Hey guys, this plugin has been refactored.
Have been discussed with Memphis. In the current stages, we all agree with
keeping this plugin as simple and easy as possible to be used. And we'll
receive feedback from the community and then decide what features will be
added in the next stage.
On Wed, Mar 9, 2022 at 4:38 PM YuanSheng Wang <membp...@apache.org> wrote:
> On Wed, Mar 9, 2022 at 1:39 PM YuanSheng Wang <membp...@apache.org> wrote:
>
> > > {
> > > "plugins": {
> > > "recaptcha": {
> > > "apis":[
> > > {
> > > "path":"/login",
> > > "methods":[ "POST" ],
> > > "param_from":"header",
> > > "param_name":"captcha"
> >
> > can we use this project? https://github.com/api7/lua-resty-expr
> >
> > `lua-resty-expr` should be simpler.
> >
> >
> Please ignore this message.
>
> BTW, I think we can remove `apis`. We can bind the plugin recaptcha to a
> specific APISIX route.
> It is easier to use.
> If the community needs more power, we can implement it later.
>
>
> >
> > On Tue, Mar 8, 2022 at 7:41 PM 李玉升 <leeys....@gmail.com> wrote:
> >
> >> Background
> >> Google reCAPTCHA is a popular human-identify service in the world. It
> >> protects website(API) from spam and abuse.
> >>
> >>
> >>
> >> For now, the APISIX users who want to integrate the reCAPTCHA service in
> >> their system, either write the plugin on their own or just leave it to
> the
> >> backend microservices. Therefore, users have required the skills of
> plugin
> >> development, or into a bad situation where the reCAPTCHA layer is spread
> >> to
> >> multiple microservices.
> >>
> >>
> >>
> >> Based on the pre context. It's will be great if APISIX has official
> >> recaptcha plugin. Backend services can just focus on their core business
> >> logic and take every request as if it were sent by humans.
> >>
> >>
> >>
> >> Here is the code snippet of recaptcha plugin schema
> >>
> >> local schema = {
> >> type = "object",
> >> properties = {
> >> -- The secret key of the Google reCAPTCHA service.
> >> recaptcha_secret_key = { type = "string" },
> >> -- The list of APIs needs to be verified by reCAPTCHA.
> >> apis = {
> >> type = "array",
> >> items = {
> >> type = "object",
> >> properties = {
> >> -- The API path
> >> path = { type = "string" },
> >> -- The list of HTTP method
> >> methods = { type = "array", items = { type =
> "string"
> >> }, minItems = 1 },
> >> -- The enum of captcha parameter source. Only
> header,
> >> query are supported.
> >> param_from = {
> >> type = "string",
> >> default = "header",
> >> enum = { "header", "query" }
> >> },
> >> -- The name of captcha parameter.
> >> param_name = { type = "string", default = "captcha"
> },
> >> }
> >> },
> >> minItems = 1
> >> },
> >> -- The response of invalid recaptcha token.
> >> response = {
> >> type = "object",
> >> properties = {
> >> content_type = { type = "string", default =
> >> "application/json; charset=utf-8" },
> >> status_code = { type = "number", default = 400 },
> >> body = { type = "string", default = '{"message":
> "invalid
> >> captcha"}' }
> >> }
> >> },
> >>
> >> },
> >> additionalProperties = false,
> >> required = { "recaptcha_secret_key" },
> >> }
> >>
> >>
> >>
> >>
> >> And the example of plugin config
> >>
> >> {
> >> "plugins": {
> >> "recaptcha": {
> >> "apis":[
> >> {
> >> "path":"/login",
> >> "methods":[ "POST" ],
> >> "param_from":"header",
> >> "param_name":"captcha"
> >> },
> >> {
> >> "path":"/users/*/active",
> >> "methods":[ "POST" ],
> >> "param_from":"query",
> >> "param_name":"captcha"
> >> }
> >> ],
> >> "response":{
> >> "content_type":"application/json; charset=utf-8",
> >> "body":"{\"message\":\"invalid captcha\"}\n",
> >> "status_code":400
> >> },
> >> "recaptcha_secret_key":"6LeIxAcTAAAAAGGXXXXXXXXXXXXXXXXXXX"
> >> }
> >> }
> >> }
> >>
> >>
> >>
> >>
> >> The process would be like this
> >> 1. client-side provides a recaptcha token(obtain from google JS SDK)
> >> when
> >> invoking server API
> >> 2. the plugin determines whether to verify the request based on the
> >> plugin apis configuration.
> >> 1. NO: request will continue
> >> 2. YES: retrieve the captcha parameter from the request, and
> verify
> >> it to the google recaptcha api. allowing the request if token valid,
> >> terminating the request if token invalid.
> >>
> >>
> >> plugin document:
> >>
> >>
> https://github.com/apache/apisix/blob/41db53714936bb8e1099f477e50973b494118718/docs/en/latest/plugins/recaptcha.md
> >>
> >
> >
> > --
> >
> > *MembPhis*
> > My GitHub: https://github.com/membphis
> > Apache APISIX: https://github.com/apache/apisix
> >
>
>
> --
>
> *MembPhis*
> My GitHub: https://github.com/membphis
> Apache APISIX: https://github.com/apache/apisix
>
