Expand description
CAPTCHA token verification for hCaptcha, Cloudflare Turnstile, Google reCAPTCHA v3.
Apps wire CAPTCHA into endpoints that bots love (magic-code send, password register, account creation) by:
- Setting
PYLON_CAPTCHA_PROVIDER(hcaptcha|turnstile|recaptcha) andPYLON_CAPTCHA_SECRET(server-side secret from the provider). - Frontend includes the CAPTCHA widget; user-supplied token
arrives in the
captchaTokenJSON field on the request. - Pylon endpoints check
CaptchaConfig::from_env()and callverify()before processing — failure returns 400.
All three providers expose a similar shape: POST a token to a
verify endpoint, get back {"success": bool, …}. We collapse them
to one trait + one config so the host app decides “do I have CAPTCHA
enabled?” not “which CAPTCHA?”
Structs§
Enums§
- Captcha
Provider - Which CAPTCHA service the app uses. Reads
PYLON_CAPTCHA_PROVIDER.