> {
> "plugins": {
> "recaptcha": {
> "apis":[
> {
> "path":"/login",
> "methods":[ "POST" ],
> "param_from":"header",
> "param_name":"captcha"
can we use this project? https://github.com/api7/lua-resty-expr
`lua-resty-expr` should be simpler.
On Tue, Mar 8, 2022 at 7:41 PM 李玉升 <[email protected]> wrote:
> Background
> Google reCAPTCHA is a popular human-identify service in the world. It
> protects website(API) from spam and abuse.
>
>
>
> For now, the APISIX users who want to integrate the reCAPTCHA service in
> their system, either write the plugin on their own or just leave it to the
> backend microservices. Therefore, users have required the skills of plugin
> development, or into a bad situation where the reCAPTCHA layer is spread to
> multiple microservices.
>
>
>
> Based on the pre context. It's will be great if APISIX has official
> recaptcha plugin. Backend services can just focus on their core business
> logic and take every request as if it were sent by humans.
>
>
>
> Here is the code snippet of recaptcha plugin schema
>
> local schema = {
> type = "object",
> properties = {
> -- The secret key of the Google reCAPTCHA service.
> recaptcha_secret_key = { type = "string" },
> -- The list of APIs needs to be verified by reCAPTCHA.
> apis = {
> type = "array",
> items = {
> type = "object",
> properties = {
> -- The API path
> path = { type = "string" },
> -- The list of HTTP method
> methods = { type = "array", items = { type = "string"
> }, minItems = 1 },
> -- The enum of captcha parameter source. Only header,
> query are supported.
> param_from = {
> type = "string",
> default = "header",
> enum = { "header", "query" }
> },
> -- The name of captcha parameter.
> param_name = { type = "string", default = "captcha" },
> }
> },
> minItems = 1
> },
> -- The response of invalid recaptcha token.
> response = {
> type = "object",
> properties = {
> content_type = { type = "string", default =
> "application/json; charset=utf-8" },
> status_code = { type = "number", default = 400 },
> body = { type = "string", default = '{"message": "invalid
> captcha"}' }
> }
> },
>
> },
> additionalProperties = false,
> required = { "recaptcha_secret_key" },
> }
>
>
>
>
> And the example of plugin config
>
> {
> "plugins": {
> "recaptcha": {
> "apis":[
> {
> "path":"/login",
> "methods":[ "POST" ],
> "param_from":"header",
> "param_name":"captcha"
> },
> {
> "path":"/users/*/active",
> "methods":[ "POST" ],
> "param_from":"query",
> "param_name":"captcha"
> }
> ],
> "response":{
> "content_type":"application/json; charset=utf-8",
> "body":"{\"message\":\"invalid captcha\"}\n",
> "status_code":400
> },
> "recaptcha_secret_key":"6LeIxAcTAAAAAGGXXXXXXXXXXXXXXXXXXX"
> }
> }
> }
>
>
>
>
> The process would be like this
> 1. client-side provides a recaptcha token(obtain from google JS SDK) when
> invoking server API
> 2. the plugin determines whether to verify the request based on the
> plugin apis configuration.
> 1. NO: request will continue
> 2. YES: retrieve the captcha parameter from the request, and verify
> it to the google recaptcha api. allowing the request if token valid,
> terminating the request if token invalid.
>
>
> plugin document:
>
> https://github.com/apache/apisix/blob/41db53714936bb8e1099f477e50973b494118718/docs/en/latest/plugins/recaptcha.md
>
--
*MembPhis*
My GitHub: https://github.com/membphis
Apache APISIX: https://github.com/apache/apisix
