cfalzone/recaptcha-verify.vtl Secret

## recaptcha-verify.vtl
## Get the user's IP Address -- will vary depending on Load Balancer implementation, here's a couple common ways ...
#set($ip   = $request.getHeader('x-cluster-client-ip'))##
#if(!$UtilMethods.isSet($ip))##
  #set($ip = $request.getHeader('X-FORWARDED-FOR'))##
#end##
#if(!$UtilMethods.isSet($ip))##
  #set($ip = $request.getHeader('REMOTE_ADDR'))##
#end##
#if(!$UtilMethods.isSet($ip))##
  #set($ip = $request.getRemoteAddr())##
#end##

## Change the document's MIME if we're not in the backend
#if(!$EDIT_MODE)
  $!response.setContentType("application/json")
#end

## Get the captcha verification values
#set($captcha = $request.getParameter('captcha'))
#set($isValid = true)
#set($site    = $request.getParameter('hostname'))
#set($bypass  = $request.getParameter('bypass'))

## Your recaptch secret would go here -- we manage this in language variables for each of our websites
#set($recaptchaSecret = '...')

## Invalid captcha error
#if(!$UtilMethods.isSet($captcha) || $captcha.length() < 1)
  #set($isValid       = false)
  #set($errorCodes    = "$!{errorCodes},${esc.q}no-captcha-input${esc.q}")
  #set($errorMessages = "$!{errorMessages} No captcha provided for verification.")
#end

#if($isValid)
  ## Fetch the verification response from Google
  #set($resp   = $json.fetch("https://www.google.com/recaptcha/api/siteverify?secret=${recaptchaSecret}&response=${captcha}&remoteip=${ip}"))
  #set($status = 200)
#else
  ## If no captcha, supply our own error
  #set($resp   = $json.generate("{\"message\":\"${errorMessages.trim()}\",\"error-codes\":[${errorCodes.substring(1)}],\"success\":false}"))
  #set($status = 403)
#end

## Set response code and content based on results
$!response.setStatus($status)
$resp.toString()
	## Get the user's IP Address -- will vary depending on Load Balancer implementation, here's a couple common ways ...
	#set($ip = $request.getHeader('x-cluster-client-ip'))##
	#if(!$UtilMethods.isSet($ip))##
	#set($ip = $request.getHeader('X-FORWARDED-FOR'))##
	#end##
	#if(!$UtilMethods.isSet($ip))##
	#set($ip = $request.getHeader('REMOTE_ADDR'))##
	#end##
	#if(!$UtilMethods.isSet($ip))##
	#set($ip = $request.getRemoteAddr())##
	#end##

	## Change the document's MIME if we're not in the backend
	#if(!$EDIT_MODE)
	$!response.setContentType("application/json")
	#end

	## Get the captcha verification values
	#set($captcha = $request.getParameter('captcha'))
	#set($isValid = true)
	#set($site = $request.getParameter('hostname'))
	#set($bypass = $request.getParameter('bypass'))

	## Your recaptch secret would go here -- we manage this in language variables for each of our websites
	#set($recaptchaSecret = '...')

	## Invalid captcha error
	#if(!$UtilMethods.isSet($captcha) \|\| $captcha.length() < 1)
	#set($isValid = false)
	#set($errorCodes = "$!{errorCodes},${esc.q}no-captcha-input${esc.q}")
	#set($errorMessages = "$!{errorMessages} No captcha provided for verification.")
	#end

	#if($isValid)
	## Fetch the verification response from Google
	#set($resp = $json.fetch("https://www.google.com/recaptcha/api/siteverify?secret=${recaptchaSecret}&response=${captcha}&remoteip=${ip}"))
	#set($status = 200)
	#else
	## If no captcha, supply our own error
	#set($resp = $json.generate("{\"message\":\"${errorMessages.trim()}\",\"error-codes\":[${errorCodes.substring(1)}],\"success\":false}"))
	#set($status = 403)
	#end

	## Set response code and content based on results
	$!response.setStatus($status)
	$resp.toString()