Skip to content

Commit 0360049

Browse files
committed
docs: update docs for login captcha plugin
AdminForth/778/create-login-captcha-plugin-we
1 parent 8c105c8 commit 0360049

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

adminforth/documentation/docs/tutorial/09-Plugins/19-login-captcha.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,39 @@ plugins: [
4646
]
4747
```
4848

49+
## Preventing token reuse
50+
51+
A captcha token stays valid at the provider for a short period, which means the same token could be replayed for several logins. To prevent this, pass an optional [key-value adapter](/docs/tutorial/Adapters/key-value-adapters) via `keyValueAdapter`. Each token is recorded once it has been used for a successful login, and any later attempt with the same token is rejected.
52+
53+
```bash
54+
pnpm i @adminforth/key-value-adapter-ram
55+
```
56+
57+
```ts title="./resources/adminuser.ts"
58+
// Import the plugin, captcha adapter and a key-value adapter
59+
import CaptchaPlugin from "@adminforth/login-captcha";
60+
import CaptchaAdapterCloudflare from "@adminforth/login-captcha-adapter-cloudflare";
61+
import RamKeyValueAdapter from "@adminforth/key-value-adapter-ram";
62+
63+
...
64+
65+
plugins: [
66+
new CaptchaPlugin({
67+
captchaAdapter: new CaptchaAdapterCloudflare({
68+
siteKey: "YOUR_SITE_KEY", // Replace with your site key
69+
secretKey: "YOUR_SECRET_KEY", // Replace with your secret key
70+
}),
71+
// Store used tokens to prevent them from being replayed
72+
keyValueAdapter: new RamKeyValueAdapter(),
73+
// Optional: how long (in seconds) a used token is remembered. Should be at least as long
74+
// as the captcha provider keeps the token valid. Defaults to 300 (5 minutes).
75+
tokenTimeToLiveSeconds: 300,
76+
}),
77+
]
78+
```
79+
80+
You can use any of the available [key-value adapters](/docs/tutorial/Adapters/key-value-adapters) (RAM, Redis, LevelDB or Resource-based). For multi-process or replicated deployments use a centralized adapter such as Redis, so used tokens are shared across all processes.
81+
4982
## Result
5083

5184
After setting up the plugin, your login page will include a captcha. Below is an example of how it will look:

0 commit comments

Comments
 (0)