dchest / captcha Goto Github PK

captcha: id not found，but I have entered the correct ID，why？

I've listened to the wav and it is very distorted.

We can setup a captcha server by using:
http.Handle("/captcha/", captcha.Server(captcha.StdWidth, captcha.StdHeight)

However, this does not allow setting custom headers for enhancing security such as:

Access-Control-Allow-Origin
X-Frame-Options
X-Content-Type-Options
X-XSS-Protection

This leaves the application vulnerable to various attacks

I've been trying to modify your example to use Gorilla Mux's routing but keep coming up with a 404 error when accessing /captcha/:

router.Methods("GET").Path("/captcha/").Handler(captcha.Server(captcha.StdWidth, captcha.StdHeight))

My example code:

http://stackoverflow.com/questions/27614932/how-do-i-convert-a-handle-to-a-handlefunc

(I should also mention I'm new to Go ;)

Please provide captcha for letters too, instead only for digits.

Thanks so much.

hi
I've been trying to modify your example to use julienschmidt routing but keep coming up with a 404 error when accessing /captcha/

instead of your code in default http route i have used this code
r.Handler(http.MethodGet,"/captcha/" ,captcha.Server(captcha.StdWidth, captcha.StdHeight))
but still i do not access to "captcha" directory and .png file too.
how could i use your library with julienschmidt http routing?

	if err := formTemplate.Execute(w, &d); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
	}

i think formTemplate.Execute is the keyword to generate a captch. But i use gin with gin multemplate.

How can i use captcha in Gin framework?

After successful verification, delete the cached verification code to prevent replay attacks.

captcha.NewLen(4)
captcha width:100
captcha height:34
result:

It's very illegible.

I am trying to implement the captcha with AJAX. Currently when a user submits just digits(runs through the Verify function in captcha.go) the captcha image becomes broken. This occurs regardless if the Reload button is triggered through JavaScript. Implementing strings or strings with digits however allows reload of image but the captcha image breaks again when only digits are entered using AJAX.

I think this is mainly because the entire web page needs to be parsed again and pass in the captcha.New() string through go templates.

So I don't see any way to combine AJAX with this set up as if I have to refresh the entire web page to pass in the captchaId string through golang templates then using AJAX would be pointless. Any ideas to work around this?

Would be cool to add the jigsaw puzzle captcha .

apparently it’s a good security option and hard to OCR defeat but curious what others think about it’s merit .

great work!
But numbers stay too close and sometimes overlap.
Do you have an image size / ratio recommendation or design an param to set the difficulty?

in image.go
make func encodedPNG() []byte to EncodedPNG() []byte,
it can support other http framework like "iris" "gin" !!!

and
1.
I recommend separate storage interfaces and image generator ，and delete storage interface，
For example,
com.google.code.kaptcha，
it only do the createText(),createImage().
other job like storage, i will choose like "redis" "mysql" "mongo"....

do not use "Id",and do not use "captcha.VerifyString(id string, digits string)" ,
I think the id just like session,but some people like me will use phone to Instead of id，and use
custom validation

Currently, Server, accepts imgWidth and imgHeight. I'd like to change it to accept a configuration struct to make it easier to expand it without API change:

type ServerConfig struct {
   ImgWidth  int
   ImgHeight int
}

func Server(config *ServerConfig) http.Handler

Another idea is to make top-level functions methods on config (renamed Server or something):

type Server struct {
   ImgWidth     int
   ImgHeight    int
   Store        Store
   CollectNum   int
   Expiration   time.Time
}

func (c *Server) Handler() http.Handler

func init() {
captcha.SetCustomStore(captcha.NewMemoryStore(100,5*time.Minute))
}

is't work ! why?

Hi everybody,

I was wondering how one can change background color to something other than transparent.

Hi, I found it really hard to recognize numbers (particularly, 0 1 5) from background noise when trying audio captcha in Chinese, even with earphone.

I'm a native listener, and I think most Chinese users would have the same feeling as me. As for me, passing the default audio captcha within 10 attempts is nearly impossible.

Could you please consider it, to replace the hard-to-recognize voices? What's more, it is reasonable to allow developers to adjust the difficulty (for example, noise intensity). Thanks.

It seems that there is no way to do this, though it would be helpful. I'd like to alert my users with "expired captcha" or "invalid captcha" instead of just reporting failure.

This is pretty minor, of course. By and large, this is a great package. Thanks for building and sharing. You've saved me quite a bit of effort/frustration/etc.

digits := captcha.RandomDigits(6)
// captcha show in image is 887479

this digits is []byte, But why did you save the verification code as real uint8.

I use the code as below but the url localhost:port/captcha/ is not found :

e := echo.New()

e.GET("/captcha/", echo.WrapHandler(captcha.Server(captcha.StdWidth, captcha.StdHeight)))

please help me

Hi,

I am in a case where i want the api to give both id and solution when invoking its service.

Some explanations, I need that while using captcha within a JSON API. Currently i only send back an id, with these new api i will be able to cipher the solution using a private key, and signing the message, which i will answer along the id. Using that i can validate any captcha issued by my api even though the service was restarted (i use no persistent db for captcha service), or, worst case, the api has totally changed because i only need to check the signed message, uncipher the solution and compare it with the JIT provided solution.

How can I add letters to drawing? it is just digits and does't provide enough security

Thank you for work on this package ，I want a captcha in base64 format，How should I do?
thanks again

I think the audio noise attribute should be controlled by the developer. I hope you can add an audio noise attribute control field

I was advised by a colleague to use this repository, as he was able to implement protection.
When I started testing I ran into a problem -- verify and verifystring display false all the time.

code:

func main() {
	id := captcha.New()
	path_img, _ := os.Create("data.png")

	var w io.WriterTo
	digits := captcha.RandomDigits(6)
	w = captcha.NewImage(id, digits, 256, 128)
	w.WriteTo(path_img)

	var x string
	fmt.Scan(&x)
	fmt.Println(
		"result: ", captcha.VerifyString(id, x), 
		"\ngenerate digits:", digits, 
		"\nid:", id,
	)
}

result from console:

Could you make dchest/captcha as a standalone service? and provide http API for web app? and pack it as a ubuntu service?