The LibreCaptcha framework, for self-hosted, privacy respecting CAPTCHAs

Go to file

hrj 72f092e6b5 run sbt assembly in CI		2021-04-02 15:35:52 +05:30
.github/workflows	run sbt assembly in CI	2021-04-02 15:35:52 +05:30
client	Conflict resolution	2019-06-09 14:04:25 +05:30
data	Move config file to data dir	2021-03-29 15:30:12 +05:30
lib	updated h2 to latest version	2020-07-04 17:26:19 +05:30
project	bump dependency and plugin versions	2021-04-01 17:02:16 +05:30
samples	added some sample captcha images	2019-06-08 11:42:29 +05:30
scripts	modularise the test	2020-07-05 00:48:20 +05:30
src/main	fix deprecation warnings	2021-04-01 17:02:33 +05:30
tests	Update locustfile	2021-03-02 21:34:58 +05:30
.gitignore	Refactor modules (#56 )	2021-02-24 15:21:16 +05:30
.scalafix.conf	Linter and Formatter support (#58 )	2021-02-25 23:49:39 +05:30
.scalafmt.conf	Linter and Formatter support (#58 )	2021-02-25 23:49:39 +05:30
.travis.yml	Linter and Formatter support (#58 )	2021-02-25 23:49:39 +05:30
Dockerfile	Swap alpine with alpine-jre for base runner image	2021-03-31 18:39:05 +05:30
LICENSE	Initial commit	2018-01-02 10:57:01 +05:30
README.md	Update readme with an API test example	2021-04-01 20:39:21 +05:30
Runner.Dockerfile	runner docker file: fix path	2021-04-01 13:05:07 +05:30
build.sbt	downgrade scrimage as the latest version doesn't assemble cleanly	2021-04-01 17:32:45 +05:30
docker-compose.yml	docker compose: use published image instead of local build	2021-04-01 13:24:01 +05:30

README.md

LibreCaptcha

LibreCaptcha is a framework that allows developers to create their own CAPTCHAs. The framework defines the API for a CAPTCHA generator and takes care of mundane details such as:

An HTTP interface for serving CAPTCHAs
Background workers to pre-compute CAPTCHAs and to store them in a database
Managing secrets for the CAPTCHAs (tokens, expected answers, etc)
Safe re-impressions of CAPTCHA images (by creating unique tokens for every impression)
Garbage collection of stale CAPTCHAs
Sandboxed plugin architecture (TBD)

Some sample CAPTCHA generators are included in the distribution (see below). We will continue adding more samples to the list. For quick deployments the samples themselves might be sufficient. Projects with more resources might want create their own CAPTCHAs and use the samples as inspiration. See the CAPTCHA creation guide.

Quick start with Docker

Using docker-compose:

git clone https://github.com/librecaptcha/lc-core.git
docker-compose up

Using docker:

docker run -v lcdata:/lc-core/data librecaptcha/lc-core:latest

A default config.json is automatically created in the mounted volume.

To test the installation, try:

> $ curl -d '{"media":"image/png","level":"easy","input_type":"text"}' localhost:8888/v1/captcha
{"id":"3bf928ce-a1e7-4616-b34f-8252d777855d"}

> $ curl "localhost:8888/v1/media?id=3bf928ce-a1e7-4616-b34f-8252d777855d" -o sample.png

> $ file sample.png
sample.png: PNG image data, 350 x 100, 8-bit/color RGB, non-interlaced

The API endpoints are described below.

Configuration

If a config.json file is not present in the data/ folder, the app creates one, and this can be modified to customize the app features, such as which CAPTCHAs are enabled and their difficulty settings.

More details can be found in the wiki

Why LibreCaptcha?

Eliminate dependency on a third-party

An open-source CAPTCHA framework will allow anyone to host their own CAPTCHA service and thus avoid dependencies on third-parties.

Respecting user privacy

A self-hosted service prevents user information from leaking to other parties.

More variety of CAPTCHAs

Ain't it boring to identify photos of buses, store-fronts and traffic signals? With LibreCaptcha, developers can create CAPTCHAs that suit their application and audience, with matching themes and looks.

And, the more the variety of CAPTCHAS, the harder it is for bots to crack CAPTCHAs.

Sample CAPTCHAs

FilterCaptcha

An image of a random string of alphabets is created. Then a series of image filters that add effects such as Smear, Diffuse, and Ripple are applied to the image to make it less readable.

RainDropsCaptcha

BlurCaptcha

An image of a word is blurred before being shown to the user.

LabelCaptcha

An image that has a pair of words is created. The answer to one of the words is known and to that of the other is unknown. The user is tested on the known word, and their answer to the unknown word is recorded. If a sufficient number of users agree on their answer to the unknown word, it is transferred to the list of known words.

HTTP API

- `/v1/captcha`: `POST`

Parameters:
- level: String - The difficulty level of a captcha
  - easy
  - medium
  - hard
- input_type: String - The type of input option for a captcha
  - text
  - (More to come)
- media: String - The type of media of a captcha
  - image/png
  - image/gif
  - (More to come)
- size: Map - The dimensions of a captcha (Optional). It needs two more fields nested in this parameter
  - height: Int
  - width: Int
Return type:
- id: String - The uuid of the captcha generated

- `/v1/media`: `GET`

Parameters:
- id: String - The uuid of the captcha
Return type:
- image: Array[Byte] - The requested media as bytes

- `/v1/answer`: `POST`

Parameter:
- id: String - The uuid of the captcha that needs to be solved
- answer: String - The answer to the captcha that needs to be validated
Return Type:
- result: String - The result after validation/checking of the answer
  - True - If the answer is correct
  - False - If the answer is incorrect
  - Expired - If the time limit to solve the captcha exceeds

Roadmap

Things to do in the future:

Sandboxed plugin architecture
Audio CAPTCHA samples
Interactive CAPTCHA samples