Iris Hosted

Let's Get started

Front-end

to use iris captcha you need to first register a captcha for you domain, then tokens and Ids you need will be produces and you can use it.
add js file at the end of body exactly before it closes.

...
<script src="https://captcha.irisdev.net/js/{:CaptchaUniqID}" > </script>
</body>
                    

Note : if you put it in the header it dose not work because header doesn't have access to body

then use <iris-captcha /> any where you want. for instance

...<form action="path/to/any" method="POST" >
<input type="text" name="Name" ... />
...
<iris-captcha name="irisCaptcha" />
<button type="submit" value="Submit" > </button>
</form>
...

It's required by default.

if you want to check verification status you can call checkValidity() like this


let captchaValidationStatus = document.getElementById("irisCaptcha").checkValidity() // true , false
if( captchaValidationStatus ) {
    axios.post(url,data).then(...)
    ...
}
                        

props

  • name

events

  • onsuccess
  • onerror

Functions

  • checkValidity()
  • reportValidity()

Iris Hosted

Server Side

you have 2 option for user-Response verification,

  1. send the user-Response to Iris-Captcha Server and get the Response. ( old way )
  2. verify the user-Response's Signature Using Published Public-Key (new and recommended )


send to Iris-Captcha Server

you should send a post request to https://captcha.irisdev.net/check whit the body of in the form of form Data.

{
response string   // the User Response that you get it from the posted form - is a JWT
secret   string   // your application Secret provided in your panel at https://my.irisdev.net
remoteip string   // (Optional) the user Remote IP 
}

and the response will be a json like
{     
Code        int     // the Error Code 200 is OK / others shows Error
Message     string  // error Message

hostname    string  // the hostname of the site where the Iris-Captcha was solved
success     bool    // true | false
}


Examples :
PHP
$message = array();
if(isset($_POST)){

    $pcaptcha = $_POST["irisCaptcha"]; // the value of name of iris-captcha tag
    
    $secretKey = "0x1ed50xe8414ae66a37820fe4e277779c"; // your Secret provided in your panel at https://my.irisdev.net

    $url = "https://captcha.irisdev.net";
    $verifyResponse = file_get_contents($url);
    $responseData = json_decode($verifyResponse);
    if(isset($responseData->success) && $responseData->success){
    // Great the user solved Response correctly
    $message["class"] = "alert-success";
    $message["text"] = "success";
    }else{
    // Ops. the user doesn't solved it or response expired 
    $message["class"] = "alert-danger";
    $message["text"] = "something wrong , you doesn't solved the captcha dear bot !!! ";
    }
}

Go
func handleURL(w http.ResponseWriter, r *http.Request) {
    var err error
    var req struct {
        // ...
        IrisCaptcha string `json:"irisCaptcha" form:"irisCaptcha"` // as you defined in front you may need to change it
        // ...
    }
    //read from data or serialized json request

    // generate form data 
    formData := url.Values{}
    formData.Add("response", req.IrisCaptcha)
    formData.Add("secret", "0x1ed50xe8414ae66a37820fe4e277779c") // your Secret provided in your panel at https://my.irisdev.net

    // send request to irisDev server
    resp, err := http.PostForm("https://captcha.irisdev.net/check", formData)
    if err != nil {
        log.Panic(err)
    }

    // read irisDev response body
    bs, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        log.Panic(err)
    }

    // irisDev response Struct
    var response struct {
        Code int `json:"Code"` // the Error Code 200 is OK / others shows Error - Note With Upper Case
        Message string `json:"Message"` // error Message - Note with Upper Case

        Hostname string `json:"hostname"` // the hostname of the site where the Iris-Captcha was solved
        Success bool `json:"success"` // true | false
    }
    err = json.Unmarshal(bs, &response)

    if err != nil {
        log.Panic(err)
    }

    // finally check status
    if response.Success {
        // Great User Solved Captcha Correctly
        w.Write([]byte("Success"))
    }else{
        // Ops. User doesn't solved captcha correctly or session expired
        w.Write([]byte("Error"))
    }

}



Verify Signature with Published Key

the user response is JWT with Algorithm of RS256 with the payload of

{
    "success": true,            // the Captcha Solvation Status - true | false
    "hostname": "example.tld",  // the hostname of the site where the reCAPTCHA was solved ( your hostname )
    "ip": "18.175.68.116",      // the user remote IP
    "exp": 1603318472,          // Expiration Time - Seconds Since Unix epoch 
    "iat": 1603318172           // Issued At - Seconds Since Unix epoch
}
for verification you need published Public-Key which is accessible throw
https://captcha.irisdev.net/publickey
you can get also get and save to file with
curl https://captcha.irisdev.net/publickey > irisCaptcha.pub.pem
or you can manually add as constant in your codes.
then you should parse JWT and validate Signature.


Example:
Go
const PublicKey = `‐‐‐‐‐BEGIN PUBLIC KEY‐‐‐‐‐
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+qPUxi6QYz7T22NdHcI
k3JxGQ4yzgaM+b+ReHHjnxy/o9FQ0bAU8B/jwAWGMAhtFoj6ERmbYEgWwUMy4yJ5
f0EFfrzcbSKkI+lr5LejyjocxxA5PI5tNLPTVrQMC/5kkHpylN5mTmcDFz3zT6EQ
EFJzJ+zRBdoQNIc3CW2WSA5vK2042iZRhOsbTWbxaP0TK+lqbcQSoWRAFBTOA4ZF
6PSTlO84p9M6/JkoyRPDYplVqXq+HMLs9uFHal3rN+KjQ2E7g0poFkvfXgGC0nUh
lMoLQBdSB1yT7oJc9Mua+/4Z1e1ma47d/kNxV+U5GjOfLHfqMo7xcfwocQ7ky+be
MQIDAQAB
‐‐‐‐‐END PUBLIC KEY‐‐‐‐‐`
                    
func handleURL(w http.ResponseWriter, r *http.Request) {
	var err error
	var req struct {
		// ...
		IrisCaptcha string `json:"irisCaptcha" form:"irisCaptcha"` // as you defined in front you may need to change it
		// ...
	}
	//read from data or serialized json request

	var UserResponse struct {
		Success  bool   `json:"success"`
		Hostname string `json:"hostname"`
		IP       string `json:"ip"`
		jwt.StandardClaims
	}
	IrisCaptchaPublicKey, err := x509.ParsePKCS1PublicKey([]byte(PublicKey))
	if err != nil {
		log.Panic(err)
	}
	tkn, err := jwt.ParseWithClaims(req.IrisCaptcha, &UserResponse, func(token *jwt.Token) (interface{}, error) {
		return IrisCaptchaPublicKey, nil
	})
	if err != nil {
		log.Panic(err)
	}
	if !tkn.Valid {
		//Ops . Signature is Invalid
		err = jwt.ErrSignatureInvalid
		log.Panic(err)
		return
	}

	// finally check status
	if UserResponse.Success {
		// recheck expiration Time
		if time.Unix(UserResponse.ExpiresAt, 0).Before(time.Now()) {
			// Great User Solved Captcha Correctly and Time dose not expired
			w.Write([]byte("Success"))
		} else {
			// User Solved Captcha Correctly but It's Expired
			// ! Warning : AVOID OMITING EXPIRATION , BECAUSE AN ANSWER CAN BE USED MULTIPLE TIME
			w.Write([]byte("Error - Session Expired"))
		}
	} else {
		// Ops. User doesn't solved captcha correctly or session expired
		w.Write([]byte("Error"))
	}

}

Self Hosting Captcha

You Can Simply Install Iris Captcha in your server. we have an Installer for it.

for installation instruction follow up the usage tab of your service panel at my.irisdev.net .

Choosing Right Image

the difficulty of your captcha extremely depend on your pictures, choosing simple Image may causes to be solvable for robots .
the picture you choosing shouldn't contains overall corrected lines. take a look at this pictures.

they are solvable for robots because most of the lines and edges in the image shows corrected orientation.
read more at here

in the other hand the images that contain many noises and lines that are meaningful for humans makes the captcha to be harder for bots and easy for humans.
take a look at this pictures.

register to newsletter subscription if you are interested in similar blogs. we are going to get deep

if you are interested in contributing examples in other languages , check out our github account.