{"id":26337165,"url":"https://github.com/truewinter/snowcaptcha","last_synced_at":"2025-03-16T02:17:53.078Z","repository":{"id":225349651,"uuid":"765755255","full_name":"TrueWinter/SnowCaptcha","owner":"TrueWinter","description":null,"archived":false,"fork":false,"pushed_at":"2024-03-05T16:50:27.000Z","size":187,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-05-02T02:58:04.919Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TrueWinter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-01T14:55:45.000Z","updated_at":"2024-03-01T15:41:30.000Z","dependencies_parsed_at":"2024-03-03T16:30:05.466Z","dependency_job_id":"f5b768d2-7b8a-4f47-95f7-4e05facb9b92","html_url":"https://github.com/TrueWinter/SnowCaptcha","commit_stats":null,"previous_names":["truewinter/snowcaptcha"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrueWinter%2FSnowCaptcha","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrueWinter%2FSnowCaptcha/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrueWinter%2FSnowCaptcha/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrueWinter%2FSnowCaptcha/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TrueWinter","download_url":"https://codeload.github.com/TrueWinter/SnowCaptcha/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243814895,"owners_count":20352038,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-16T02:17:52.532Z","updated_at":"2025-03-16T02:17:53.066Z","avatar_url":"https://github.com/TrueWinter.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SnowCaptcha\n\nSnowCaptcha is designed to collect and process as little data as possible while still achieving its goal of stopping bots.\n\n## How does it work?\n\nWhen a user tries to complete the captcha, SnowCaptcha checks the reputation associated with the IP address. If the IP address has a bad reputation, the user will have to complete a visual challenge. A proof-of-work challenge is always issued.\n\nCurrently, the following reputation sources are used:\n- Local: when a user completes the captcha, their IP prefix (/24 for IPv4, /48 for IPv6) is stored and will have a bad reputation for 10 minutes\n- [BGP.tools](https://bgp.tools): networks that are categorized by BGP.tools as being a server host, VPN host, Tor services host, or an event network will have all of their prefixes added to SnowCaptcha's bad reputation list (this data is updated at most once every 2 hours)\n- [Project Honey Pot](https://www.projecthoneypot.org): IPv4 only, requires an API key\n\nThe user has 5 minutes to solve all challenges, at which point the server will have 5 minutes to validate the token. Tokens can only be validated once.\n\n## Requirements\n\n- A web server with the ability to proxy requests to a backend and add headers (HAProxy is recommended for multi-instance deployments)\n- SSL certificate\n- 1GB memory minimum, 2GB recommended\n  - It is recommended to allocate 256MB memory per SnowCaptcha instance, plus extra for Java off-heap, OS, and database use\n- Redis\n- MySQL\n- Linux server (recommended)\n- Java 17+\n\nIt has been tested on modern versions of Firefox, Chrome, and Safari.\n\n## Usage\n\nAfter starting SnowCaptcha for the first time, a configuration file will be created. Modify this as needed and then start SnowCaptcha again. The recommended JVM flags are `-XX:+UseG1GC -Xms384M -Xmx384M` (adjust memory as needed).\n\nConfigure your web server to terminate SSL and proxy requests to SnowCaptcha. You will need to set up a header that contains the user's IP address (ensuring that the header contains only the IP address, and that IPv4 addresses are not in the IPv4-mapped IPv6 address format), and configure this header in the SnowCaptcha config file.\n\nThen, log in to the SnowCaptcha dashboard using the username `admin` and password `snowcaptcha`. It is recommended to change the password as soon as possible. Add a widget, taking note of the site key and secret key (which will only be shown once).\n\nSnowCaptcha is designed to support multiple instances connected to the same Redis and MySQL database. It is recommended to run at least two instances for redundancy and to allow for zero-downtime updates. You should ensure that your load balancer only considers an instance down if it receives a non-200 response from the `/health` endpoint or the connection times out.\n\nImplementing a widget on your website is easy:\n```html\n\u003cform\u003e\n    \u003c!-- Put this where you'd like the captcha to appear. data-mode can be \"light\" (default) or \"dark\" --\u003e\n    \u003cdiv class=\"snowcaptcha\" data-mode=\"dark\"\u003e\u003c/div\u003e\n\u003c/form\u003e\n\n\u003cscript src=\"https://{snowcaptcha_instance}/build/captcha/captcha.js\" data-sitekey=\"{ your_site_key }\" async\u003e\u003c/script\u003e\n```\n\nThe script can also have the following optional attributes:\n- `data-callback`: The name of the callback function that will be called when the captcha is loaded, solved, errors, reset, or expires\n  - The callback data will be one of: `LOADED`, `SOLVED`, `RESET`, `ERROR`, `EXPIRED`\n- `data-host`: The URL of the SnowCaptcha instance, if it is different to the script `src` domain\n\nThe script can also be lazy loaded, if necessary.\n\nIt is possible to load SnowCaptcha from a CDN. However, as the captcha files intentionally do not contain hashes in the names and have a no-cache header, this requires additional configuration to ensure that the files get cached on the CDN and need to be manually purged after updating SnowCaptcha.\n\nSnowCaptcha will inject a hidden input element with the name `snowcaptcha` before the `snowcaptcha` div. This input field will only be populated after the user completes a captcha. To validate the captcha token server-side, send a POST request to `/validate-token` with the following data:\n```json\n{\n    \"token\": \"token from client-side input\",\n    \"sitekey\": \"your site key\",\n    \"secretkey\": \"your secret key\"\n}\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftruewinter%2Fsnowcaptcha","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftruewinter%2Fsnowcaptcha","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftruewinter%2Fsnowcaptcha/lists"}