
|
||||
- Cool down period: 30 seconds
|
||||
|
||||
| Level | Difficulty Factor | Visitor Threshold |
|
||||
| ----- | ----------------- | ----------------- |
|
||||
| 1 | 5,000 | 2,000 |
|
||||
| 2 | 50,000 | 5,000 |
|
||||
| 3 | 500,000 | 10,000 |
|
||||
| 4 | 5,000,000 | 15,000 |
|
||||
|
||||
If the website sees 2,000 requests in a 30 second window, level 1
|
||||
difficulty factor(5,000) will be deployed. If the traffic increases to
|
||||
5,000 requests in a 30 second window, then difficulty factor will be
|
||||
upgraded to level 2(50,000). Likewise 10,000 and 15,000 requests over 30
|
||||
seconds will result in difficulty factor being upgraded to 500,000 and
|
||||
5,000,000 respectively.
|
||||
|
||||
Visitor threshold is how mCaptcha determines which difficulty factor
|
||||
level to deploy. mCaptcha uses leaky bucket algorithm to keep the
|
||||
visitor threshold constantly updated within the configured cool down
|
||||
period. So, at any given moment the, the current visitor level will be
|
||||
the amount of traffic that was served in the cool down period specified.
|
9
content/docs/user-manual/_index.md
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
title : "User Manual"
|
||||
description: "Introduction to mCaptcha for users"
|
||||
lead: ""
|
||||
date: 2023-10-27T08:48:45+00:00
|
||||
lastmod: 2023-10-27T08:48:45+00:00
|
||||
draft: false
|
||||
images: []
|
||||
---
|
151
content/docs/user-manual/cli.md
Normal file
|
@ -0,0 +1,151 @@
|
|||
---
|
||||
title: "CLI tool"
|
||||
description: "Instructions to install mCaptcha CLI"
|
||||
lead: ""
|
||||
date: 2023-10-27T08:48:45+00:00
|
||||
lastmod: 2023-10-27T08:48:45+00:00
|
||||
draft: false
|
||||
menu:
|
||||
docs:
|
||||
parent: "user-manual"
|
||||
---
|
||||
|
||||
A CLI tool exists to compute mCaptcha challenges. It can be installed
|
||||
from multiple sources:
|
||||
|
||||
## Install
|
||||
|
||||
### crates.io
|
||||
|
||||
The CLI tool is available on, [crates.io](https://crates.io), the Rust
|
||||
language's package registry. Rust language toolchain is required to
|
||||
install from crates.io, please see [rustup.rs](https://rustup.rs) for
|
||||
Instructions to install it.
|
||||
|
||||
```bash
|
||||
cargo install mcaptcha-cli
|
||||
```
|
||||
|
||||
### Pre-compiled binaries
|
||||
|
||||
Nightly builds and stable releases are regularly published to
|
||||
[dl.mcaptcha.org](https://dl.mcaptcha.org/mcaptcha/cli) for a variety of
|
||||
CPU architectures and operating systems.
|
||||
|
||||
1. Download binary, checksum and GPG signature files
|
||||
|
||||
```bash
|
||||
wget https://dl.mcaptcha.org/mcaptcha/cli/{VERSION}/{FILENAME}.tar.gz
|
||||
wget https://dl.mcaptcha.org/mcaptcha/cli/{VERSION}/{FILENAME}.tar.gz.asc
|
||||
wget https://dl.mcaptcha.org/mcaptcha/cli/{VERSION}/{FILENAME}.tar.gz.sha256
|
||||
```
|
||||
|
||||
2. Verify checksum
|
||||
|
||||
```bash
|
||||
sha256sum -c {FILENAME}.tar.gz.sha256
|
||||
```
|
||||
|
||||
3. Download mCaptcha's GPG release keys and verify GPG signature
|
||||
|
||||
```bash
|
||||
gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
|
||||
gpg --verify {FILENAME}.tar.gz.asc
|
||||
```
|
||||
|
||||
4. Install Binary
|
||||
|
||||
```bash
|
||||
tar -xvzf {FILENAME}.tar.gz && sudo cp {FILENAME}/mcaptcha-cli /usr/local/bin
|
||||
```
|
||||
|
||||
### Build from source
|
||||
|
||||
1. Install Rust tool chain
|
||||
Please see [here](https://rustup.rs) for instructions.
|
||||
2. Download source code
|
||||
|
||||
```bash
|
||||
git clone https://git.batsense.net/mCaptcha/cli
|
||||
```
|
||||
|
||||
3. Compile and install
|
||||
|
||||
```bash
|
||||
cargo build --release && sudp cp ./target/release/mcaptcha-cli
|
||||
/usr/local/bin
|
||||
```
|
||||
|
||||
## Pass mCaptcha challenge
|
||||
|
||||
The CLI tool requires details about the challenge to work on it. The
|
||||
tool can be used in three different modes compute challenge:
|
||||
|
||||
1. Protected Page: Compute mCaptcha challenge for the CAPTCHA at a
|
||||
protected page
|
||||
2. Widget URL: Compute PoW for captcha at widget URL
|
||||
3. (Developer mode) Offline: Computes PoW over given CAPTCHA parameters
|
||||
|
||||
### From protected page URL
|
||||
|
||||
The most convenient mode: copy the URL of the webpage which has the
|
||||
mCaptcha widget (example: showcase.mcaptcha.org) and run the CLI tool
|
||||
with it to get an authorization code:
|
||||
Compute challenge using the URL
|
||||
|
||||
```bash
|
||||
03:39 atm@lab cli ±|feat-parse-webpage ✗|→ mcaptcha-cli protected-page https://showcase.mcaptcha.org/
|
||||
Authorization token: eRAZJiMrW58uDYA1s64Tmwq1u30HutuF
|
||||
```
|
||||
|
||||
### Widget URL
|
||||
|
||||
If you have the widget URL (will be in format https://mcaptcha.example.org/widget?sitekey=randomstring), it can be used to solve challenge as well:
|
||||
|
||||
```bash
|
||||
Compute PoW by fetching parameters from CAPTCHA URL
|
||||
|
||||
Usage: mcaptcha-cli online --url <URL>
|
||||
|
||||
Options:
|
||||
-u, --url <URL> URL of the CAPTCHA. Example: https://example.org/widget?sitekey=foo
|
||||
-h, --help Print help
|
||||
```
|
||||
|
||||
Example usage:
|
||||
|
||||
```bash
|
||||
13:32 atm@lab cli ±|online ✗|→ mcaptcha-cli online -u https://demo.mcaptcha.org/widget?sitekey=pHy0AktWyOKuxZDzFfoaewncWecCHo23
|
||||
Authorization token: 3xleN26OctBuVu3X4t6CYyUjErhaxQvz
|
||||
```
|
||||
|
||||
### [Developer mode] Offline
|
||||
|
||||
Useful while debugging mCaptcha configurations, works on raw challenge
|
||||
parameters.
|
||||
|
||||
Help menu:
|
||||
|
||||
```bash
|
||||
Compute PoW with offline parameters
|
||||
|
||||
Usage: mcaptcha-cli offline --salt <SALT> --phrase <PHRASE> --difficulty-factor <DIFFICULTY_FACTOR>
|
||||
|
||||
Options:
|
||||
-s, --salt <SALT> Salt with which PoW should be computed
|
||||
-p, --phrase <PHRASE> Phrase over which PoW should be computed
|
||||
-d, --difficulty-factor <DIFFICULTY_FACTOR> Difficulty Factor
|
||||
-h, --help Print help
|
||||
```
|
||||
|
||||
Example usage:
|
||||
|
||||
```bash
|
||||
13:28 atm@lab cli ±|online|→ mcaptcha-cli offline -s $(rand 32) -p $(rand 32) -d 50000
|
||||
difficulty: 50000
|
||||
nonce: 90507
|
||||
original phrase: f351f333d44b2c6b5bf7f033b065bbb8fb5e9dd153bd402e43ed04425f5a3859
|
||||
result: 340276562956196291522979356090220150471
|
||||
```
|
||||
|
||||
Where rand is [this](https://github.com/realaravinth/dotfiles/blob/6fc6c87cc912e17488a35c0d3327ecf393221270/scripts/rand#L20) script.
|
22
content/docs/user-manual/how-to-mcaptcha-without-js.md
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
title: "Use mCaptcha without JavaScript"
|
||||
description: "Instructions to solve mCaptcha with JavaScript disabled"
|
||||
lead: ""
|
||||
date: 2023-10-27T08:48:45+00:00
|
||||
lastmod: 2023-10-27T08:48:45+00:00
|
||||
draft: false
|
||||
menu:
|
||||
docs:
|
||||
parent : "user-manual"
|
||||
---
|
||||
|
||||
To use mCaptcha without JavaScript:
|
||||
|
||||
|
||||
1. Install mCaptcha CLI too. Please see [here](./cli) for instructions.
|
||||
2. Copy the URL of the protected page
|
||||
3. Run mCaptcha CLI with that URL:
|
||||
```bash
|
||||
mcapthca-cli protected-page <URL>
|
||||
```
|
||||
4. Copy authorization code and paste it in the form
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title : "Introduction"
|
||||
description: "Introduction to mCaptcha."
|
||||
title : "Webmasters"
|
||||
description: "Introduction to mCaptcha for webmasters"
|
||||
lead: ""
|
||||
date: 2020-10-06T08:48:45+00:00
|
||||
lastmod: 2020-10-06T08:48:45+00:00
|
|
@ -10,7 +10,7 @@ draft: false
|
|||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Introduction"
|
||||
parent: "Webmasters"
|
||||
weight: 512
|
||||
toc: true
|
||||
---
|
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 62 KiB After Width: | Height: | Size: 62 KiB |
|
@ -1,23 +1,20 @@
|
|||
---
|
||||
title: "Site key"
|
||||
description: "Site key is the unique identifier associated with a CAPTCHA created on mCaptcha"
|
||||
title: "Webmasters FAQ"
|
||||
description: "Frequently asked questions related to using mCaptcha as a webmaster"
|
||||
lead: ""
|
||||
date: 2022-07-22
|
||||
lastmod: 2022-07-22 20:17
|
||||
date: 2022-07-27T08:48:45+00:00
|
||||
lastmod: 2020-07-27T08:48:45+00:00
|
||||
draft: false
|
||||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Terminology"
|
||||
weight: 524
|
||||
toc: true
|
||||
parent: "Webmasters"
|
||||
---
|
||||
|
||||
Site key is a unique identifier associated with CAPTCHA configurations
|
||||
created on mCaptcha. It is required to integrate a CAPTCHA with your
|
||||
website.
|
||||
### Easy Mode: Default cooldown period
|
||||
|
||||
## How to get site key?
|
||||
When configuring mCaptcha in [easy mode](/docs/webmasters/configuring-difficulty-factor/#easy-option), the default cooldown period is set to 30 seconds.
|
||||
|
||||
## How to get site key from dashboard?
|
||||
|
||||
1. Go to "Site keys" on the side panel in the dashboard
|
||||
|
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 62 KiB After Width: | Height: | Size: 62 KiB |
|
@ -8,7 +8,7 @@ draft: false
|
|||
images: []
|
||||
menu:
|
||||
docs:
|
||||
parent: "Introduction"
|
||||
parent: "Webmasters"
|
||||
weight: 511
|
||||
toc: true
|
||||
---
|
||||
|
@ -37,19 +37,9 @@ a new site key, click on "New Site" button in the dashboard.
|
|||
{{% img src="new-sitekey-btn.png" alt="mCaptcha dashboard with the 'new site key' button highlighted" %}}
|
||||
|
||||
There are two options to create a new site key, easy and advanced. **We
|
||||
are going to use the easy mode in this tutorial.** If you are interested
|
||||
are going to use the [easy mode](/docs/webmasters/configuring-difficulty-factor#easy-option) in this tutorial.** If you are interested
|
||||
in learning more about the advance mode, please see [here](/docs/introduction/configuring-difficulty-factor/#advance-option).
|
||||
|
||||
> ### [Easy Mode](/docs/introduction/configuring-difficulty-factor/#easy-option)
|
||||
>
|
||||
> Easy mode asks a few basic statistics about your website and generates a
|
||||
> configuration that should work for your website. Currently, easy mode is
|
||||
> guided by assumptions on suitable difficulty factors to protect a
|
||||
> website but it will be fine-tuned as mCaptcha sees more deployment.
|
||||
>
|
||||
> Configuration generated by easy mode can be tweaked later using the
|
||||
> advance mode, as you become more familiar with how mCaptcha works.
|
||||
|
||||
Fill the form and submit it.
|
||||
|
||||
{{% img src="new-sitekey-easy-mode-filled.png" alt="mCaptcha dashboard with the 'new site key' form in easy mode, with details filled in" %}}
|
||||
|
@ -80,16 +70,20 @@ to replace `Your {{paste your widget link}}` with the link obtained from
|
|||
the previous step.
|
||||
|
||||
```html
|
||||
<label
|
||||
data-mcaptcha_url="{{paste your widget link here}}"
|
||||
for="mcaptcha__token"
|
||||
id="mcaptcha__token-label"
|
||||
>
|
||||
mCaptcha authorization token.
|
||||
<a
|
||||
href="https://mcaptcha.org/docs/user-manual/how-to-mcaptcha-without-js/"
|
||||
>Instructions</a
|
||||
>.
|
||||
<input type="text" name="mcaptcha__token" id="mcaptcha__token" />
|
||||
</label>
|
||||
<div id="mcaptcha__widget-container"></div>
|
||||
<script src="https://unpkg.com/@mcaptcha/vanilla-glue@0.1.0-alpha-2/dist/index.js"></script>
|
||||
<script charset="utf-8">
|
||||
let config = {
|
||||
widgetLink: new URL(
|
||||
{{paste yout widget link}}
|
||||
),
|
||||
};
|
||||
new mcaptchaGlue.default(config);
|
||||
</script>
|
||||
<script src="https://unpkg.com/@mcaptcha/vanilla-glue@0.1.0-rc2/dist/index.js"></script>
|
||||
```
|
||||
|
||||
A full example is available
|
||||
|
@ -97,7 +91,7 @@ A full example is available
|
|||
|
||||
## 5. Configure backend to authenticate CAPTCHA tokens
|
||||
|
||||
1. Get [access token](/docs/terminology/access-token) from the user's
|
||||
1. Get [authorization token](/docs/webmasters/terminology/#authorization-token) from the user's
|
||||
form submission payload. The access token will be associated with a
|
||||
parameter called `mcaptcha__token`.
|
||||
|
||||
|
@ -120,6 +114,8 @@ resp = requests.post(
|
|||
resp = resp.json()
|
||||
```
|
||||
|
||||
**Note**: secret (`mcaptcha_account_secret` from above) is available in Dashboard > Settings > Secret
|
||||
|
||||
3. If access token is valid, allow access to protected resource or deny
|
||||
access.
|
||||
|
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
Before Width: | Height: | Size: 64 KiB After Width: | Height: | Size: 64 KiB |
Before Width: | Height: | Size: 29 KiB After Width: | Height: | Size: 29 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
86
content/docs/webmasters/terminology/index.md
Normal file
|
@ -0,0 +1,86 @@
|
|||
---
|
||||
title: "Terminology"
|
||||
description: "Information about terminology used in mCaptcha, some of which unique to the project"
|
||||
lead: ""
|
||||
date: 2022-07-27T08:48:45+00:00
|
||||
lastmod: 2020-07-27T08:48:45+00:00
|
||||
draft: false
|
||||
menu:
|
||||
docs:
|
||||
parent: "Webmasters"
|
||||
---
|
||||
|
||||
## Authorization token
|
||||
|
||||
When a visitor solves the CAPTCHA and sends their solution to an
|
||||
mCaptcha instance, the solution will be verified for correctness. If the
|
||||
solution is correct, mCaptcha will return a single use authorization token.
|
||||
|
||||
This authorization token should be attached to the visitor's requited to the
|
||||
protected service and the protected service should validity of the
|
||||
authorization token with the mCaptcha instance and only allow authorization to
|
||||
protected resource if the authorization token is valid.
|
||||
|
||||
## Cooldown Period
|
||||
|
||||
mCaptcha implements leaky bucket algorithm to measure
|
||||
current traffic levels. Cooldown period specifies the leak or the time
|
||||
after which a visitor addition is decremented.
|
||||
|
||||
For instance, if initial traffic level is 0 and a user visits one
|
||||
second later, the traffic level will be incremented to 1. Now, if the
|
||||
cooldown period is set to 30 seconds, the traffic level will be
|
||||
decremented after 30 seconds. So after 30 seconds, the traffic level will
|
||||
go from 1 to 0.
|
||||
|
||||
## Difficulty Factor
|
||||
|
||||
Difficulty factor determines the time it takes to solve a CAPTCHA. The
|
||||
higher the difficulty factor, the longer it will take to generate a
|
||||
proof of work for it to solve the CAPTCHA.
|
||||
|
||||
mCaptcha's proof of work based mechanism makes it highly accessible to
|
||||
people with special needs but it is important to choose the difficulty factor
|
||||
with care as very high difficulty factors will make the CAPTCHA
|
||||
inaccessible to users on slow devices.
|
||||
|
||||
## Sitekey
|
||||
|
||||
Site key is a unique identifier associated with CAPTCHA configurations
|
||||
created on mCaptcha. It is required to integrate a CAPTCHA with your
|
||||
website.
|
||||
|
||||
## Visitor Threshold
|
||||
|
||||
mCaptcha's variable difficulty factor mechanism requires a website's traffic
|
||||
statistics be split into levels, so that it can deploy the right
|
||||
difficulty factor for each level.
|
||||
|
||||
Visitor threshold is used to traffic into levels and mCaptcha accepts a
|
||||
difficulty configuration for each of these levels. When current traffic
|
||||
exceeds a difficulty factor, mCaptcha will increase the difficulty
|
||||
factor to the next configured level.
|
||||
|
||||
For instance, consider the configuration given below:
|
||||
|
||||
- Cool down period: 30 seconds
|
||||
|
||||
| Level | Difficulty Factor | Visitor Threshold |
|
||||
| ----- | ----------------- | ----------------- |
|
||||
| 1 | 5,000 | 2,000 |
|
||||
| 2 | 50,000 | 5,000 |
|
||||
| 3 | 500,000 | 10,000 |
|
||||
| 4 | 5,000,000 | 15,000 |
|
||||
|
||||
If the website sees 2,000 requests in a 30 second window, level 1
|
||||
difficulty factor(5,000) will be deployed. If the traffic increases to
|
||||
5,000 requests in a 30 second window, then difficulty factor will be
|
||||
upgraded to level 2(50,000). Likewise 10,000 and 15,000 requests over 30
|
||||
seconds will result in difficulty factor being upgraded to 500,000 and
|
||||
5,000,000 respectively.
|
||||
|
||||
Visitor threshold is how mCaptcha determines which difficulty factor
|
||||
level to deploy. mCaptcha uses leaky bucket algorithm to keep the
|
||||
visitor threshold constantly updated within the configured cool down
|
||||
period. So, at any given moment the, the current visitor level will be
|
||||
the amount of traffic that was served in the cool down period specified.
|
|
@ -6,9 +6,9 @@
|
|||
</div>
|
||||
<div class="col-lg-9 col-xl-8 text-center">
|
||||
<p class="lead">{{ .Params.lead | safeHTML }}</p>
|
||||
<a class="btn btn-primary btn-lg px-4 mb-2" href="https://demo.mcaptcha.org/" role="button">Try mCaptcha</a>
|
||||
<a class="btn btn-primary btn-lg px-4 mb-2" href="https://showcase.mcaptcha.org/" role="button">Try mCaptcha</a>
|
||||
     
|
||||
<a class="btn btn-primary btn-lg px-4 mb-2" href="{{ "/docs/introduction/installing-captcha/" | absURL }}" role="button">Get started</a>
|
||||
<a class="btn btn-primary btn-lg px-4 mb-2" href="{{ "/docs/webmasters/installing-captcha/" | absURL }}" role="button">Get started</a>
|
||||
<p class="meta">Libre software <a href="https://github.com/mCaptcha">GitHub</a></p>
|
||||
</div>
|
||||
</div>
|
||||
|
|
91
package-lock.json
generated
|
@ -7,6 +7,9 @@
|
|||
"": {
|
||||
"name": "doks",
|
||||
"version": "0.1.6",
|
||||
"dependencies": {
|
||||
"yarn": "^1.22.19"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@babel/cli": "^7.18.9",
|
||||
"@babel/core": "^7.18.9",
|
||||
|
@ -8474,10 +8477,16 @@
|
|||
"optional": true
|
||||
},
|
||||
"node_modules/nanoid": {
|
||||
"version": "3.3.4",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
|
||||
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
|
||||
"version": "3.3.7",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
|
||||
"integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/ai"
|
||||
}
|
||||
],
|
||||
"bin": {
|
||||
"nanoid": "bin/nanoid.cjs"
|
||||
},
|
||||
|
@ -9242,9 +9251,9 @@
|
|||
"dev": true
|
||||
},
|
||||
"node_modules/picocolors": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
|
||||
"integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.0.tgz",
|
||||
"integrity": "sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw==",
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/picomatch": {
|
||||
|
@ -9437,9 +9446,9 @@
|
|||
}
|
||||
},
|
||||
"node_modules/postcss": {
|
||||
"version": "8.4.21",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
|
||||
"integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
|
||||
"version": "8.4.47",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
|
||||
"integrity": "sha512-56rxCq7G/XfB4EkXq9Egn5GCqugWvDFjafDOThIdMBsI15iqPqR5r15TfSr1YPYeEI19YeaXMCbY6u88Y76GLQ==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
{
|
||||
|
@ -9449,12 +9458,16 @@
|
|||
{
|
||||
"type": "tidelift",
|
||||
"url": "https://tidelift.com/funding/github/npm/postcss"
|
||||
},
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/ai"
|
||||
}
|
||||
],
|
||||
"dependencies": {
|
||||
"nanoid": "^3.3.4",
|
||||
"picocolors": "^1.0.0",
|
||||
"source-map-js": "^1.0.2"
|
||||
"nanoid": "^3.3.7",
|
||||
"picocolors": "^1.1.0",
|
||||
"source-map-js": "^1.2.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^10 || ^12 || >=14"
|
||||
|
@ -11325,9 +11338,9 @@
|
|||
}
|
||||
},
|
||||
"node_modules/source-map-js": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz",
|
||||
"integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==",
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
|
||||
"integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": ">=0.10.0"
|
||||
|
@ -14110,6 +14123,19 @@
|
|||
"node": ">=10"
|
||||
}
|
||||
},
|
||||
"node_modules/yarn": {
|
||||
"version": "1.22.19",
|
||||
"resolved": "https://registry.npmjs.org/yarn/-/yarn-1.22.19.tgz",
|
||||
"integrity": "sha512-/0V5q0WbslqnwP91tirOvldvYISzaqhClxzyUKXYxs07yUILIs5jx/k6CFe8bvKSkds5w+eiOqta39Wk3WxdcQ==",
|
||||
"hasInstallScript": true,
|
||||
"bin": {
|
||||
"yarn": "bin/yarn.js",
|
||||
"yarnpkg": "bin/yarn.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=4.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/yauzl": {
|
||||
"version": "2.10.0",
|
||||
"resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
|
||||
|
@ -20667,9 +20693,9 @@
|
|||
"optional": true
|
||||
},
|
||||
"nanoid": {
|
||||
"version": "3.3.4",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
|
||||
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
|
||||
"version": "3.3.7",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
|
||||
"integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
|
||||
"dev": true
|
||||
},
|
||||
"nanomatch": {
|
||||
|
@ -21286,9 +21312,9 @@
|
|||
"dev": true
|
||||
},
|
||||
"picocolors": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
|
||||
"integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.0.tgz",
|
||||
"integrity": "sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw==",
|
||||
"dev": true
|
||||
},
|
||||
"picomatch": {
|
||||
|
@ -21428,14 +21454,14 @@
|
|||
"dev": true
|
||||
},
|
||||
"postcss": {
|
||||
"version": "8.4.21",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
|
||||
"integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
|
||||
"version": "8.4.47",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
|
||||
"integrity": "sha512-56rxCq7G/XfB4EkXq9Egn5GCqugWvDFjafDOThIdMBsI15iqPqR5r15TfSr1YPYeEI19YeaXMCbY6u88Y76GLQ==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"nanoid": "^3.3.4",
|
||||
"picocolors": "^1.0.0",
|
||||
"source-map-js": "^1.0.2"
|
||||
"nanoid": "^3.3.7",
|
||||
"picocolors": "^1.1.0",
|
||||
"source-map-js": "^1.2.1"
|
||||
}
|
||||
},
|
||||
"postcss-cli": {
|
||||
|
@ -22894,9 +22920,9 @@
|
|||
"dev": true
|
||||
},
|
||||
"source-map-js": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz",
|
||||
"integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==",
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
|
||||
"integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
|
||||
"dev": true
|
||||
},
|
||||
"source-map-resolve": {
|
||||
|
@ -25117,6 +25143,11 @@
|
|||
"integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==",
|
||||
"dev": true
|
||||
},
|
||||
"yarn": {
|
||||
"version": "1.22.19",
|
||||
"resolved": "https://registry.npmjs.org/yarn/-/yarn-1.22.19.tgz",
|
||||
"integrity": "sha512-/0V5q0WbslqnwP91tirOvldvYISzaqhClxzyUKXYxs07yUILIs5jx/k6CFe8bvKSkds5w+eiOqta39Wk3WxdcQ=="
|
||||
},
|
||||
"yauzl": {
|
||||
"version": "2.10.0",
|
||||
"resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
|
||||
|
|
|
@ -52,5 +52,8 @@
|
|||
"standard-version": "^9.1",
|
||||
"stylelint": "^13.11",
|
||||
"stylelint-config-standard": "^20.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"yarn": "^1.22.19"
|
||||
}
|
||||
}
|
||||
|
|
21
renovate.json
Normal file
|
@ -0,0 +1,21 @@
|
|||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended",
|
||||
":dependencyDashboard"
|
||||
],
|
||||
"labels": [
|
||||
"renovate-bot"
|
||||
],
|
||||
"prHourlyLimit": 0,
|
||||
"timezone": "Asia/kolkata",
|
||||
"prCreation": "immediate",
|
||||
"vulnerabilityAlerts": {
|
||||
"enabled": true,
|
||||
"labels": [
|
||||
"renovate-bot",
|
||||
"renovate-security",
|
||||
"security"
|
||||
]
|
||||
}
|
||||
}
|
|
@ -101,10 +101,12 @@ deploy() {
|
|||
if [[ -z $(git ls-remote --heads origin ${1}) ]]
|
||||
then
|
||||
echo "[*] Creating deployment branch $1"
|
||||
git stash
|
||||
git checkout --orphan $1
|
||||
else
|
||||
echo "[*] Deployment branch $1 exists, pulling changes from remote"
|
||||
git fetch origin $1
|
||||
git stash
|
||||
git switch $1
|
||||
fi
|
||||
|
||||
|
|