Google Cloud reCaptcha - rishavry/WorksPresentation GitHub Wiki

  • reCAPTCHA is a powerful bot blocker that protects websites from spam, abuse, and fraud. It works by analyzing user behavior and other factors to determine if an action is being performed by a human or a bot.

  • Specifically, I will be using the invisible reCaptcha to frictionlessly prevent bots from logging in.

  • Below are the steps I would take to use it effectively.

    1. Go to Google Cloud console, go into the Megagram project(id: 'megagram-461821') if not already, and enter 'reCaptcha' in the search-bar. Scroll down to click '+ Create key'.

    2. Enter the following details to create the key (not literally): Display-Name -> Project-Name, Application type -> Web, Domain-List -> [domain-of-website-with-recaptcha.com]

    3. The newly generated reCaptcha will have an ID. Let's assume it is 6Ld7ylQrAAAAAEaMf9cY0eq2TKUveX4pp0m4x5KR. To enable it, add this to the head-tag of the page's html-file:

    <script src='https://www.google.com/recaptcha/enterprise.js?render=6Ld7ylQrAAAAAEaMf9cY0eq2TKUveX4pp0m4x5KR'></script>
    1. Implement the following method in the script of the website, which will be called after the user clicks the 'login' button, for example:
    async function onClickingLoginButton() {
    grecaptcha.enterprise.ready(async () => {
        const token = await grecaptcha.enterprise.execute('6Ld7ylQrAAAAAEaMf9cY0eq2TKUveX4pp0m4x5KR', {action: 'LOGIN'});
        postOptions.body.token = token
        postOptions.body = JSON.stringify(postOptions.body)
        
        //via an API-request that uses HTTPS, send the token to the backend so that it can get the score and assess
        //from that whether or not the login-attempt is made by a human
    });
}
    1. Implement this service method in the backend:
    from google.cloud import recaptchaenterprise_v1
from google.cloud.recaptchaenterprise_v1 import Assessment


def verify_recaptcha_token(specified_action, token):
    client = recaptchaenterprise_v1.RecaptchaEnterpriseServiceClient()

    event = recaptchaenterprise_v1.Event()
    event.site_key = 6Ld7ylQrAAAAAEaMf9cY0eq2TKUveX4pp0m4x5KR
    event.token = token

    assessment = recaptchaenterprise_v1.Assessment()
    assessment.event = event

    request = recaptchaenterprise_v1.CreateAssessmentRequest()
    request.assessment = assessment
    request.parent = 'projects/google-cloud-project-name'

    response = client.create_assessment(request)

    if not response.token_properties.valid:
        return 'Invalid token'

    if response.token_properties.action != specified_action:
        return 'Invalid action'
    else:
        score = response.risk_analysis.score
        if score > 0.7:
            return 'Hello human :)'
        return 'Goodbye bot :)'
⚠️ **GitHub.com Fallback** ⚠️