@zaneray/express-recaptcha-validate
Advanced tools
Express middleware validation for a g-recaptcha-response submitted on the request
The sole purpose of this package is to be able to easily add as a middleware in an express route that will look on the request for the g-recaptcha-response token, and validate it
npm install --save @zaneray/express-recaptcha-validate
const express = require('express');
const recaptcha = require('@zaneray/express-recaptcha-validate');
const server = express();
server.use('/', express.static(__dirname));
async function start() {
recaptcha.setup(YOUR_RECAPTCHA_SECRET_KEY, OPTIONAL_RECAPTCHA_BYPASS_KEY);
server.post('/some-endpoint-path', [recaptcha.validate] (req, res) => {
res.status(200).send({success:true});
});
}
start();
If the token validates, it will call next() If not, it generates an error and calls next(err)
On an error, it will return an embelished error object that allows you to modify behavior as necessary depending on the error code or message returned.
We have a custom error handler in express that expects these elements to define the actual server response code, and wraps it in a data {} object for consistency in the client view layer.
{
message: 'the error message',
statusCode: 401,
component: 'reCAPTCHA',
status: false
}
the g-recaptcha-response property can be defined in the request body or as a request query string param. req.body is searched first, then req.query is attempted.
Your implementation of express will determine 'how' req.body is populated, but here is an example of what has worked in the past for both raw JSON and Form posts data
/* JSON BodyParser */
server.use(express.json({
strict: true,
type: 'application/json'
}));
/* FORM BodyParser */
server.use(express.urlencoded({
extended: true,
type: '*/x-www-form-urlencoded'
}));
To create a middleware chain where you would like to test follow on tasks through an API like interface, and do not want to be blocked by an invalid token, you can optionally pass a g-recaptcha-bypass value that will be matched against the OPTIONAL_RECAPTCHA_BYPASS_KEY defined in the setup. If it matches on the request, the actual validation will be skipped and next() called
g-recaptcha-bypass: abcd12345efghi67890
FAQs
Express middleware validation for a g-recaptcha-response submitted on the request
We found that @zaneray/express-recaptcha-validate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.