als-captcha

2.0.2 • Public • Published

als-captcha

als-captcha is a Node.js library for generating and validating a simple yet effective captcha. It employs a combination of image recognition with noise and tilt, basic math problem solving, and several other strategies to differentiate between human users and bots.

Installation

To install als-captcha, use npm:

npm i als-captcha

Basic Usage

const Captcha = require('als-captcha');
const captcha = new Captcha() // dafult params and eng language for audio

// create captcha
app.get('/captcha', async (req, res) => {
    const captchaHtml = await captcha.create(req,res,true) // last parameter include audio
    res.send(`<!DOCTYPE html>
<html lang="en">
<head>
   <title>HEllo</title>
</head>

<body>
    <form>
        ${captchaHtml}
    </form>
<body>
</html>
`);
});

// validate captcha
app.post('/submit-captcha', (req, res) => {
    if (catpcha.valid(req)) res.send("right");
    else res.send("wrong");
});

Security Strategies

als-captcha uses multiple strategies to enhance security:

  • Image Recognition Challenge: A captcha image with noise, tilt, and bot-unfriendly font.
  • Math Problem Solving: A basic math problem that must be solved correctly, ensuring complete text recognition.
  • Hidden importantInfo Field: Remains empty and is used to detect bots that might fill it.
  • Bot Detection through onchange Event: If the onchange event does not trigger, the bot field retains its default value, indicating a bot.
  • Timestamp and Screen Dimension Check: Captures the time taken to complete the captcha and multiplies the screen's color depth with its width to generate a unique number, which helps in bot detection.

Advanced Usage

Configuration includes 3 parts:

  • params(Object) - the parameters for captcha class
    • first parameter in constructor
  • lang(String) - the language for audio
    • second parameter in constructor
    • default 'eng', available: eng,ru,he
  • cookieOptions(Object) - options for cookie
    • available as instance.cookieOptions

Parameters

The parameters includes:

  • logger(Function): function for logging errors. Default console.log
  • maxAge (Number): captcha life time (after this time, captcha outdated). Default is 10 minutes
  • filePath (String): The place for saving captcha tokens start. Default join(__dirname, 'captcha-start')

Example for custom cofiguration:

const logs = []
const captcha = new Captcha({
    logger:(...e) => logs.push(e),
    maxAge:1000*60*30,
    filePath:'./captcha-start'
})

Language - lang

The Captcha class using als-math-audio-composer for composing audio for captcha. By default the language is english (eng). At the moment, available languages are:

  • eng - english
  • ru - russian
  • he - hebrew

als-math-audio-composer using sync method to read the files and than caching it. You can cache all needed sounds on init like this:

const captcha = new Captcha({},'ru') // Set Russian as the captcha language
captcha.audioComposer.cacheAll() // Optionally pre-cache all audio files for faster response

Cookie settings

The Captcha using crypted cookies for storing token and captcha result. By default cookies sent with the folowing options:

{ 
    path: '/', 
    secure: true, 
    httpOnly: true, 
    maxAge:60*10, 
    sameSite:'lax' 
}

The configuraton builded with als-cookie-options and you can change it. Here is the example how to change:

const captcha = new Captcha()
captcha.cookieOptions.sameSite = 'strict'

Package Sidebar

Install

npm i als-captcha

Weekly Downloads

23

Version

2.0.2

License

ISC

Unpacked Size

29.1 kB

Total Files

16

Last publish

Collaborators

  • alexsorkin