napa3um / node-captcha Goto Github PK

View Code? Open in Web Editor NEW

135.0 4.0 44.0 21 KB

Simple captcha for Node.JS and Express.

License: MIT License

JavaScript 100.00%

captcha javascript node-module

node-captcha's Introduction

Captcha

Simple captcha for Express.

WARNING! New API (0.0.5 -> 0.1.0)

Installation

Via npm:

$ npm install captcha

Usage (for Express 4)

'use strict'

const express = require('express')
const session = require('express-session')
const bodyParser = require('body-parser')

const captchaUrl = '/captcha.jpg'
const captchaId = 'captcha'
const captchaFieldName = 'captcha'

const captcha = require('./captcha').create({ cookie: captchaId })

const app = express()
app.use(session({
    secret: 'keyboard cat',
    resave: false,
    saveUninitialized: true,
}))
app.use(bodyParser.urlencoded({ extended: false }))

app.get(captchaUrl, captcha.image())

app.get('/', (req, res) => {
    res.type('html')
    res.end(`
        <img src="${ captchaUrl }"/>
        <form action="/login" method="post">
            <input type="text" name="${ captchaFieldName }"/>
            <input type="submit"/>
        </form>
    `)
})

app.post('/login', (req, res) => {
    res.type('html')
    res.end(`
        <p>CAPTCHA VALID: ${ captcha.check(req, req.body[captchaFieldName]) }</p>
    `)
})

app.listen(8080, () => {
    console.log('server started')
})

node-captcha's People

Contributors

Stargazers

Watchers

node-captcha's Issues

How to reload captcha image with different numbers?

Can you please add canvas size option?

I had to patch you lib in order to change canvas size

Installation Failure

Running npm install --save captcha yields:

> [email protected] install /home/bendulum/Development/xxx/node_modules/canvas
> node-gyp rebuild

Package cairo was not found in the pkg-config search path.
Perhaps you should add the directory containing `cairo.pc'
to the PKG_CONFIG_PATH environment variable
No package 'cairo' found
gyp: Call to './util/has_lib.sh freetype' returned exit status 0 while in binding.gyp. while trying to load binding.gyp
gyp ERR! configure error 
gyp ERR! stack Error: `gyp` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onCpExit (/home/bendulum/.nvm/versions/node/v6.10.3/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:336:16)
gyp ERR! stack     at emitTwo (events.js:106:13)
gyp ERR! stack     at ChildProcess.emit (events.js:191:7)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:215:12)
gyp ERR! System Linux 4.13.0-32-generic
gyp ERR! command "/home/bendulum/.nvm/versions/node/v6.10.3/bin/node" "/home/bendulum/.nvm/versions/node/v6.10.3/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /home/bendulum/Development/xxx/node_modules/canvas
gyp ERR! node -v v6.10.3
gyp ERR! node-gyp -v v3.6.2
gyp ERR! not ok 
npm WARN xxx No repository field.
npm WARN xxx No license field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/bendulum/.npm/_logs/2018-02-03T18_38_55_918Z-debug.log

sudo apt-get install libcairo2-dev does not solve this issue.

I am on KDE neon 5.11 and Node v6.10.3. Any pointers?

Example code implementation errors.

Hi. I was looking over the source and I noticed that right now there might be several implementation errors in your example code:

The problem mentioned in #9 which is easily solved by using secure cookies.
Two problems with the way verification is done (req.body.digits == req.session.captcha)
1. The session.captcha parameter is only set when requesting the captcha image. Therefore a bad guy could just issue a POST /login directly (avoiding the captcha generation) and leave the body.digits to undefined. This effectively makes your code check: undefined == undefined which evaluates to true, granting access.
2. Even after requesting the captcha image, and session.captcha has therefore been set, a bad guy might still remove their session cookie before submitting the form, and leave body.digits undefined. No session cookie sent means no session data looked up means the server is checking undefined == undefined again.

It's all just an implementation problem. It is solved by comparing in a more strict manner:

if(req.session.captcha && req.body.digits === req.session.captcha){
  //Request is valid.
}

However, your sample code doesn't implement it in this manner, but in a manner which will already be avoided by most bots (they tend to make direct requests to an API as explained in i). And since most people will work off the sample code there will probably already be some bad implementations out there.

I recommend that the example code is adjusted quite urgently and perhaps even a captcha.verify()-method exposed so that a user can be sure they're doing it right and potential future errors will get corrected retroactively.

NOTE: I haven't actually tested this theory. It's just some things I noticed skimming over the code while deciding whether to use this library. Do correct me if I'm wrong. :)

app.configure() is no longer part of Express 4.

Check this: https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x
You no longer need to use app.configure and instead you can directly configure express.

Using old version of node-canvas cause build failure

Hi,

Seems with some changes in giflibs, old version of canvas doesn't build anymore, please change canvas to latest version.

TypeError: canvas[method] is not a function

I'm not able to execute the program correctly due the following message error:

node test-server.js
server started
D:\Users\dcarpioc\AppData\Local\Temp\node-captcha\node_modules\canvas\lib\jpegstream.js:44
    canvas[method](options.bufsize, options.quality, options.progressive, function(err, chunk){
                  ^

TypeError: canvas[method] is not a function
    at D:\Users\dcarpioc\AppData\Local\Temp\node-captcha\node_modules\canvas\lib\jpegstream.js:44:19
    at process._tickCallback (internal/process/next_tick.js:112:11)

I'm using:
node v9.8.0
npm 5.6.0

Please help me. Thanks in advance.

fatal error C1083: No se puede abrir el archivo incluir: 'cairo.h'

me sale error al tratar de instalar el modulo

C:\Enide-2015-7-windows-x64-20150706\ws\prueba1>npm install captcha
|
> [email protected] install C:\Enide-2015-7-windows-x64-20150706\ws\prueba1\node_mod
ules\captcha\node_modules\canvas
> node-gyp rebuild


C:\Enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_module
s\canvas>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_
modules\npm\bin\node-gyp-bin\\..\..\node_modules\node-gyp\bin\node-gyp.js" rebui
ld )  else (node  rebuild )
Warning: Missing input files:
C:\GTK\bin\zlib1.dll
C:\GTK\bin\libexpat-1.dll
C:\GTK\bin\libpng14-14.dll
C:\GTK\bin\libcairo-2.dll
C:\GTK\bin\libfontconfig-1.dll
C:\GTK\bin\libfreetype-6.dll
Building the projects in this solution one at a time. To enable parallel build,
please add the "/m" switch.
  Canvas.cc
  CanvasGradient.cc
  CanvasPattern.cc
  CanvasRenderingContext2d.cc
  color.cc
  Image.cc
  ImageData.cc
  init.cc
c:\enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modul
es\canvas\src\Canvas.h(19): fatal error C1083: No se puede abrir el archivo inc
luir: 'cairo.h': No such file or directory (..\src\Canvas.cc) [C:\Enide-2015-7-
windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modules\canvas\build\
canvas.vcxproj]
c:\enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modul
es\canvas\src\Canvas.h(19): fatal error C1083: No se puede abrir el archivo inc
luir: 'cairo.h': No such file or directory (..\src\ImageData.cc) [C:\Enide-2015
-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modules\canvas\bui
ld\canvas.vcxproj]
c:\enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modul
es\canvas\src\Canvas.h(19): fatal error C1083: No se puede abrir el archivo inc
luir: 'cairo.h': No such file or directory (..\src\Image.cc) [C:\Enide-2015-7-w
indows-x64-20150706\ws\prueba1\node_modules\captcha\node_modules\canvas\build\c
anvas.vcxproj]
c:\enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modul
es\canvas\src\Canvas.h(19): fatal error C1083: No se puede abrir el archivo inc
luir: 'cairo.h': No such file or directory (..\src\CanvasPattern.cc) [C:\Enide-
2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modules\canvas
\build\canvas.vcxproj]
c:\enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modul
es\canvas\src\Canvas.h(19): fatal error C1083: No se puede abrir el archivo inc
luir: 'cairo.h': No such file or directory (..\src\CanvasGradient.cc) [C:\Enide
-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modules\canva
s\build\canvas.vcxproj]
c:\enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modul
es\canvas\src\Canvas.h(19): fatal error C1083: No se puede abrir el archivo inc
luir: 'cairo.h': No such file or directory (..\src\init.cc) [C:\Enide-2015-7-wi
ndows-x64-20150706\ws\prueba1\node_modules\captcha\node_modules\canvas\build\ca
nvas.vcxproj]
c:\enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_modul
es\canvas\src\Canvas.h(19): fatal error C1083: No se puede abrir el archivo inc
luir: 'cairo.h': No such file or directory (..\src\CanvasRenderingContext2d.cc)
 [C:\Enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captcha\node_mod
ules\canvas\build\canvas.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: `C:\Program Files (x86)\MSBuild\12.0\bin\msbuild.exe` fail
ed with exit code: 1
gyp ERR! stack     at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\
npm\node_modules\node-gyp\lib\build.js:270:23)
gyp ERR! stack     at emitTwo (events.js:87:13)
gyp ERR! stack     at ChildProcess.emit (events.js:172:7)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_proces
s.js:200:12)
gyp ERR! System Windows_NT 6.1.7601
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodej
s\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Enide-2015-7-windows-x64-20150706\ws\prueba1\node_modules\captch
a\node_modules\canvas
gyp ERR! node -v v4.2.6
gyp ERR! node-gyp -v v3.0.3
gyp ERR! not ok
npm ERR! Windows_NT 6.1.7601
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\
node_modules\\npm\\bin\\npm-cli.js" "install" "captcha"
npm ERR! node v4.2.6
npm ERR! npm  v2.14.12
npm ERR! code ELIFECYCLE

npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script 'node-gyp rebuild'.
npm ERR! This is most likely a problem with the canvas package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node-gyp rebuild
npm ERR! You can get their info via:
npm ERR!     npm owner ls canvas
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR!     C:\Enide-2015-7-windows-x64-20150706\ws\prueba1\npm-debug.log

C:\Enide-2015-7-windows-x64-20150706\ws\prueba1>

como podría solucionar esto?

Alternative methods of use?

Hi there,

I'm trying to use this in an express app, but not having any luck. I've tried the method you've outlined in the README using app.use() but just get a broken image. I then tried using app.get() like so:

app.get('/captcha.jpg', routes.captcha);

and in my routes:

exports.captcha = function(req, res) {
  var captcha = require('captcha');
  captcha({url: '/captcha.jpg', fg:'#0064cd', bg: '#049cdb', interference: '#049cdb'});
};

but just get a perpetual load:

Any guidance you could give on this would be appreciated.

Install canvas issue

344 silly exec sh "-c" "node-gyp rebuild"
345 silly sh,-c,node-gyp rebuild,/var/www/grey/node_modules/captcha/node_modules/canvas spawning
346 info [email protected] Failed to exec install script
347 info /var/www/grey/node_modules/captcha/node_modules/canvas unbuild
348 verbose from cache /var/www/grey/node_modules/captcha/node_modules/canvas/package.json
349 info preuninstall [email protected]
350 info uninstall [email protected]
351 verbose false,/var/www/grey/node_modules,/var/www/grey/node_modules/captcha/node_modules unbuild [email protected]
352 info postuninstall [email protected]
353 verbose about to build /var/www/grey/node_modules/captcha
354 info /var/www/grey/node_modules/captcha unbuild
355 verbose from cache /var/www/grey/node_modules/captcha/package.json
356 info preuninstall [email protected]
357 info uninstall [email protected]
358 verbose true,/var/www/grey/node_modules,/var/www/grey/node_modules unbuild [email protected]
359 info postuninstall [email protected]
360 error [email protected] install: node-gyp rebuild
360 error sh "-c" "node-gyp rebuild" failed with 1
361 error Failed at the [email protected] install script.
361 error This is most likely a problem with the canvas package,
361 error not with npm itself.
361 error Tell the author that this fails on your system:
361 error node-gyp rebuild
361 error You can get their info via:
361 error npm owner ls canvas
361 error There is likely additional logging output above.
362 error System Linux 3.2.0-31-virtual
363 error command "nodejs" "/usr/bin/npm" "install"
364 error cwd /var/www/grey
365 error node -v v0.8.15
366 error npm -v 1.1.66
367 error code ELIFECYCLE
368 verbose exit [ 1, true ]

Bots can get around this captcha system

The captcha answer is sent via cookie. What is the point of having a visual verification if the answer is in plain text? You should hash the answer so bots can't simply parse the it and send it back without ever looking at the captcha. Also in your demo use case you don't check for null==null, which would allow a bot to send a forged log in query.