A no-nonsense CAPTCHA system with seamless UX | Backend component
Find a file
Aravinth Manivannan 8bed3cb352
Merge pull request #121 from mCaptcha/feat-percentile
compute percentile on analytics records
2023-11-04 20:32:28 +00:00
.github fix: re-enable bin publishing with 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73 GPG key 2023-10-30 09:29:48 +05:30
.reuse feat: init reuse tool 2023-07-03 23:19:38 +05:30
config feat: schedule mCaptcha/survey registration and uploads 2023-10-20 01:48:59 +05:30
db feat: create individual databases for each test 2023-11-05 01:17:42 +05:30
docs chore: CI: update base node version 2023-10-29 03:32:06 +05:30
LICENSES feat: annotate license headers using reuse on text source files 2023-07-03 23:19:51 +05:30
scripts fix: re-enable bin publishing with 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73 GPG key 2023-10-30 09:29:48 +05:30
src feat: expose percentile scores for all analyis records through API 2023-11-05 01:20:49 +05:30
static chore: update swagger UI 2023-10-28 14:59:44 +05:30
templates feat: link to mCaptcha net blog post from the captcha creation form 2023-11-02 04:33:32 +05:30
utils/cache-bust chore: use libmcaptcha and libcachebust from crates.io 2023-10-17 01:04:44 +05:30
.dockerignore fix: get rid of caching 2023-10-16 20:04:19 +05:30
.env_sample feat: database methods to compute percentiles on analysis records 2023-11-05 00:48:26 +05:30
.eslintrc.js frontend linting 2021-10-08 15:24:29 +05:30
.gitignore chore: use libmcaptcha and libcachebust from crates.io 2023-10-17 01:04:44 +05:30
.nvmrc feat: use node@v20 2023-10-29 06:27:15 +05:30
build.rs chore: bump sqlx to 0.7 2023-10-16 21:15:44 +05:30
Cargo.lock feat: read survey uploader's settings 2023-10-19 09:59:29 +05:30
Cargo.toml feat: read survey uploader's settings 2023-10-19 09:59:29 +05:30
CHANGELOG.md fix: update env var names in docker-compose with the latest names 2023-10-18 13:27:59 +05:30
code_of_conduct.md added code_of_conduct.md 2021-05-02 18:13:13 +05:30
Cross.toml cache control 2021-05-30 17:55:11 +05:30
docker-compose.yml fix: update env var names in docker-compose with the latest names 2023-10-18 13:27:59 +05:30
Dockerfile chore: update base node version 2023-10-28 15:00:25 +05:30
jest.config.ts chore: update rust and js deps 2023-07-02 22:05:23 +05:30
LICENSE.md licence 2021-03-09 17:49:20 +05:30
Makefile fix: cache busting metadata is stored in libcachebust_data.json 2023-10-17 15:47:15 +05:30
package-lock.json chore: update rust and js deps 2023-07-02 22:05:23 +05:30
package.json feat: progress bar and incremental PoW generation 2023-10-29 06:28:21 +05:30
README.md Typo in README.md 2023-05-30 12:47:41 +02:00
rustfmt.toml get notifications 2021-05-10 15:38:09 +05:30
sailfish.toml chore: upgrade sailfish 2022-05-08 17:57:29 +05:30
tsconfig.json Load pow-sha256 polyfill to support browsers that aren't capable of 2021-12-08 14:52:06 +05:30
webpack.config.js chore: migrate dart-sass to sass 2022-05-08 17:36:49 +05:30
yarn.lock feat: progress bar and incremental PoW generation 2023-10-29 06:28:21 +05:30

mcaptcha logo

mCaptcha

Proof of work based, privacy respecting CAPTCHA system with a kickass UX.

Documentation Build Docker dependency status codecov
AGPL License Chat

STATUS: ACTIVE DEVELOPMENT

Skip to demo

mCaptcha is a privacy respecting, free CAPTCHA system with a kickass UX. Your users no longer have to interact with ridiculous image-based CAPTCHA system, wasting precious mental bandwidth. Instead, your computer will do the work for you, see for yourself!

How does it work?

mCaptcha uses SHA256 based proof-of-work (PoW) to rate limit users.

When a user wants to do something on a mCaptcha-protected website,

  1. they will have to generate proof-of-work (a bunch of math that will takes time to compute) and submit it to mCaptcha.

  2. We'll validate the proof:

    • if validation is unsuccessful, they will be prevented from accessing their target website
    • if validation is successful, read on,
  3. They will be issued a token that they should submit along with their request/form submission to the target website.

  4. The target website should validate the user-submitted token with mCaptcha before processing the user's request.

The whole process is automated from the user's POV. All they have to do is click on a button to initiate the process.

mCaptcha makes interacting with websites (computationally) expensive for the user. A well-behaving user will experience a slight delay (no delay when under moderate load to 2s when under attack; PoW difficulty is variable) but if someone wants to hammer your site, they will have to do more work to send requests than your server will have to do to respond to their request.

Why use mCaptcha?

  • Free software, privacy focused
  • Seamless UX - No more annoying CAPTCHAs!
  • No tracking: Our CAPTCHA routes are cookie free!
  • IP address independent: your users are behind a NAT? We got you covered!
  • Resistant to replay attacks: proof-of-work configurations have short lifetimes (30s) and can be used only once. If a user submits a PoW to an already used configuration or an expired one, their proof will be rejected.

Demo

Client-side widget:

mCaptcha's UX is super silent, solving CAPTCHAs have never been more easier. One click and you are on your way. To observe mCaptcha in action, open dev tools and monitor console and network activity.

  1. Link to widget

  2. Video:

Demo servers are available at:

Core functionality is working but it's still very much work-in-progress. Since we don't have a stable release yet, hosted demo servers might be a few versions behind master. Please check footer for build commit.

Feel free to provide bogus information while signing up (project under development, database frequently wiped).

Self-hosted:

Clone the repo and run the following from the root of the repo:

git clone https://github.com/mCaptcha/mCaptcha.git
docker-compose up -d

After the containers are up, visit http://localhost:7000 and login with the default credentials:

  • username: aaronsw
  • password: password

It takes a while to build the image so please be patient :)

See DEPLOYMENT.md for detailed alternate deployment methods.

Development:

See HACKING.md

Deployment:

See DEPLOYMENT.md

Configuration:

See CONFIGURATION.md

Funding

NLnet

NLnet NGIZero logo

2023 development is funded through the NGI0 Entrust Fund, via NLnet. Please see here for more details.