{"id":18561415,"url":"https://github.com/apostrophecms/login-recaptcha","last_synced_at":"2025-04-10T03:30:51.082Z","repository":{"id":44611999,"uuid":"448088457","full_name":"apostrophecms/login-recaptcha","owner":"apostrophecms","description":"Adds reCAPTCHA v3 to Apostrophe login pages","archived":false,"fork":false,"pushed_at":"2024-03-13T17:27:59.000Z","size":46,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-04-14T09:04:17.707Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apostrophecms.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-01-14T19:44:50.000Z","updated_at":"2024-02-27T08:27:55.000Z","dependencies_parsed_at":"2024-02-21T16:19:34.642Z","dependency_job_id":null,"html_url":"https://github.com/apostrophecms/login-recaptcha","commit_stats":{"total_commits":22,"total_committers":4,"mean_commits":5.5,"dds":0.5,"last_synced_commit":"5ce2dba6e7f4dbd3040e76f9fbbd9ff33854aa31"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flogin-recaptcha","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flogin-recaptcha/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flogin-recaptcha/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flogin-recaptcha/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apostrophecms","download_url":"https://codeload.github.com/apostrophecms/login-recaptcha/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223423342,"owners_count":17142743,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T22:06:47.327Z","updated_at":"2024-11-06T22:06:47.855Z","avatar_url":"https://github.com/apostrophecms.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/apostrophecms/apostrophe/main/logo.svg\" alt=\"ApostropheCMS logo\" width=\"80\" height=\"80\"\u003e\n\n  \u003ch1\u003eApostrophe reCAPTCHA Login Verification\u003c/h1\u003e\n  \u003cp\u003e\n    \u003ca aria-label=\"Apostrophe logo\" href=\"https://v3.docs.apostrophecms.org\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/MADE%20FOR%20ApostropheCMS-000000.svg?style=for-the-badge\u0026logo=Apostrophe\u0026labelColor=6516dd\"\u003e\n    \u003c/a\u003e\n    \u003ca aria-label=\"Test status\" href=\"https://github.com/apostrophecms/login-recaptcha/actions\"\u003e\n      \u003cimg alt=\"GitHub Workflow Status (branch)\" src=\"https://img.shields.io/github/workflow/status/apostrophecms/login-recaptcha/Tests/main?label=Tests\u0026labelColor=000000\u0026style=for-the-badge\"\u003e\n    \u003c/a\u003e\n    \u003ca aria-label=\"Join the community on Discord\" href=\"http://chat.apostrophecms.org\"\u003e\n      \u003cimg alt=\"\" src=\"https://img.shields.io/discord/517772094482677790?color=5865f2\u0026label=Join%20the%20Discord\u0026logo=discord\u0026logoColor=fff\u0026labelColor=000\u0026style=for-the-badge\u0026logoWidth=20\"\u003e\n    \u003c/a\u003e\n    \u003ca aria-label=\"License\" href=\"https://github.com/apostrophecms/login-recaptcha/blob/main/LICENSE.md\"\u003e\n      \u003cimg alt=\"\" src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026labelColor=000000\u0026label=License\u0026message=MIT\u0026color=3DA639\"\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\nThis login verification module adds a [reCAPTCHA](https://developers.google.com/recaptcha/intro) check when any user logs into the site. It uses reCAPTCHA v3, which means that the test is invisible aside from a reCAPTCHA logo at the bottom of the screen.\n\n## Installation\n\nTo install the module, use the command line to run this command in an Apostrophe project's root directory:\n\n```\nnpm install @apostrophecms/login-recaptcha\n```\n\n## Usage\n\nInstantiate the reCAPTCHA login module in the `app.js` file:\n\n```javascript\nrequire('apostrophe')({\n  shortName: 'my-project',\n  modules: {\n    '@apostrophecms/login-recaptcha': {}\n  }\n});\n```\n\nThe other requirement is to add [reCAPTCHA site and secret keys](https://developers.google.com/recaptcha/intro#recaptcha-overview) to the `@apostrophecms/login` module (*not* this module). This module adds functionality to that module (it \"improves\" it, in Apostrophe speak), so most configuration should be directly on the core login module.\n\n\n```javascript\n// modules/@apostrophecms/login/index.js\nmodule.exports = {\n  options: {\n    recaptcha: {\n      site: 'ADD YOUR SITE KEY',\n      secret: 'ADD YOUR SECRET KEY'\n    }\n  }\n};\n```\n\nOnce configured, reCAPTCHA verification should work on all login attempts.\n\n### Content security headers\n\nIf your site has a content security policy, including if you use the [Apostrophe Security Headers](https://www.npmjs.com/package/@apostrophecms/security-headers) module, you will need to add additional configuration to use this module. This module adds a script tag to the site's `head` tag fetching reCAPTCHA code. That reCAPTCHA code also constructs an iframe. The external script and iframe use the `www.google.com` and `www.gstatic.com` domains, so we need to allow resources from that domain.\n\n**If you are using the Apostrophe Security Headers module**, add the following policy configuration for that module:\n\n```javascript\nmodule.exports = {\n  options: {\n    policies: {\n      'login-recaptcha': {\n        'script-src': 'www.google.com www.gstatic.com',\n        'frame-src': 'www.google.com'\n      },\n      // Any other policies...\n    }\n  }\n};\n```\n\n**If your content security policy is configured some other way**, add `www.google.com` to the `frame-src` directive and  `www.google.com www.gstatic.com` to the `script-src` directive.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapostrophecms%2Flogin-recaptcha","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapostrophecms%2Flogin-recaptcha","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapostrophecms%2Flogin-recaptcha/lists"}