Comments (6)
Another viable captchas to consider are:
- captcha crate - This is the one that lemmy uses, but it's quite easy to break and annoying to use as it requires solving a challenge every time as opposed to other proof of work or DDoS detection captchas. Also no API, just pure image generation with the
- Cloudflare Turnstile - Free, closed source, so not really to be trusted, but they claim that they don't harvest any data for ad targeting and the like. The question is if these statements can be trusted?
Anyhow, for me it seems that mCaptcha is the best choice for now, so it'd be the best to implement it first. However, I also think that it'd be useful to have an interface and config variables that allow server admins to choose their preferred captcha provider. What do you think?
from kitsune.
Yeah, I think we should provide an interface similar to what we have for the storage providers.
Abstraction crate with the name kitsune-captcha
and then an internally tagged union via a type
field inside the configuration.
I think a good line-up for an MVP here would be support for mCaptcha
and hCaptcha
.
mCaptcha for more privacy conscious folks and hCaptcha for most others.
About the captcha
crate: I have accessibility concerns. Vision impaired folks might not be able to get through the registration process with that crate and there is no alternative, such as an audio challenge.
hCaptcha offers "accessibility cookies" which is, presumably, a manual application process, but they at least have a solution.
mCaptcha is fully based on proof-of-work, just requiring computation resources, so no accessibility concerns there.
I'm not sure about Cloudflare Turnstile in this area, I never paid attention when I clicked through it to get on websites when using Tor.
I'm gonna check when I get the time, but I'm assuming they either have an audio challenge or an alternative bypass method.
from kitsune.
I'm gonna check when I get the time, but I'm assuming they either have an audio challenge or an alternative bypass method.
Good question actually, from what I've gathered turnstile uses a "managed" mode which runs non-interactive challenges that "include, but are not limited to, proof-of-work, proof-of-space, probing for web APIs, and various challenges for detecting browser-quirks and human behavior".
If that fails, and the site is configured to allow it, then there is an interactive challenge with pressing a button. However, I haven't ever failed at it and I haven't found any info on what happens on a fail in that case. By reading the forums, like this post it seems that Turnstile may flag users who use a keyboard to navigate, for example, which is indeed problematic. I don't know what the scale of this issue is though, I only found this one post.
One thing that I'm sure of though is that mCaptcha and hCaptcha are definitely friendly when it comes to accessibility, so I agree that this should be the target. Turnstile would be a nice-to-have I guess.
If it's okay I can start working on captcha implementation.
from kitsune.
Sure! You can give it a go! You can take inspiration on how to do the multiple backends from either kitsune-storage
or kitsune-search
, since they both have similar approaches.
The approach is:
- Define a trait with common functionality
- Implement the backends
- Use the
enum_dispatch
crate (or manual enum dispatch) to combine them down into a single type
Then you can either write a service wrapper around it or just use it directly. Depends whether you need to add more functionality that more closely falls into the scope of the main binary.
(example: if you need access to the URL service or some configuration, that's where you'd usually write a service wrapper and expose a nice little API on top of that).
As for configuration, it's actually not that difficult. We use an internally tagged enum to differentiate between the backends. That's pretty much it.
You can find examples in the config.rs
module with either the cache or the search backend.
from kitsune.
(just assigned you the issue for organization sake. Not that the issues are really well organized, but oh well)
from kitsune.
Alright, thanks for the tips! Looking at kitsune-storage
it does look well-organized and like a good template to start
from kitsune.
Related Issues (20)
- Switch from `deadpool-redis` to a home-grown alternative
- Migrate from Askama to Ramhorns HOT 2
- Review database pool abstraction HOT 2
- More robust JSON-LD deserialisation HOT 3
- RUSTSEC-2023-0081: safemem is unmaintained HOT 4
- Switch to `sonic-rs`
- RUSTSEC-2020-0168: mach is unmaintained HOT 2
- Revamp internal error representation
- Remove Redis dependence HOT 2
- Cannot find module './locales/en-cyberpunk.ftl'
- RUSTSEC-2024-0320: yaml-rust is unmaintained. HOT 4
- Add extensive coverage for `mrf-tool` HOT 1
- Store compiled WASM modules for the MRF inside a cache HOT 1
- Replace `std::sync::Arc` with `triomphe::Arc` where possible
- Replace `redis-rs` with `fred`
- Iroh & Willow interop HOT 1
- `mimalloc` fails to compile with some GCC versions HOT 1
- Refactor thread fetching into an iterative operation
- [DISCUSSION] Do we need OpenAPI docs for the Mastodon API?
- Cannot display the following and followed / "Error: Unexpected token ..." HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kitsune.