_       _         
  __ _  ___        _ __ ___  ___ __ _ _ __ | |_ ___| |__   __ _ 
 / _` |/ _ \ _____| '__/ _ \/ __/ _` | '_ \| __/ __| '_ \ / _` |
| (_| | (_) |_____| | |  __/ (_| (_| | |_) | || (__| | | | (_| |
 \__, |\___/      |_|  \___|\___\__,_| .__/ \__\___|_| |_|\__,_|
 |___/                               |_|                       

go-reCaptcha

This package handles reCaptcha (API versions 2 and 3) form submissions in Go.

Getting setup

• Usage
• Get Google reCaptcha Site Key And Secret Key
• Integrate Google reCAPTCHA in your website

Usage

• Install the package in your environment:

go get github.com/xinguang/go-recaptcha

• To use it within your own code, import github.com/xinguang/go-recaptcha and call:

package main

import (
	"github.com/xinguang/go-recaptcha"
)
func main() {
  // get your secret from https://www.google.com/recaptcha/admin
  // Using environment variables
  // export ReCAPTCHA_SECRET="reCaptcha Secret Key"
  recaptcha, err := New()

  // OR 
  const Secret = "reCaptcha Secret Key"
  recaptcha, err := NewWithSecert(Secret)
  // .....
}

• Now everytime you need to verify a API client with no special options request use

  // the recaptchaResponse corresponds to 
  // the value of g-recaptcha-response sent by the reCaptcha server.
  recaptchaResponse := "g-recaptcha-response"
  err := recaptcha.Verify(recaptchaResponse)
  if err != nil {
      // do something with err
  }
  // proceed

For specific options use the VerifyWithOptions method
Available options:

  Threshold      float64 // ignored in v2 reCaptcha
  Action         string  // ignored in v2 reCaptcha
  Hostname       string
  ApkPackageName string
  ResponseTime   float64
  RemoteIP       string

Note that as reCaptcha v3 use score for challenge validation, if no threshold option is set the default value is 0.5

err := recaptcha.VerifyWithOptions(recaptchaResponse, VerifyOption{RemoteIP: "127.0.0.1"})
if err != nil {
    // do something with err
}
// proceed

err := recaptcha.VerifyWithOptions(recaptchaResponse, VerifyOption{Action: "homepage", Threshold: 0.8})
if err != nil {
    // do something with err
}
// proceed

Both recaptcha.Verify and recaptcha.VerifyWithOptions return a error or nil if successful

Use the error to check for issues with the secret, connection with the server, options mismatches and incorrect solution.

Integrate Google reCAPTCHA in your website

• reCAPTCHA v3

To integrate it into your website you need to put it in the client side as well as in Server side. In client HTML page you need to integrate this line before the tag.

<script src="https://www.google.com/recaptcha/api.js?render=put your site key here"></script>

Google reCAPTCHA v3 is invisible. You won’t see a captcha form of any sort on your web page. You need to capture the google captcha response in your JavaScript code. Here is a small snippet.

<script>
  grecaptcha.ready(function() {
      grecaptcha.execute('put your site key here', {action: 'homepage'}).then(function(token) {
        // pass the token to the backend script for verification
      });
  });
</script>

• reCAPTCHA v2

To integrate it into your website you need to put it in client side as well as in Server side. In client HTML page you need to integrate this line before tag.

<script src='https://www.google.com/recaptcha/api.js' async defer></script>

And to show the widget into your form you need to put this below contact form, comment form etc.

<div class="g-recaptcha" data-sitekey="== Your site Key =="></div>

When the form get submit to Server, this script will send ‘g-recaptcha-response’ as a POST data. You need to verify it in order to see whether user has checked the Captcha or not.

Let’s look at the sample code to understand it better. Replace your_site_key with your reCAPTCHA site key