friendly-captcha-python/example/main.py at main · FriendlyCaptcha/friendly-captcha-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import json
import os

from fastapi import FastAPI, Form, Request
from fastapi.templating import Jinja2Templates

from friendly_captcha_client.client import (
    FriendlyCaptchaClient,
    FriendlyCaptchaResult,
    RiskIntelligenceRetrieveResult,
)

app = FastAPI()
templates = Jinja2Templates(directory="./templates/")

FRC_SITEKEY = os.getenv("FRC_SITEKEY")
FRC_APIKEY = os.getenv("FRC_APIKEY")

# Optionally we can pass in custom endpoints to be used, such as "eu".
FRC_API_ENDPOINT = os.getenv("FRC_API_ENDPOINT")
# Optional: frontend widget endpoint used for data-api-endpoint.
FRC_WIDGET_ENDPOINT = os.getenv("FRC_WIDGET_ENDPOINT")

if not FRC_SITEKEY or not FRC_APIKEY:
    print(
        "Please set the FRC_SITEKEY and FRC_APIKEY environment values before running this example to your Friendly Captcha sitekey and API key respectively."
    )
    exit(1)

frc_client = FriendlyCaptchaClient(
    api_key=FRC_APIKEY,
    sitekey=FRC_SITEKEY,
    api_endpoint=FRC_API_ENDPOINT,  # Optional, defaults to "global"
    strict=False,
)


def retrieve_risk_intelligence_if_available(token: str) -> None:
    token = (token or "").strip()
    if not token:
        print("No risk intelligence token found in form data, skipping retrieval.")
        return

    result: RiskIntelligenceRetrieveResult = frc_client.retrieve_risk_intelligence(
        token
    )
    if not result.was_able_to_retrieve:
        print("Failed to retrieve risk intelligence:", result.error)
        return

    if not result.is_valid:
        print("Risk intelligence token is invalid:", result.error)
        return

    if result.data is None:
        print("Risk intelligence retrieval succeeded, but no data was returned.")
        return

    if result.data.risk_intelligence_raw is None:
        print("Token was valid, but risk intelligence data was not returned.")
        return

    print("Risk Intelligence Data:")
    print(json.dumps(result.data.risk_intelligence_raw, indent=2))
    print("Token data:")
    print(result.data.token)


@app.get("/")
def read_root(request: Request):
    return templates.TemplateResponse(
        "demo.html",
        {
            "request": request,
            "message": "",
            "sitekey": FRC_SITEKEY,
            "widget_endpoint": FRC_WIDGET_ENDPOINT,
        },
    )


@app.post("/")
def post_form(
    request: Request,
    subject: str = Form(None),
    message: str = Form(None),
    frc_captcha_response: str = Form(..., alias="frc-captcha-response"),
    frc_risk_intelligence_token: str = Form("", alias="frc-risk-intelligence-token"),
):
    retrieve_risk_intelligence_if_available(frc_risk_intelligence_token)

    result: FriendlyCaptchaResult = frc_client.verify_captcha_response(
        frc_captcha_response
    )

    if not result.was_able_to_verify:
        # In this case we were not actually able to verify the response embedded in the form, but we may still want to accept it.
        # It could mean there is a network issue or that the service is down. In those cases you generally want to accept submissions anyhow.
        # That's why we use `should_accept` below to actually accept or reject the form submission. It will return true in these cases.

        if result.is_client_error:
            # Something is wrong with our configuration, check your API key!
            # Send yourself an alert to fix this! Your site is unprotected until you fix this.
            print("CAPTCHA CONFIG ERROR: ", result.error)
        else:
            print("Failed to verify captcha response: ", result.error)

    if not result.should_accept:
        return templates.TemplateResponse(
            "demo.html",
            {
                "request": request,
                "message": "❌ Anti-robot check failed, please try again.",
                "sitekey": FRC_SITEKEY,
                "widget_endpoint": FRC_WIDGET_ENDPOINT,
            },
        )

    # The captcha was OK, process the form.
    subject, message  # Normally we would use the form data here and submit it to our database.

    return templates.TemplateResponse(
        "demo.html",
        {
            "request": request,
            "message": "✅ Your message has been submitted successfully.",
            "sitekey": FRC_SITEKEY,
            "widget_endpoint": FRC_WIDGET_ENDPOINT,
        },
    )