> How about parameter_source?
I prefer to be consistent with other configurations in APISIX's plugins,
such as using `header`, `query`, etc.
YuanSheng Wang <membp...@apache.org> 于2022年3月9日周三 13:39写道:
> > {
> > "plugins": {
> > "recaptcha": {
> > "apis":[
> > {
> > "path":"/login",
> > "methods":[ "POST" ],
> > "param_from":"header",
> > "param_name":"captcha"
>
> can we use this project? https://github.com/api7/lua-resty-expr
>
> `lua-resty-expr` should be simpler.
>
>
> On Tue, Mar 8, 2022 at 7:41 PM 李玉升 <leeys....@gmail.com> wrote:
>
> > Background
> > Google reCAPTCHA is a popular human-identify service in the world. It
> > protects website(API) from spam and abuse.
> >
> >
> >
> > For now, the APISIX users who want to integrate the reCAPTCHA service in
> > their system, either write the plugin on their own or just leave it to
> the
> > backend microservices. Therefore, users have required the skills of
> plugin
> > development, or into a bad situation where the reCAPTCHA layer is spread
> to
> > multiple microservices.
> >
> >
> >
> > Based on the pre context. It's will be great if APISIX has official
> > recaptcha plugin. Backend services can just focus on their core business
> > logic and take every request as if it were sent by humans.
> >
> >
> >
> > Here is the code snippet of recaptcha plugin schema
> >
> > local schema = {
> > type = "object",
> > properties = {
> > -- The secret key of the Google reCAPTCHA service.
> > recaptcha_secret_key = { type = "string" },
> > -- The list of APIs needs to be verified by reCAPTCHA.
> > apis = {
> > type = "array",
> > items = {
> > type = "object",
> > properties = {
> > -- The API path
> > path = { type = "string" },
> > -- The list of HTTP method
> > methods = { type = "array", items = { type = "string"
> > }, minItems = 1 },
> > -- The enum of captcha parameter source. Only header,
> > query are supported.
> > param_from = {
> > type = "string",
> > default = "header",
> > enum = { "header", "query" }
> > },
> > -- The name of captcha parameter.
> > param_name = { type = "string", default = "captcha"
> },
> > }
> > },
> > minItems = 1
> > },
> > -- The response of invalid recaptcha token.
> > response = {
> > type = "object",
> > properties = {
> > content_type = { type = "string", default =
> > "application/json; charset=utf-8" },
> > status_code = { type = "number", default = 400 },
> > body = { type = "string", default = '{"message": "invalid
> > captcha"}' }
> > }
> > },
> >
> > },
> > additionalProperties = false,
> > required = { "recaptcha_secret_key" },
> > }
> >
> >
> >
> >
> > And the example of plugin config
> >
> > {
> > "plugins": {
> > "recaptcha": {
> > "apis":[
> > {
> > "path":"/login",
> > "methods":[ "POST" ],
> > "param_from":"header",
> > "param_name":"captcha"
> > },
> > {
> > "path":"/users/*/active",
> > "methods":[ "POST" ],
> > "param_from":"query",
> > "param_name":"captcha"
> > }
> > ],
> > "response":{
> > "content_type":"application/json; charset=utf-8",
> > "body":"{\"message\":\"invalid captcha\"}\n",
> > "status_code":400
> > },
> > "recaptcha_secret_key":"6LeIxAcTAAAAAGGXXXXXXXXXXXXXXXXXXX"
> > }
> > }
> > }
> >
> >
> >
> >
> > The process would be like this
> > 1. client-side provides a recaptcha token(obtain from google JS SDK)
> when
> > invoking server API
> > 2. the plugin determines whether to verify the request based on the
> > plugin apis configuration.
> > 1. NO: request will continue
> > 2. YES: retrieve the captcha parameter from the request, and
> verify
> > it to the google recaptcha api. allowing the request if token valid,
> > terminating the request if token invalid.
> >
> >
> > plugin document:
> >
> >
> https://github.com/apache/apisix/blob/41db53714936bb8e1099f477e50973b494118718/docs/en/latest/plugins/recaptcha.md
> >
>
>
> --
>
> *MembPhis*
> My GitHub: https://github.com/membphis
> Apache APISIX: https://github.com/apache/apisix
>
