Add WordPress plugin for LibreCaptcha integration#329
Conversation
- Create a new WordPress plugin at `plugins/wordpress/librecaptcha.php`. - Add settings page to configure server URL, configuration JSON, and checkboxes for Login, Registration, and Comments forms. - Implement shortcode and standard WordPress hooks to inject the CAPTCHA and fetch it dynamically via JavaScript from the LibreCaptcha `/v2/captcha` endpoint. - Add verification logic utilizing `wp_remote_post` to hit the `/v2/answer` endpoint and hook into standard authentication/submission filters to block invalid entries. - Add installation instructions to the project README.md. Co-authored-by: hrj <345879+hrj@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
In the settings page for the plugin, add a test button which will fetch a CAPTCHA from the server and show it, along with an input field and a check button. When the check button is clicked, the input will be validated through the API. This will help to quickly check the LC server and plugin setup. |
I've added the test button functionality to the settings page as requested. It allows administrators to fetch a test CAPTCHA and validate an answer to confirm their LC server integration is working correctly. |
Added a UI section to the LibreCaptcha WordPress plugin settings page that allows the site administrator to fetch a test CAPTCHA and validate an answer against the configured LibreCaptcha server. This helps verify the API configuration. Co-authored-by: hrj <345879+hrj@users.noreply.github.com>
|
The test functionality should make the API calls on the server side not in the client, because the LC server may not be accessible to the client. Also, add an option in the plugin settings to specify the auth key (optional). |
I've added the optional |
- Added an optional `Auth Key` field to the LibreCaptcha plugin settings. - Modified CAPTCHA validation API requests (`wp_remote_post` to `/v2/answer`) to pass the `Auth` header if configured. - Refactored the test connection functionality in the settings page to perform all LibreCaptcha API calls server-side (via WP AJAX hooks `lc_test_load` and `lc_test_check`) using the admin's currently configured settings (including auth key). Co-authored-by: hrj <345879+hrj@users.noreply.github.com>
|
Define OPTIONS method handler on all API endpoints (as and where appropriate). This is because in certain browser emulated environments, the server side code running inside a browser causes an issue of OPTIONS request before the actual API request. |
I've added CORS |
- Added `OPTIONS` method support to the `picoserve` ServerBuilder. - Modified `lc.server.Server` to attach `OPTIONS` handlers to the `/v2/captcha`, `/v2/media`, and `/v2/answer` endpoints. These handlers return a `200 OK` status with the necessary `Access-Control-Allow-*` headers when `corsHeader` is configured, ensuring LibreCaptcha APIs function correctly in cross-origin browser environments. Co-authored-by: hrj <345879+hrj@users.noreply.github.com>
|
Just like the test captcha component in settings, ensure that all LC API calls in the plugin are done through backend PHP, not frontend javascript. |
I've refactored the CAPTCHA rendering logic in |
- Refactored `render_captcha()` in the WordPress plugin to eliminate client-side JavaScript `fetch` calls. - The CAPTCHA generation API request (`/v2/captcha`) is now executed entirely backend via `wp_remote_post`. - This ensures LibreCaptcha instances that are not publicly exposed to the client's browser (e.g. internal network/localhost bound) can still successfully generate CAPTCHAs, preventing CORS and connectivity issues. Co-authored-by: hrj <345879+hrj@users.noreply.github.com>
|
You have added an OPTIONS builder to picoserve. This can be used to simplify the handler definitions in Server.scala. Also, there is code repetition in handling of OPTIONS method across endpoints. Try and refactor to a common function. |
I've refactored |
…routing - Refactored `Server.scala` to use the `.OPTIONS()` handler builder method from `picoserve` and deduplicated the `OPTIONS` CORS response logic into a common `getOptionsResponse` helper. - Fixed `org.limium.picoserve.Server` Java code to group handlers by path so that multiple HTTP methods (e.g. `POST` and `OPTIONS`) can be correctly routed to their respective processors for the same path. Tests now pass. Co-authored-by: hrj <345879+hrj@users.noreply.github.com>
1 participant
This PR introduces a WordPress plugin to integrate LibreCaptcha into common WordPress forms (Login, Registration, Comments) as well as any custom page via shortcode. It adds an administrative settings page to configure the API integration and handles secure server-to-server answer verification.
PR created automatically by Jules for task 7710305599071125477 started by @hrj