express-recaptcha

# express-recaptcha [![NPM](https://nodei.co/npm/express-recaptcha.png?compact=true)](https://nodei.co/npm/express-recaptcha/) [![Build Status][ci-image]][ci-url] [![npm version][npm-version-image]][npm-version-url] [Google recaptcha][google-recaptcha] middleware for express. <img src="https://www.google.com/recaptcha/intro/images/hero-recaptcha-demo.gif" width="300px" /> ## Table of contents - [Installation](#installation) - [Requirements](#requirements) - [Usage](#usage) - [How to initialise](#how-to-initialise) - [`options` available/properties](#options-availableproperties) - [Render - `recaptcha.middleware.render`](#render---recaptchamiddlewarerender) - [Render and override options - `recaptcha.middleware.renderWith`](#render---recaptchamiddlewarerenderwith) - [Verify - `recaptcha.middleware.verify`](#verify---recaptchamiddlewareverify) - [List of possible error codes](#list-of-possible-error-codes) - [Examples](#examples) ## Installation ```shell npm install express-recaptcha --save ``` ## Requirements - [Expressjs][expressjs] - A [body parser][body-parser] middleware to get captcha data from query: (If you're using an express version older than 4.16.0) ```javascript app.use(bodyParser.json()) app.use(bodyParser.urlencoded({ extended: true })) ``` ## Usage ### How to initialise: #### For versions >= 4.\*.\*: (New usage) ```javascript var Recaptcha = require('express-recaptcha').RecaptchaV2 //import Recaptcha from 'express-recaptcha' var recaptcha = new Recaptcha('SITE_KEY', 'SECRET_KEY') //or with options var options = { theme: 'dark' } var recaptcha = new Recaptcha('SITE_KEY', 'SECRET_KEY', options) ``` If you're using the older version of express-recaptcha (`3.\*.\*`), then you should require Recaptcha like so: (everything else is unchanged) ```javascript var Recaptcha = require('express-recaptcha') ``` #### `options` available/properties: | option | description | |----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `onload` | The callback function that gets called when all the dependencies have loaded. | | `render` | Value could be **explicit** OR **onload**, Whether to render the widget explicitly. | | `hl` | Forces the widget to render in a specific language (Auto-detects if unspecified). | | `theme` | Value could be **dark** OR **light**, The color theme of the widget (default light). | | `type` | Value could be **audio** OR **image**, The type of CAPTCHA to serve. | | `callback` | Your callback function that's executed when the user submits a successful CAPTCHA response. | | `expired_callback` | Your callback function that's executed when the recaptcha response expires and the user needs to solve a new CAPTCHA. | | `size` | The size of the widget. | | `tabindex` | The tabindex of the widget and challenge. If other elements in your page use tabindex, it should be set to make user navigation easier. | | `checkremoteip` | Adding support of remoteip verification (based on x-forwarded-for header or remoteAddress.Value could be **true** OR **false** (default **false**). | | `useRecaptchaDomain` | Boolean. Sets `www.recaptcha.net` as the host; useful in instances where `www.google.com` may be blocked (as detailed in the [reCaptcha docs](https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally)) | **For more information, please refer to:** - [reCaptcha - display](https://developers.google.com/recaptcha/docs/display#config) - [reCaptcha - verify ](https://developers.google.com/recaptcha/docs/verify) ### Render - `recaptcha.middleware.render` The middleware's render method sets the `recaptcha` property of `res` object (new in version >= 3.\*.\*, was `req` previously), with the generated html code. Therefore, you can easily append recaptcha into your templates by passing `res.recaptcha` to the view: ```javascript app.get('/', recaptcha.middleware.render, function (req, res) { res.render('login', { captcha: res.recaptcha }) }) ``` ### Render - `recaptcha.middleware.renderWith` Same as the render middleware method except that you can override the options in parameter : ```javascript app.get( '/', recaptcha.middleware.renderWith({ theme: 'dark' }), function (req, res) { res.render('login', { captcha: res.recaptcha }) } ) ``` ### Verify - `recaptcha.middleware.verify` The middleware's verify method sets the `recaptcha` property of `req` object, with validation information: ```javascript app.post('/', recaptcha.middleware.verify, function (req, res) { if (!req.recaptcha.error) { // success code } else { // error code } }) ``` The response verification is performed on `params`, `query`, and `body` properties for the `req` object. Here is an example of a `req.recaptcha` response: #### Example of verification response: ```javascript { error: string, // error code (see table below), null if success data: { hostname: string // the site's hostname where the reCAPTCHA was solved } } ``` #### List of possible error codes: | Error code | Description | | :----------------------- | :---------------------------------------------- | | `missing-input-secret` | The secret parameter is missing. | | `invalid-input-secret` | The secret parameter is invalid or malformed. | | `missing-input-response` | The response parameter is missing. | | `invalid-input-response` | The response parameter is invalid or malformed. | | `invalid-json-response` | Can't parse google's response. Server error. | ## Examples ### express-recaptcha - with verification middleware: ```javascript var express = require('express') var bodyParser = require('body-parser') var pub = __dirname + '/public' var app = express() var Recaptcha = require('express-recaptcha').RecaptchaV2 var recaptcha = new Recaptcha('SITE_KEY', 'SECRET_KEY') //- required by express-recaptcha in order to get data from body or query. app.use(bodyParser.json()) app.use(bodyParser.urlencoded()) app.use(express.static(pub)) app.set('views', __dirname + '/views') app.set('view engine', 'jade') app.get('/', recaptcha.middleware.render, function (req, res) { res.render('login', { captcha: res.recaptcha }) }) // override default options for that route app.get( '/fr', recaptcha.middleware.renderWith({ hl: 'fr' }), function (req, res) { res.render('login', { captcha: res.recaptcha }) } ) app.post('/', recaptcha.middleware.verify, function (req, res) { if (!req.recaptcha.error) { // success code } else { // error code } }) ``` ### express-recaptcha - without verification middleware: (using `recaptcha.verify` callback instead) ```javascript var express = require('express') var bodyParser = require('body-parser') var pub = __dirname + '/public' var app = express() var Recaptcha = require('express-recaptcha').RecaptchaV2 var recaptcha = new Recaptcha('SITE_KEY', 'SECRET_KEY') //- required by express-recaptcha in order to get data from body or query. app.use(bodyParser.json()) app.use(bodyParser.urlencoded()) app.use(express.static(pub)) app.set('views', __dirname + '/views') app.set('view engine', 'jade') app.get('/', function (req, res) { res.render('login', { captcha: recaptcha.render() }) }) // override default options for that route app.get('/fr', function (req, res) { res.render('login', { captcha: recaptcha.renderWith({ hl: 'fr' }) }) }) app.post('/', function (req, res) { recaptcha.verify(req, function (error, data) { if (!error) { // success code } else { // error code } }) }) ``` ### Demo: Run the example folder for a live demo: ``` $ node example\server.js ``` [ci-image]: https://travis-ci.org/pdupavillon/express-recaptcha.svg?branch=master [ci-url]: https://travis-ci.org/pdupavillon/express-recaptcha [npm-version-image]: https://badge.fury.io/js/express-recaptcha.svg [npm-version-url]: http://badge.fury.io/js/express-recaptcha [expressjs]: https://github.com/expressjs/express [body-parser]: https://github.com/expressjs/body-parser [google-recaptcha]: https://www.google.com/recaptcha