@zaneray/express-recaptcha-validate
v1.0.7
Published
Express middleware validation for a g-recaptcha-response submitted on the request
Downloads
25
Maintainers
Keywords
Readme
Express server Google reCAPTCHA validate middleware
The sole purpose of this package is to be able to easily add as a middleware in an express route that will look on the request for the g-recaptcha-response token, and validate it
Installation
npm install --save @zaneray/express-recaptcha-validate
Usage
const express = require('express');
const recaptcha = require('@zaneray/express-recaptcha-validate');
const server = express();
server.use('/', express.static(__dirname));
async function start() {
recaptcha.setup(YOUR_RECAPTCHA_SECRET_KEY, OPTIONAL_RECAPTCHA_BYPASS_KEY);
server.post('/some-endpoint-path', [recaptcha.validate] (req, res) => {
res.status(200).send({success:true});
});
}
start();
Expected behavior
If the token validates, it will call next() If not, it generates an error and calls next(err)
Error Response
On an error, it will return an embelished error object that allows you to modify behavior as necessary depending on the error code or message returned.
We have a custom error handler in express that expects these elements to define the actual server response code, and wraps it in a data {} object for consistency in the client view layer.
- 400 If g-recaptcha-response is not found on the request
- 401 for all other validation errors
{
message: 'the error message',
statusCode: 401,
component: 'reCAPTCHA',
status: false
}
Request Requirements
the g-recaptcha-response property can be defined in the request body or as a request query string param. req.body is searched first, then req.query is attempted.
Your implementation of express will determine 'how' req.body is populated, but here is an example of what has worked in the past for both raw JSON and Form posts data
/* JSON BodyParser */
server.use(express.json({
strict: true,
type: 'application/json'
}));
/* FORM BodyParser */
server.use(express.urlencoded({
extended: true,
type: '*/x-www-form-urlencoded'
}));
Bypass
To create a middleware chain where you would like to test follow on tasks through an API like interface, and do not want to be blocked by an invalid token, you can optionally pass a g-recaptcha-bypass value that will be matched against the OPTIONAL_RECAPTCHA_BYPASS_KEY defined in the setup. If it matches on the request, the actual validation will be skipped and next() called
g-recaptcha-bypass: abcd12345efghi67890