Add hcaptcha support besides Google ReCaptcha

clientapi/routing/auth_fallback.go

@@ -31,8 +31,7 @@ const recaptchaTemplate = `
 <title>Authentication</title>
 <meta name='viewport' content='width=device-width, initial-scale=1,
     user-scalable=no, minimum-scale=1.0, maximum-scale=1.0'>
-<script src="https://www.google.com/recaptcha/api.js"
-    async defer></script>
+<script src="{{.apiJsUrl}}" async defer></script>
 <script src="//code.jquery.com/jquery-1.11.2.min.js"></script>
 <script>
 function captchaDone() {
@@ -51,8 +50,8 @@ function captchaDone() {
         Please verify that you're not a robot.
         </p>
 		<input type="hidden" name="session" value="{{.session}}" />
-        <div class="g-recaptcha"
-            data-sitekey="{{.siteKey}}"
+        <div class="{{.sitekeyClass}}"
+            data-sitekey="{{.sitekey}}"
             data-callback="captchaDone">
         </div>
         <noscript>
@@ -114,9 +113,12 @@ func AuthFallback(
 
 	serveRecaptcha := func() {
 		data := map[string]string{
-			"myUrl":   req.URL.String(),
-			"session": sessionID,
-			"siteKey": cfg.RecaptchaPublicKey,
+			"myUrl":        req.URL.String(),
+			"session":      sessionID,
+			"apiJsUrl":     cfg.RecaptchaApiJsUrl,
+			"sitekey":      cfg.RecaptchaPublicKey,
+			"sitekeyClass": cfg.RecaptchaSitekeyClass,
+			"formField":    cfg.RecaptchaFormField,
 		}
 		serveTemplate(w, recaptchaTemplate, data)
 	}
@@ -155,7 +157,7 @@ func AuthFallback(
 				return &res
 			}
 
-			response := req.Form.Get("g-recaptcha-response")
+			response := req.Form.Get(cfg.RecaptchaFormField)
 			if err := validateRecaptcha(cfg, response, clientIP); err != nil {
 				util.GetLogger(req.Context()).Error(err)
 				return err

clientapi/routing/register.go

@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"net/url"
 	"regexp"
@@ -336,6 +337,7 @@ func validateRecaptcha(
 	response string,
 	clientip string,
 ) *util.JSONResponse {
+	ip, _, _ := net.SplitHostPort(clientip)
 	if !cfg.RecaptchaEnabled {
 		return &util.JSONResponse{
 			Code: http.StatusConflict,
@@ -355,7 +357,7 @@ func validateRecaptcha(
 		url.Values{
 			"secret":   {cfg.RecaptchaPrivateKey},
 			"response": {response},
-			"remoteip": {clientip},
+			"remoteip": {ip},
 		},
 	)
 

dendrite-sample.monolith.yaml

@@ -179,7 +179,13 @@ client_api:
   recaptcha_public_key: ""
   recaptcha_private_key: ""
   recaptcha_bypass_secret: ""
-  recaptcha_siteverify_api: ""
+
+  # To use hcaptcha.com instead of ReCAPTCHA, set the following parameters, otherwise just keep them empty.
+  # recaptcha_siteverify_api: "https://hcaptcha.com/siteverify"
+  # recaptcha_api_js_url: "https://js.hcaptcha.com/1/api.js"
+  # recaptcha_form_field: "h-captcha-response"
+  # recaptcha_sitekey_class: "h-captcha"
+
 
   # TURN server information that this homeserver should send to clients.
   turn:

dendrite-sample.polylith.yaml

@@ -175,7 +175,13 @@ client_api:
   recaptcha_public_key: ""
   recaptcha_private_key: ""
   recaptcha_bypass_secret: ""
-  recaptcha_siteverify_api: ""
+
+  # To use hcaptcha.com instead of ReCAPTCHA, set the following parameters, otherwise just keep them empty.
+  # recaptcha_siteverify_api: "https://hcaptcha.com/siteverify"
+  # recaptcha_api_js_url: "https://js.hcaptcha.com/1/api.js"
+  # recaptcha_form_field: "h-captcha-response"
+  # recaptcha_sitekey_class: "h-captcha"
+
 
   # TURN server information that this homeserver should send to clients.
   turn:

setup/config/config_clientapi.go

@@ -32,6 +32,12 @@ type ClientAPI struct {
 	// Boolean stating whether catpcha registration is enabled
 	// and required
 	RecaptchaEnabled bool `yaml:"enable_registration_captcha"`
+	// Recaptcha api.js Url, for compatible with hcaptcha.com, etc.
+	RecaptchaApiJsUrl string `yaml:"recaptcha_api_js_url"`
+	// Recaptcha div class for sitekey, for compatible with hcaptcha.com, etc.
+	RecaptchaSitekeyClass string `yaml:"recaptcha_sitekey_class"`
+	// Recaptcha form field, for compatible with hcaptcha.com, etc.
+	RecaptchaFormField string `yaml:"recaptcha_form_field"`
 	// This Home Server's ReCAPTCHA public key.
 	RecaptchaPublicKey string `yaml:"recaptcha_public_key"`
 	// This Home Server's ReCAPTCHA private key.
@@ -75,6 +81,18 @@ func (c *ClientAPI) Verify(configErrs *ConfigErrors, isMonolith bool) {
 		checkNotEmpty(configErrs, "client_api.recaptcha_public_key", c.RecaptchaPublicKey)
 		checkNotEmpty(configErrs, "client_api.recaptcha_private_key", c.RecaptchaPrivateKey)
 		checkNotEmpty(configErrs, "client_api.recaptcha_siteverify_api", c.RecaptchaSiteVerifyAPI)
+		if c.RecaptchaSiteVerifyAPI == "" {
+			c.RecaptchaSiteVerifyAPI = "https://www.google.com/recaptcha/api/siteverify"
+		}
+		if c.RecaptchaApiJsUrl == "" {
+			c.RecaptchaApiJsUrl = "https://www.google.com/recaptcha/api.js"
+		}
+		if c.RecaptchaFormField == "" {
+			c.RecaptchaFormField = "g-recaptcha"
+		}
+		if c.RecaptchaSitekeyClass == "" {
+			c.RecaptchaSitekeyClass = "g-recaptcha-response"
+		}
 	}
 	// Ensure there is any spam counter measure when enabling registration
 	if !c.RegistrationDisabled && !c.OpenRegistrationWithoutVerificationEnabled {