/
gocaptcha.go
142 lines (127 loc) · 4.65 KB
/
gocaptcha.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
package gocaptcha
import (
"bufio"
"bytes"
"errors"
"fmt"
"io"
"net"
"net/http"
"net/url"
"os"
"text/template"
)
var captchaHTML *template.Template
func init() {
var err error
captchaHTML, err = template.New("CaptchaHTML").Parse(`
<script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k={{.PublicKey}}&error={{.ErrorCode}}"></script>
<noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k={{.PublicKey}}&error={{.ErrorCode}}" height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
<input type="hidden" name="recaptcha_response_field" value="manual_challenge">
</noscript>
`)
if err != nil {
fmt.Printf("Error parsing CaptchaHTML template.")
os.Exit(-1)
}
}
// A GoCaptcha object identifies a single reCAPTCHA session (for one client).
// It is possible to store this object on a session activity and re-use it lateron for verification.
// This object keeps track of faulty verifications and makes sure any newly generated HTML contains an error message for the end-user, as provided by reCAPTCHA.
// Once a reCAPTCHA response was successfully verified this object should be discarded.
type GoCaptcha struct {
publickey string
privatekey string
lastErrorCode string
lastResult bool
}
// NewGoCaptha creates a new GoCaptcha object.
// Privatekey is the api key to be used with reCAPTCHA.
func NewGoCaptcha(publickey string, privatekey string) *GoCaptcha {
gc := &GoCaptcha{
publickey: publickey,
privatekey: privatekey,
}
return gc
}
// Generate the reCAPTCHA HTML for this session and write it to the given io.Writer.
func (gc *GoCaptcha) WriteHTML(w io.Writer) error {
err := captchaHTML.Execute(w, struct {
PublicKey string
ErrorCode string
}{gc.publickey, gc.lastErrorCode})
return err
}
// Generate the reCAPTCHA HTML for this session and return it as string.
// If error is not nil then something went wrong and string is empty.
func (gc *GoCaptcha) HTMLString() (string, error) {
buf := new(bytes.Buffer)
err := gc.WriteHTML(buf)
if err != nil {
return "", err
}
return buf.String(), nil
}
// Generate the reCAPTCHA HTML for this session and return it as byteslice.
// If error is not nil then something went wrong and the byteslice is empty.
func (gc *GoCaptcha) HTMLBytes() ([]byte, error) {
buf := new(bytes.Buffer)
err := gc.WriteHTML(buf)
if err != nil {
return []byte{}, err
}
return buf.Bytes(), nil
}
// Verify calls the reCAPTCHA API to verify if the given response by end-user is correct.
// Any returned error indicates a unsuccessfull api call. It does not indicate that the reCAPTCHA response by the end-user was faulty.
// Any returned error value is not to be shown to the end-user.
// When the error is nil, then response=false indicates that the reCAPTCHA response by the end-user was faulty.
// End-user will be notified of a faulty reCAPTCHA response when re-using this GoCaptcha object to generate HTML code again.
//
// Expected parameters:
// challenge string, form value as sent by the http request. (Set by the reCAPTCHA in the end-users browser.)
// response string, form value as sent by the http request. (The answer given by the end-user.)
// remoteaddr string, The http.Request.RemoteAddr (e.g. "127.0.0.1:45435") from the client's endpoint.
func (gc *GoCaptcha) Verify(challenge string, response string, remoteaddr string) (bool, error) {
if gc.lastResult {
return false, errors.New("This GoCaptcha session has already been successfully verified. Please create a new GoCaptcha session.")
}
remoteip, _, err := net.SplitHostPort(remoteaddr)
if err != nil {
return false, err
}
apiRequestValues := url.Values{}
apiRequestValues.Set("privatekey", gc.privatekey)
apiRequestValues.Set("remoteip", remoteip)
apiRequestValues.Set("challenge", challenge)
apiRequestValues.Set("response", response)
apiResponse, err := http.PostForm("https://www.google.com/recaptcha/api/verify", apiRequestValues)
if err != nil {
return false, err
}
defer apiResponse.Body.Close()
reader := bufio.NewReader(apiResponse.Body)
// read first line
line1, err := reader.ReadString('\n')
if err != nil {
return false, errors.New("Received unexpected result value from reCAPTCHA API.")
}
switch line1 {
case "true\n":
gc.lastResult = true
gc.lastErrorCode = ""
return true, nil
case "false\n":
// read second line
line2, err := reader.ReadString('\n')
if err != nil && err != io.EOF {
return false, errors.New("Received unexpected result value from reCAPTCHA API.")
}
gc.lastErrorCode = line2
default:
return false, errors.New("Received unexpected result value from reCAPTCHA API.")
}
return false, nil
}