My server is highly targeted by automated spam signups. I've been countering that by having manually approved registrations, but that's not a situation I like.

I'm trying to implement hCaptcha (a better alternative privacy-wise to Google's reCAPTCHA) on my server. The current state is that the form always gets rejected and there's no error message for failing to validate it. Check it out if you're interested or wanna help out

The hCaptcha gem is forked from the reCAPTCHA one, and works in an identical way, so if one would like for some reason to use the latter, it would be pretty easy to adapt.

If you wanna test it out on your end, you have to set the HCAPTCHA_SITE_KEY and HCAPTCHA_SECRET_KEY variables in your .env.production file

Show thread

The roadmap is:

- getting it to actually work
- add a message when the form fails when the captcha hasn't passed
- make it look nicer by centering the captcha relative to the forms

When that's done I'll push it to

After this I'll try to make it into a toggle that can be enabled or disabled, document the variables somewhere, and maybe I'll make it into a pull request to glitch-soc if they want it

Show thread

oooh yes it works. Now to make it look good and have an error message

Show thread

I need a little help here, I’m poking around but I have no idea where I could start to add a message when the captcha verification has failed

Show thread

For the first time actually touching Mastodon’s code, I’m pretty proud of what I’ve managed to do so far.

hCaptcha is fully integrated to Mastodon and is functional.

Still to do:
- error message when the verification fails (still figuring how to do this out)
- change it being a togglable feature in the admin panel to one that automatically enables and disable itself depending on the presence of the site and secret keys in the environment file

Show thread

I really can't figure out the error part even though I'm sure it should be pretty easy, so I'm taking a way from this for now

Show thread

I made the pull request to glitch-soc:

However there are a few stylistic hiccups and other stuff that needs fixing. I have personal obligations lately that make me unable to work on this for now, but I’ll get back to it whenever I can.

When it’s cleaned up enough for glitch-soc I’ll look into adapting it for upstream Mastodon and see how that goes

Show thread

@Siphonay so you don't know how to pass a variable to a template or?..
in any case, you seem to find your way around better than me

@charlag I’m just super unfamiliar with the codebase, if I figured out where everything is by poking around I’d do it just fine, that’s how I’ve mostly been doing until now, I could just use a push in the right direction


Try Winograd captcha, it's pretty effective and actually quite entertaining for the user. I have an implementation for Django but not yet published, general Python code is public domain

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!