You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/08 11:50:26 UTC
[GitHub] [apisix] Dog-Lee opened a new issue #6550: Google reCAPTCHA
Dog-Lee opened a new issue #6550:
URL: https://github.com/apache/apisix/issues/6550
### Issue description
Background
Google reCAPTCHA is a popular human-identify service in the world. It protects website(API) from spam and abuse.
For now, the APISIX users who want to integrate the reCAPTCHA service in their system, either write the plugin on their own or just leave it to the backend microservices. Therefore, users have required the skills of plugin development, or into a bad situation where the reCAPTCHA layer is spread to multiple microservices.
Based on the pre context. It's will be great if APISIX has official recaptcha plugin. Backend services can just focus on their core business logic and take every request as if it were sent by humans.
Here is the code snippet of recaptcha plugin schema
```
local schema = {
type = "object",
properties = {
-- The secret key of the Google reCAPTCHA service.
recaptcha_secret_key = { type = "string" },
-- The list of APIs needs to be verified by reCAPTCHA.
apis = {
type = "array",
items = {
type = "object",
properties = {
-- The API path
path = { type = "string" },
-- The list of HTTP method
methods = { type = "array", items = { type = "string" }, minItems = 1 },
-- The enum of captcha parameter source. Only header, query are supported.
param_from = {
type = "string",
default = "header",
enum = { "header", "query" }
},
-- The name of captcha parameter.
param_name = { type = "string", default = "captcha" },
}
},
minItems = 1
},
-- The response of invalid recaptcha token.
response = {
type = "object",
properties = {
content_type = { type = "string", default = "application/json; charset=utf-8" },
status_code = { type = "number", default = 400 },
body = { type = "string", default = '{"message": "invalid captcha"}' }
}
},
},
additionalProperties = false,
required = { "recaptcha_secret_key" },
}
```
And the example of plugin config
```
{
"plugins": {
"recaptcha": {
"apis":[
{
"path":"/login",
"methods":[ "POST" ],
"param_from":"header",
"param_name":"captcha"
},
{
"path":"/users/*/active",
"methods":[ "POST" ],
"param_from":"query",
"param_name":"captcha"
}
],
"response":{
"content_type":"application/json; charset=utf-8",
"body":"{\"message\":\"invalid captcha\"}\n",
"status_code":400
},
"recaptcha_secret_key":"6LeIxAcTAAAAAGGXXXXXXXXXXXXXXXXXXX"
}
}
}
```
The process would be like this
1. client-side provides a recaptcha token(obtain from google JS SDK) when invoking server API
2. the plugin determines whether to verify the request based on the plugin apis configuration.
1. NO: request will continue
2. YES: retrieve the captcha parameter from the request, and verify it to the google recaptcha api. allowing the request if token valid, terminating the request if token invalid.
plugin document: https://github.com/apache/apisix/blob/41db53714936bb8e1099f477e50973b494118718/docs/en/latest/plugins/recaptcha.md
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org