This repository demonstrates the implementation of an ALTCHA server with spam filtering using the altcha-lib library. The server provides endpoints for fetching challenges and submitting form data, including verification of Proof-of-Work (PoW) solutions and spam filtering.
- Node.js (v18.x or later)
-
Clone the repository:
git clone https://github.com/altcha-org/altcha-starter-nodejs-ts.git cd altcha-starter-nodejs-ts
-
Install dependencies:
npm install
The server requires the following environment variables for configuration:
ALTCHA_HMAC_KEY
: Secret key used for HMAC in ALTCHA challenge generation (optional, generated if not provided).
You can create a .env
file in the root directory to set these environment variables:
PORT=3000
ALTCHA_HMAC_KEY=your_custom_hmac_key
- Self-Hosted: In fully self-hosted mode, configure your
ALTCHA_HMAC_KEY
(a secure randomly generated key) and utilize theGET /altcha
as achallengeurl
and thePOST /submit
endpoint as the form'saction
. - ALTCHA API without Spam Filter: Configure ALTCHA's API URL as
challengeurl
and thePOST /submit
endpoint as the form'saction
. Configure your API Key's secret asALTCHA_HMAC_KEY
(e.g.,ALTCHA_HMAC_KEY=csec_...
). - ALTCHA API with Spam Filter: Configure ALTCHA's API URL as
challengeurl
and thePOST /submit_spam_filter
endpoint as the form'saction
. Configure your API Key's secret asALTCHA_HMAC_KEY
(e.g.,ALTCHA_HMAC_KEY=csec_...
).
The verifySolution
function is used when verifying a simple Proof-of-Work (PoW) challenge. This is the standard verification method when the Spam Filter is NOT enabled on the ALTCHA widget.
The verifyServerSignature
function is used when the Spam Filter is enabled on the ALTCHA widget. When the Spam Filter is active, the format of the altcha payload changes, and additional verification steps are required to ensure the submission is not spam.
The verifyFieldsHash
function is used to verify the field values using the fieldsHash
property from the verification data. It validates, that the values of the fields have not changed since the Spam Filter classified the fields.
To start the server, run:
npm run dev
The server will be running on the port specified in the configuration (default is 3000).
Fetches a new random challenge to be used by the ALTCHA widget.
- URL:
/altcha
- Method:
GET
- Response: JSON object containing the challenge.
curl http://localhost:3000/altcha
Submits form data and verifies the simple PoW challenge without the spam filter.
- URL:
/submit
- Method:
POST
- Form Data:
altcha
: ALTCHA verification payload.
curl -X POST -F 'altcha=your_verification_payload' http://localhost:3000/submit
Submits form data and verifies the server signature generated by the spam filter.
- URL:
/submit_spam_filter
- Method:
POST
- Form Data:
altcha
: ALTCHA verification payload.
curl -X POST -F 'altcha=your_verification_payload' http://localhost:3000/submit_spam_filter
MIT