Skip to content

feat: Add Cloudflare Turnstile bot protection #140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 8, 2025
Merged

feat: Add Cloudflare Turnstile bot protection #140

merged 1 commit into from
Jun 8, 2025

Conversation

nullcoder
Copy link
Owner

Summary

  • Implemented Cloudflare Turnstile for bot protection in invisible mode
  • Added server-side token verification to prevent abuse
  • Integrated seamlessly into the gist creation flow

Implementation Details

Client-Side

  • Created a reusable Turnstile component that supports invisible mode
  • Integrated into the create gist page with proper error handling
  • Shows clear, actionable error messages when verification fails

Server-Side

  • Added token verification in the gist creation API endpoint
  • Created utility functions for checking if Turnstile is enabled
  • Properly handles both test and production keys

Configuration

  • Added environment variables for both public site key and secret key
  • Included test keys for local development
  • Updated TypeScript types to include Turnstile configuration

Documentation

  • Created comprehensive setup guide in docs/TURNSTILE_SETUP.md
  • Updated README to mention bot protection feature
  • Added inline comments for configuration

Test Plan

  • Unit tests for Turnstile component
  • Unit tests for server-side verification utilities
  • Manual testing with test keys in local development
  • Manual testing with real keys in production
  • Verify invisible mode works correctly
  • Test error handling for failed/expired tokens

🤖 Generated with Claude Code

@nullcoder @claude
feat: add Cloudflare Turnstile bot protection
a2a2659 
- Add Turnstile React component with invisible mode support
- Implement server-side token verification
- Integrate into gist creation flow with proper error handling
- Add comprehensive documentation and setup guide
- Include test keys for local development
- Update environment configuration for both public and secret keys

The integration uses invisible mode for better UX - users only see
a challenge if Cloudflare detects suspicious activity. All errors
are displayed clearly with actionable messages.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@nullcoder nullcoder merged commit 0fe8158 into main Jun 8, 2025
1 check was pending
@nullcoder nullcoder deleted the feat/cloudflare-turnstile branch June 8, 2025 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nullcoder