Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bigbluehat/couch-recaptcha
Integrating Google's reCAPTCHA on Apache CouchDB
https://github.com/bigbluehat/couch-recaptcha
Last synced: about 2 months ago
JSON representation
Integrating Google's reCAPTCHA on Apache CouchDB
- Host: GitHub
- URL: https://github.com/bigbluehat/couch-recaptcha
- Owner: BigBlueHat
- License: apache-2.0
- Created: 2016-01-20T14:43:15.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2016-01-20T15:04:39.000Z (almost 9 years ago)
- Last Synced: 2024-10-16T20:50:31.156Z (2 months ago)
- Size: 5.86 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# couch-recaptcha
Integrating [Google's reCAPTCHA](https://www.google.com/recaptcha/) on [Apache CouchDB](http://couchdb.apache.org/).
## How
reCAPTCHA is a two part invention:
- client-side JS widget to gather the user's actions
- server-side code to do a "background check" on those actions to "double check"> To use reCAPTCHA, you need to sign up for an API key pair for your site. The key pair consists of a site key and secret. The site key is used to display the widget on your site. The secret authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. The secret needs to be kept safe for security purposes.
>
> -- https://developers.google.com/recaptcha/docs/start## How on Couch?
So. CouchDB can't (on it's own) send outbound HTTP requests to other servers or APIs. However, we've got some options.
### Option 1
The `_changes` feed gives us information on every document change (including deletes) that happen in a database. We could use this on a `recaptcha-verify` database to gather the submissions from the widget, watch the `_changes` feed there, send the verification asynchronously, and then mark a related doc (perhaps in a different database) as being verified.
### Option 2
CouchDB has some extreme modularity if you dig into the config. One of the available extension points are [External Processes](http://docs.couchdb.org/en/1.6.1/config/externals.html) one type of which is known as an [Update Notification](http://docs.couchdb.org/en/1.6.1/config/externals.html#config-update-notification). These can be written in any language on the host machine--you'll note the example uses Ruby.
This approach could be coupled with the `_changes` feed to avoid polling the feed. Alternatively, this could be used with a `_view` to allow the verify docs to be mixed in with other docs and avoid a separate `recaptcha-verify` database.
### Option 3
CouchDB can also be used as [a *minimal* HTTP Proxy](http://docs.couchdb.org/en/1.6.1/config/proxying.html#couchdb-as-proxy). This could possibly be used to keep the server-side secret bit in CouchDB's config (vs. sent to the client). The `POST` request would then be sent to this proxied ("secreted") endpoint with whatever data the client knows.
### Option 4
Do it all with AJAX? It's still not 100% clear to me if a server is required. I've not found any decent flow docs to know what piece of data lives where, but the vast majority of examples point to server-side code.
## Conclusion
It's possible, but it seems it will take extension.
# License
Apache License 2.0