Expand description
mCaptcha is a proof of work based Denaial-of-Service attack protection system. This is is a WASM library that you can embed in your frontend code to protect your service.
A commercial managed solution is in the works but I’d much rather prefer folks host their own instances as it will make the more decentralized and free.
Workflow:
mCaptcha workflow in the frontend is simple.
- Call service to get a proof of work(PoW) configuration
- Call into mCaptcha to get PoW
- Send PoW to mCaptcha service
- If proof is valid, the service will return a token to the client
- Submit token to your backend along with your app data(if any)
- In backend, validate client’s token with mCaptcha service
Example:
generate proof-of-work
use pow_wasm::*;
use mcaptcha_pow_sha256::*;
// salt using which PoW should be computed
const SALT: &str = "yrandomsaltisnotlongenoug";
// one-time phrase over which PoW should be computed
const PHRASE: &str = "ironmansucks";
// and the difficulty factor
const DIFFICULTY: u32 = 1000;
// currently gen_pow() returns a JSON formated string to better communicate
// with JavaScript. See [PoW<T>][mcaptcha_pow_sha256::PoW] for schema
let serialised_work = gen_pow(SALT.into(), PHRASE.into(), DIFFICULTY);
let work: Work = serde_json::from_str(&serialised_work).unwrap();
let work = PoWBuilder::default()
.result(work.result)
.nonce(work.nonce)
.build()
.unwrap();
let config = ConfigBuilder::default().salt(SALT.into()).build().unwrap();
assert!(config.is_valid_proof(&work, &PHRASE.to_string()));
assert!(config.is_sufficient_difficulty(&work, DIFFICULTY));Structs
Functions
- generate proof-of-work