Nuvola Cloudflare Turnstile Authenticator Bundle

This bundle provides authentication based on the response from Cloudflare Turnstile.

Configuration

To install the bundle, follow these steps:

• The following parameters are required for bundle configuration in the ./config/packages/cf_turnstile_authenticator.yaml file:

cf_turnstile_authenticator:
    secret_key: '%env(string:CF_TURNSTILE_AUTHENTICATOR_SECRET_KEY)%'

• add the CF_TURNSTILE_AUTHENTICATOR_SECRET_KEY environment variable to the .env file with a dummy secret key
• add the CF_TURNSTILE_AUTHENTICATOR_SECRET_KEY environment variable to the .env.local file with the secret key from Cloudflare Turnstile

Installation

To install the bundle, follow these steps:

• Run the following command to install the bundle:

composer require nuvola/cloudflare-turnstile-authenticator-bundle

• add the bundle to the ./config/bundles.php file:

<?php
// ...
    Nuvola\CloudflareTurnstileAuthenticatorBundle\CloudflareTurnstileAuthenticatorBundle::class => ['all' => true],
// ...

• to use the bundle, add the following code to the ./config/packages/security.yaml file:

security:
# ...
    firewalls:
# ...
        # adjust the name and pattern to your application!
        public:
            pattern: ^/api/public/
            stateless: true
            custom_authenticators:
              - Nuvola\CloudflareTurnstileAuthenticatorBundle\Security\CloudflareTurnstileAuthenticator
# ...
    access_control:
      - { path: ^/api/public/, roles: IS_AUTHENTICATED_FULLY }
# ...

After adding this configuration, only authenticated by response token from the Cloudflare Turnstile will be passed.

Usage

curl -H "x-cf-turnstile-response: $RESPONSE" https://api.nuvola.pl/api/public/users/7ff847d9-a2e0-4f93-9c00-b59ecd51a766

• $RESPONSE is a variable that stores the token retrieved in the web browser