_ _ __ _ ___ _ __ ___ ___ __ _ _ __ | |_ ___| |__ __ _ / _` |/ _ \ _____| '__/ _ \/ __/ _` | '_ \| __/ __| '_ \ / _` | | (_| | (_) |_____| | | __/ (_| (_| | |_) | || (__| | | | (_| | \__, |\___/ |_| \___|\___\__,_| .__/ \__\___|_| |_|\__,_| |___/ |_|
This package handles reCaptcha (API versions 2 and 3) form submissions in Go.
- Install the package in your environment:
go get github.com/xinguang/go-recaptcha
- To use it within your own code, import github.com/xinguang/go-recaptcha and call:
package main
import (
"github.com/xinguang/go-recaptcha"
)
func main() {
// get your secret from https://www.google.com/recaptcha/admin
// Using environment variables
// export ReCAPTCHA_SECRET="reCaptcha Secret Key"
recaptcha, err := New()
// OR
const Secret = "reCaptcha Secret Key"
recaptcha, err := NewWithSecert(Secret)
// .....
}
- Now everytime you need to verify a API client with no special options request use
// the recaptchaResponse corresponds to
// the value of g-recaptcha-response sent by the reCaptcha server.
recaptchaResponse := "g-recaptcha-response"
err := recaptcha.Verify(recaptchaResponse)
if err != nil {
// do something with err
}
// proceed
For specific options use the VerifyWithOptions
method
Available options:
Threshold float64 // ignored in v2 reCaptcha
Action string // ignored in v2 reCaptcha
Hostname string
ApkPackageName string
ResponseTime float64
RemoteIP string
Note that as reCaptcha v3 use score for challenge validation, if no threshold option is set the default value is 0.5
err := recaptcha.VerifyWithOptions(recaptchaResponse, VerifyOption{RemoteIP: "127.0.0.1"})
if err != nil {
// do something with err
}
// proceed
err := recaptcha.VerifyWithOptions(recaptchaResponse, VerifyOption{Action: "homepage", Threshold: 0.8})
if err != nil {
// do something with err
}
// proceed
Both recaptcha.Verify and recaptcha.VerifyWithOptions return a error or nil if successful
Use the error to check for issues with the secret, connection with the server, options mismatches and incorrect solution.
To integrate it into your website you need to put it in the client side as well as in Server side. In client HTML page you need to integrate this line before the tag.
<script src="https://www.google.com/recaptcha/api.js?render=put your site key here"></script>
Google reCAPTCHA v3 is invisible. You won’t see a captcha form of any sort on your web page. You need to capture the google captcha response in your JavaScript code. Here is a small snippet.
<script>
grecaptcha.ready(function() {
grecaptcha.execute('put your site key here', {action: 'homepage'}).then(function(token) {
// pass the token to the backend script for verification
});
});
</script>
To integrate it into your website you need to put it in client side as well as in Server side. In client HTML page you need to integrate this line before tag.
<script src='https://www.google.com/recaptcha/api.js' async defer></script>
And to show the widget into your form you need to put this below contact form, comment form etc.
<div class="g-recaptcha" data-sitekey="== Your site Key =="></div>
When the form get submit to Server, this script will send ‘g-recaptcha-response’ as a POST data. You need to verify it in order to see whether user has checked the Captcha or not.
Let’s look at the sample code to understand it better.
Replace your_site_key
with your reCAPTCHA site key