A no-nonsense CAPTCHA system with seamless UX | Backend component
Find a file
2021-05-28 21:26:36 +05:30
.github/workflows dom manipulations uses elements 2021-05-09 16:39:52 +05:30
config docs use const routes 2021-05-02 18:36:39 +05:30
docs OAS: yaml to json 2021-04-01 15:23:36 +05:30
migrations captcha stats 2021-05-27 14:47:29 +05:30
src widget template 2021-05-28 21:26:36 +05:30
static-assets/img typescript migration 2021-05-01 19:22:44 +05:30
templates widget template 2021-05-28 21:26:36 +05:30
utils sitekey form mobile styling 2021-05-26 12:36:47 +05:30
.dockerignore sqlx offline compilation 2021-05-12 17:37:11 +05:30
.gitignore router.ts tests 2021-05-06 10:53:05 +05:30
build.rs static dir renamed and cookie auth middleware 2021-05-01 11:28:39 +05:30
Cargo.lock using custom version of actix-codegen and cors for pow routes 2021-05-25 14:34:24 +05:30
Cargo.toml show password compoenent 2021-05-15 21:36:52 +05:30
code_of_conduct.md added code_of_conduct.md 2021-05-02 18:13:13 +05:30
Cross.toml sitekey form mobile styling 2021-05-26 12:36:47 +05:30
DEVELOPMENT.md docker compose 2021-05-12 19:13:09 +05:30
docker-compose.yml docker compose 2021-05-12 19:13:09 +05:30
Dockerfile Docker build 2021-05-12 18:23:25 +05:30
jest.config.ts removelevelbutton tests 2021-05-07 21:14:15 +05:30
LICENSE.md licence 2021-03-09 17:49:20 +05:30
Makefile build tools: webpack with typescript and scss compilation 2021-05-05 23:21:59 +05:30
openapi.yaml update openapi spec 2021-04-11 22:59:35 +05:30
package.json registration tests 2021-05-06 13:48:28 +05:30
README.md footer: link to src of build version 2021-05-28 13:07:58 +05:30
rustfmt.toml get notifications 2021-05-10 15:38:09 +05:30
sailfish.yml frontend integration 2021-04-09 14:21:43 +05:30
sqlx-data.json captcha stats 2021-05-27 14:47:29 +05:30
tsconfig.json addlevelbutton test 2021-05-07 15:21:27 +05:30
webpack.config.js mobile css setup 2021-05-25 20:40:57 +05:30
yarn-error.log registration tests 2021-05-06 13:48:28 +05:30
yarn.lock registration tests 2021-05-06 13:48:28 +05:30

mCaptcha Guard

Back-end component of mCaptcha

Documentation CI (Linux) dependency status codecov
AGPL License Chat

STATUS: ACTIVE DEVELOPMENT

Guard is the back-end component of the mCaptcha system.


mCaptcha uses SHA256 based proof-of-work(PoW) to rate limit users.

When a user wants to do something on an mCaptcha-protected website,

  1. they will have to generate proof-of-work(a bunch of math that will takes time to compute) and submit it to mCaptcha.

  2. We'll validate the proof:

    • if validation is unsuccessful, they will be prevented from accessing their target website
    • if validation is successful, read on,
  3. They will be issued a token that they should submit along with their request/form submission to the target website.

  4. The target website should validate the user-submitted token with mCaptcha before processing the user's request.

The whole process is automated from the user's POV. All they have to do is click on a button to initiate the process.

mCaptcha makes interacting with websites (computationally)expensive for the user. A well-behaving user will experience a slight delay(no delay when under moderate load to 2s when under attack; PoW difficulty is variable) but if someone wants to hammer your site, they will have to do more work to send requests than your server will have to do to respond to their request.

Why use mCaptcha?

  • Free software, privacy focused
  • Seamless UX - No more annoying CAPTCHAs!
  • IP address independent: your users are behind a NAT? We got you covered!
  • Automatic bot throttling:
  • Resistant to replay attacks: proof-of-work configurations have short lifetimes(30s) and can be used only once. If a user submits a PoW to an already used configuration or an expired one, their proof will be rejected.

Demo

Demo servers are available at:

Core functionality is working but it's still very much work-in-progress. Since we don't have a stable release yet, hosted demo servers might be a few versions behind master. Please check footer for build commit.

Feel free to provide bogus information while signing up(project under development, database frequently wiped).

Self-hosted:

Clone the repo and run the following from the root of the repo:

$ docker-compose -d up

It takes a while to build the image so please be patient :)

Development:

See DEVELOPMENT.md

How to build

  • Install Cargo using rustup with:
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • Clone the repository with:
$ git clone https://github.com/mCaptcha/guard
  • Build with Cargo:
$ cd guard && cargo build

Configuration:

Guard is highly configurable. Configuration is applied/merged in the following order:

  1. path to configuration file passed in via GUARD_CONFIG
  2. ./config/default.toml
  3. /etc/guard/config.toml
  4. environment variables.

Setup

Environment variables:

Setting environment variables are optional. The configuration files have all the necessary parameters listed. By setting environment variables, you will be overriding the values set in the configuration files.

Database:
Name Value
GUARD_DATEBASE_PASSWORD Postgres password
GUARD_DATEBASE_NAME Postgres database name
GUARD_DATEBASE_PORT Postgres port
GUARD_DATEBASE_HOSTNAME Postgres hostmane
GUARD_DATEBASE_USERNAME Postgres username
GUARD_DATEBASE_POOL Postgres database connection pool size
Server:
Name Value
GUARD_SERVER_PORT (or) PORT** The port on which you want wagon to listen to
GUARD_SERVER_IP The IP address on which you want wagon to listen to
GUARD_SERVER_STATIC_FILES_DIR Path to directory containing static files
GUARD_CONFIG Path to config file