aryehraber/statamic-captcha 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

aryehraber/statamic-captcha

Composer 安装命令:

composer require aryehraber/statamic-captcha

包简介

Protect your Statamic forms using a Captcha service

README 文档

README

Protect your Statamic forms using a Captcha service.

This addon allows you to protect your Statamic forms using any of the following services:

After the initial setup, all you need to do is add the {{ captcha }} tag inside your forms, easy peasy!

Installation

Install the addon via composer:

composer require aryehraber/statamic-captcha

Publish the config file:

 php please vendor:publish --tag=captcha-config

Alternately, you can manually setup the config file by creating captcha.php inside your project's config directory:

<?php

return [
    'service' => 'Recaptcha', // options: Recaptcha / Hcaptcha / Turnstile / Altcha
    'sitekey' => env('CAPTCHA_SITEKEY', ''),
    'secret' => env('CAPTCHA_SECRET', ''),
    'forms' => [],
    'user_login' => false,
    'user_registration' => false,
    'disclaimer' => '',
    'invisible' => false,
    'hide_badge' => false,
    'enable_api_routes' => false,
    'custom_should_verify' => null,
];

Once the config file is in place, make sure to add your sitekey & secret from Recaptcha's Console, hCaptcha's Console, Cloudflare's Dashboard or Altcha's Docs and add the handles of the Statamic Forms you'd like to protect:

<?php

return [
    'service' => 'Recaptcha', // options: Recaptcha / Hcaptcha / Turnstile / Altcha
    'sitekey' => 'YOUR_SITEKEY_HERE', // Or add to .env
    'secret' => 'YOUR_SECRET_HERE', // Or add to .env
    'forms' => ['contact', 'newsletter'],
    // ...
];

If you would like Captcha to verify ALL forms without having to specify each one in the forms config array, you may use the all option instead.

Note: this should replace the array and be set as a string.

<?php

return [
    'forms' => 'all',
    // ...
];

Usage

<head>
    <title>My Awesome Site</title>

    {{ captcha:head }}
</head>
<body>
    {{ form:contact }}

        <!-- Add your fields like normal -->

        {{ captcha }}

        {{ if error:captcha }}
            <p>{{ error:captcha }}</p>
        {{ /if }}

    {{ /form:contact }}
</body>

This will automatically render the Captcha element on the page. After the form is submitted, the addon will temporarily halt the form from saving while the Captcha service verifies that the request checks out. If all is good, the form will save as normal, otherwise an error will be added to the {{ errors }} object.

Invisible Captcha

Simply set invisible to true inside Captcha's config (Turnstile handles invisibility from Cloudflares's Dashboard, so no Captcha config changes are needed). To hide the sticky Recaptcha badge, make sure to also set hide_badge to true.

Note: using Invisible Captcha will require you to display links to the Captcha service's Terms underneath the form, to make this easier use {{ captcha:disclaimer }}. This message can be customised using the disclaimer option inside Captcha's config, however sensible defaults have been added that will automatically switch depending on the Captcha service you're using.

User Registration & Login

Captcha can also verify User Registration & User Login form requests, simply set user_registration / user_login to true inside Captcha's config and use the {{ captcha }} tag as normal inside Statamic's {{ user:register_form }} / {{ user:login_form }} tags.

Data Attributes

Some of the Captcha services offer additional features, such as light/dark mode and sizing options, via data attributes. These can simply be added to the Captcha tag and will be passed through to the client-side widget.

{{ captcha data-theme="dark" data-size="compact" }}

Conditional Captcha

You can now conditionally render Captcha only when it is enabled for the given form. This is especially useful when using dynamic or shared form templates.

Use the captcha:is_enabled tag as a boolean:

{{ if {captcha:is_enabled form="contact"} }}
    {{ captcha }}
{{ /if }}

This checks your Captcha configuration and only outputs the Captcha fields when appropriate, it will always return true if your forms config is set to all.

Translations

This package is localized to English and German. If you need translations in another language, you can create them yourself:

  • Create the translations file in resources/lang/vendor/statamic-captcha/{language}/messages.php.
  • You can use the English translation file as a blueprint.
  • You are welcome to share your translations here by submitting a PR.

If you want to change existing messages, you can publish and override them:

php please vendor:publish --tag="captcha-translations"

Advanced

Custom "Should Verify" Logic

You can provide additional custom logic to determine if verification should be attempted using a custom invokable class. This is useful to adjust Captcha's shouldVerify check to include app-specific behaviour, for example: only enforcing Captcha for guest users and bypassing it for logged-in users.

To get started, create an invokable class within your app, and add it as the custom_should_verify property in your config:

<?php

return [
    // ...
    'custom_should_verify' => \App\Support\MyCustomShouldVerify::class,
];

This invokable class must implement the \AryehRaber\Captcha\Contracts\CustomShouldVerify interface, which enforces that an event param gets passed into the invoke method and subsequently returns an optional boolean. To stop Captcha's shouldVerify method from getting called, the invoke method must return false, otherwise returning true (or null) will continue Captcha's verification logic.

Note: this custom class is resolved via Laravel's container, meaning dependency injection is available via the constructor.

<?php

namespace App\Support;

use AryehRaber\Captcha\Contracts\CustomShouldVerify;

class MyCustomShouldVerify implements CustomShouldVerify
{
    public function __invoke($event): ?bool
    {
        // bypass verification for authenticated users
        if (auth()->check()) {
            return false;
        }

        // bypass verification on dev environment
        if (app()->environment('dev')) {
            return false;
        }

        // bypass verification based on event form submission
        if ($event instanceof \Statamic\Events\FormSubmitted) {
            // return $event->submission;
        }

        // bypass verification based on login event
        if ($event instanceof \Illuminate\Auth\Events\Login) {
            // return $event->user;
        }

        // bypass verification based on user registration event
        if ($event instanceof \Statamic\Events\UserRegistering) {
            // return $event->user;
        }

        // bypass verification based on entry saving event
        if ($event instanceof \Statamic\Events\EntrySaving) {
            // return $event->entry;
        }
    }
}

aryehraber/statamic-captcha 适用场景与选型建议

aryehraber/statamic-captcha 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 207.72k 次下载、GitHub Stars 达 17, 最近一次更新时间为 2020 年 08 月 21 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「recaptcha」 「Forms」 「captcha」 「statamic」 「hcaptcha」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 aryehraber/statamic-captcha 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 aryehraber/statamic-captcha 我们能提供哪些服务?
定制开发 / 二次开发

基于 aryehraber/statamic-captcha 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 207.72k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 17
  • 点击次数: 25
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 17
  • Watchers: 1
  • Forks: 14
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2020-08-21