librecloud/web
3
2
Fork 0
Code Issues Pull Requests Packages Projects 3 Releases Wiki Activity
web/docs/reference/altcha.md
Aidan e22d4ef30e docs: add docs for altcha
2025-04-16 16:56:07 -04:00

1.7 KiB
Raw Blame History

Altcha Implementation

Altcha is a privacy-friendly CAPTCHA alternative that's used in the LibreCloud signup form to verify that users are not bots. This doc explains the implementation, setup, and configuration of Altcha with LibreCloud.

Basic Overview

Altcha works by serving a proof-of-work-based CAPTCHA which doesn't require any fingerprinting/data collection. Our implementation does not use their API, and instead uses an endpoint, /api/captcha/create. The setup of this is nearly automatically.

Components

  1. Widget (components/custom/Altcha.tsx)

    This component renders the Altcha widget for use in pages.

  2. API Endpoint (app/api/captcha/create/route.ts)

    This endpoint generates the challenges with the altcha library.

  3. Token Validation (lib/utils.ts)

    The utils file provides verification for submitted tokens from the client. This is what gets implemented into an API route which needs to be protected by Altcha. You can see an example of this in app/api/users/create/route.ts, which connects to app/account/signup/page.tsx.

Setup

Environment Variables

To use Altcha, you need to set the following environment variable:

ALTCHA_SECRETKEY=

Automatic Setup

You should generate this with the provided tools/hmac.ts script. This is an important part of setup for people who want to take advantage of the signup forms.

The script requires the existance of an .env or .env.local file. You should have had this created when you setup Auth.js with bunx auth secret.

Execute the script like so:

bun tools/hmac.ts

Debug Mode

The Altcha widget is in debug mode when NODE_ENV is set to "development". This is nice for testing but you should disable it in production.