This is a Laravel implementation for the server-side of Altcha, a proof-of-work captcha that does not require any third-party service.
You can install the package via composer:
composer require grantholle/laravel-altchaOptionally, publish the config file with:
php artisan vendor:publish --tag="altcha-config"In .env (or published config file), set the following variables:
# Required, sort of like a password
ALTCHA_HMAC_KEY=
# Optional, defaults to SHA-256. Can be SHA-384 or SHA-512
# ALTCHA_ALGORITHM="SHA-256"Out of the box, the package registers a /altcha-challenge endpoint to use you on your frontend.
Following the frontend integration, use the following snippet to get a challenge:
<altcha-widget challengeurl="/altcha-challenge"></altcha-widget>Implementation will be different given your frontend, but here's an example Vue component to use:
<template>
<altcha-widget challengeurl="/altcha-challenge" @statechange="stateChanged"></altcha-widget>
</template>
<script setup>
import 'altcha'
const emit = defineEmits(['update:modelValue'])
const stateChanged = ev => {
if (ev.detail.state === 'verified') {
emit('update:modelValue', ev.detail.payload)
}
}
</script>In an Inertja.js form, you could use this component like so:
<template>
<form @submit.prevent="form.post('/login')">
<label for="email">Email</label>
<input type="email" name="email" v-model="form.email">
<label for="password">Password</label>
<input type="password" name="password" v-model="form.password">
<Altcha v-model="form.token" />
<button type="submit">Submit</button>
</form>
</template>
<script setup>
import { useForm } from '@inertiajs/inertia-vue3'
// This is the component we made above
import Altcha from '@/components/forms/Altcha.vue'
const form = useForm({
email: null,
password: null,
token: null,
})
</script>To validate the frontend-generated token/payload, there's a ValidAltcha rule you can use, assuming the token is passed as token in the request:
use GrantHolle\Altcha\Rules\ValidAltcha;
$request->validate([
'email' => ['required', 'email'],
'password' => ['required'],
'altcha' => ['required', new ValidAltcha()],
]);composer testPlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.