Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
github.com/FriendlyCaptcha/friendly-captcha-go-sdk
A Go client for the Friendly Captcha verification API.
go get github.com/friendlycaptcha/friendly-captcha-go-sdk
import "github.com/friendlycaptcha/friendly-captcha-go-sdk"
frcClient := friendlycaptcha.NewClient(apikey, sitekey)
// In your middleware or request handler
solution := r.FormValue(friendlycaptcha.SolutionFormFieldName)
shouldAccept, err := frcClient.CheckCaptchaSolution(r.Context(), solution)
if err != nil {
if errors.Is(err, friendlycaptcha.ErrVerificationFailedDueToClientError) {
log.Printf("!!!!!\n\nFriendlyCaptcha is misconfigured! Check your Friendly Captcha API key and sitekey: %v\n", err)
// Send yourself an alert - the captcha won't be able to do its job to prevent spam.
} else if (errors.Is(err, friendlycaptcha.ErrVerificationRequest)) {
log.Printf("Could not talk to the Friendly Captcha API: %v\n", err)
// Perhaps the Friendly Captcha API is down?
}
}
if !shouldAccept { // The captcha was invalid
// Show the user a message that the anti-robot verification failed and that they should try again
return
}
// The captcha check was succesful, handle the request :)
Beware that the CheckCaptchaSolution
function returns two values:
bool
)Even if the error is non-nil, the first boolean value may still be true and you should accept the request!
As a best practice we accept the captcha solution if we are unable to verify it: if we misconfigure our apikey or Friendly Captcha's API goes down we would rather accept all requests than lock all users out.
If you want to change this behavior you can set client.Strict
to true, then the accept value will only be true if we were actually able to verify the captcha solution and it was valid.
Run the example
cd examples/form
FRC_SITEKEY=<my sitekey> FRC_APIKEY=<my api key> go run main.go
Then open your browser and head to http://localhost:8844
Note: you can create a sitekey and API key in the Friendly Captcha dashboard.
Example Screenshot
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.