npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@zaneray/express-recaptcha-validate

v1.0.7

Published

Express middleware validation for a g-recaptcha-response submitted on the request

Downloads

22

Readme

Express server Google reCAPTCHA validate middleware

The sole purpose of this package is to be able to easily add as a middleware in an express route that will look on the request for the g-recaptcha-response token, and validate it

Installation

npm install --save @zaneray/express-recaptcha-validate

Usage

const express = require('express');
const recaptcha = require('@zaneray/express-recaptcha-validate');

const server = express();
server.use('/', express.static(__dirname));

async function start() {
  recaptcha.setup(YOUR_RECAPTCHA_SECRET_KEY, OPTIONAL_RECAPTCHA_BYPASS_KEY);
  server.post('/some-endpoint-path', [recaptcha.validate] (req, res) => {
      res.status(200).send({success:true});
  });
}
start();

Expected behavior

If the token validates, it will call next() If not, it generates an error and calls next(err)

Error Response

On an error, it will return an embelished error object that allows you to modify behavior as necessary depending on the error code or message returned.

We have a custom error handler in express that expects these elements to define the actual server response code, and wraps it in a data {} object for consistency in the client view layer.

  • 400 If g-recaptcha-response is not found on the request
  • 401 for all other validation errors
{
  message: 'the error message',
  statusCode: 401,
  component: 'reCAPTCHA',
  status: false  
}

Request Requirements

the g-recaptcha-response property can be defined in the request body or as a request query string param. req.body is searched first, then req.query is attempted.

Your implementation of express will determine 'how' req.body is populated, but here is an example of what has worked in the past for both raw JSON and Form posts data

/* JSON BodyParser */
server.use(express.json({
  strict: true,
  type: 'application/json'
}));

/* FORM BodyParser */
server.use(express.urlencoded({
  extended: true,
  type: '*/x-www-form-urlencoded'
}));

Bypass

To create a middleware chain where you would like to test follow on tasks through an API like interface, and do not want to be blocked by an invalid token, you can optionally pass a g-recaptcha-bypass value that will be matched against the OPTIONAL_RECAPTCHA_BYPASS_KEY defined in the setup. If it matches on the request, the actual validation will be skipped and next() called

g-recaptcha-bypass: abcd12345efghi67890