npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

next-hcaptcha

v1.4.3

Published

Guard your Next.js API routes with HCaptcha

Downloads

422

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

igorklepackiigorklepacki

Keywords

nextjsnextjs-pluginhcaptcharecaptchacaptchareact-hcaptchareact-recaptcha

Readme

Introduction

This library provides simple higher order function
with responsibility of "guarding" specific Next.js API route.

Sample usage:

import { withHCaptcha } from 'next-hcaptcha'

export default withHCaptcha((req, res) => {
  res.status(200).json({ name: 'John Doe' })
})

Configuration

Configuration is done by passing options object as second withHCaptcha function call argument.

Default options with all properties explained:

const defaultOptions = {
  // HCaptcha token verification url. Read more at
  // https://docs.hcaptcha.com/#verify-the-user-response-server-side
  captchaVerifyUrl: 'https://hcaptcha.com/siteverify',
  // Whether to pass request ip address or not
  // The ip resolving is done by checking cf-connecting-ip, x-forwarded-for headers
  // or evetually request.socket.remoteAddress property
  // (if the two mentioned earlier are undefined).
  passRequestIpAddress: false,
  // Whether to skip HCaptcha requests optimization or not.
  // Requests optimization are simple static checks if some
  // properties from the payload exist and if they are not empty.
  skipCaptchaRequestsOptimization: false,
  // Whether to throw when HCaptcha response is considered invalid.
  // (success property is false or score is not met when threshold is set)
  exceptions: false,
  // Whether to clean h-captcha-response and g-recaptcha-response from body
  // from intercepted Next.js request object. Useful when next-hcaptcha is
  // part of middleware chain and you dont want these props e.g. in validation layer
  cleanInterception: true,
  // Error display mode. If set to 'message', it will show error's descriptions
  // from https://docs.hcaptcha.com/#siteverify-error-codes-table. If set to 'code' it will
  // show the error code instead.
  errorDisplayMode: 'message',
  // Whether to forward HCaptcha response parameters to Next.js API Route handler request parameter.
  // Accessible under request.hcaptcha (for TypeScript users - there is NextApiRequestWithHCaptcha type).
  // Forwarded only if HCaptcha response is success and (when specified) if passed `enterprise.scoreThreshold` check.
  forwardCaptchaResponse: false,
  // Features that works only if you have HCaptcha enterprise
  enterprise: {
    // Minimum score threshold. Value between 1 (bot) and 0 (human).
    // If scoreThreshold is specified, and no score is returned from HCaptcha
    // response - it will result in an exception.
    scoreThreshold: null,
  },
  // Env vars names object. Key is type of env var and value is your custom name.
  // Value can be any string as long as it matches your .env* file.
  envVarNames: { secret: 'HCAPTCHA_SECRET' },
}

Configuration sharing

Configuration sharing can be done by creating next-hcaptcha.config.js in root of your Next.js project and simply importing it and passing as argument in every (or specific) route(s).

next-hcaptcha.config.js

const config = {
  // ...
}

export default config

pages/api/your-route.js

import { withHCaptcha } from 'next-hcaptcha'
import config from '../../next-hcaptcha.config'

export default withHCaptcha((req, res) => {
  res.status(200).json({ name: 'John Doe' })
}, config)

Errors

next-hcaptcha informs about errors as described in the official HCaptcha docs with some (i believe) tweaks.

NOTE: Error optimization described in point 2. and 3. can be disabled by setting skipCaptchaRequestsOptimization in configuration to true and way of informing about errors described in point 1. can be restored to traditional way by setting errorDisplayMode to 'code'

  1. Error messages (descriptions in docs) are shown directly instead of informing about the error code. This has purpose of improving overall work with the library and reduce eventual frustration caused by jumping between loads of documentation.

  2. missing-input-secret is handled by the library before sending request to HCaptcha verification endpoint by checking sanity of HCAPTCHA_SECRET environment variable. and results in runtime exception.

  3. missing-input-response is also handled by the library before sending request to HCaptcha verification endpoint and results in standard error respecting the first point.

  4. If enterprise.scoreThreshold is specified and no score is returned from HCaptcha API, it will result in runtime exception.

Ending speech

This project is licensed under the MIT license. All contributions are welcome.