Turnstile is a new user friendly, privacy preserving alternative to CAPTCHA. This package provides a flexible way of integrating turnstile into your Laravel application. This package can be turned on and off for your convenience.
Info This package focuses on server side validation. You are free to implement your preferable client side technology such vue, reach, blade e.t.c
| Version | PHP versions | Laravel versions |
|---|---|---|
| 1.x.x | 8.0, 8.1 and 8.2 | 9.x and 10.x |
| 2.x.x | 8.1, 8.2 and 8.3 | 10.x and 11.x |
| 3.x.x | 8.2, 8.3 and 8.4 | 11.x and 12.x |
You can install the package via composer:
composer require njoguamos/laravel-turnstileYou can initialise the package with:
php artisan turnstile:installThe install command will publish the config file.
Ensure that you have update your application .env with credentials from cloudflare i.e.
TURNSTILE_SITE_KEY=
TURNSTILE_SECRET_KEY=
TURNSTILE_ENABLED=true
#TURNSTILE_ENABLED=false -> when you want to disable e.g when testingThere are three way to use this package.
To use turnstile is specific routes of your application, you can register a new middleware in your laravel app/Http/Kernel.php.
class Kernel extends HttpKernel {
// other class code
protected $routeMiddleware = [
// Other middlewares
'turnstile' => \NjoguAmos\Turnstile\Http\Middleware\TurnstileMiddleware::class
];
}Once the middleware has been defined in the HTTP kernel, you may use the middleware method to assign middleware to a route:
Route::get('/register', function () {
//
})->middleware('turnstile');Ensure your client side technology submit a turnstile token using a name defined in turnstile config file. Your can learn how to implement client side render from cloudflare website. Example:
Upon submitting the form, the turnstile token will be validated against turnstile api. If it fails, the request will be redirected back with status message. You can handle this message however you want in client side.
You can user the inbuilt validation to validate form input
use NjoguAmos\Turnstile\Rules\TurnstileRule;
class RegisterRequest extends FormRequest
{
/** @return array<string, array> */
public function rules(): array
{
return [
# Other fields
'token' => ['required', new TurnstileRule() ],
];
}
# Other code
}You can validate turnstile token by calling validate method of Turnstile facade. The result will be true when token passed and false when token fails.
use NjoguAmos\Turnstile\Turnstile;
$isValid = (new Turnstile())->validate($token);
// Code is valid or invalidIf you would like to have more control on the response, you can use getResponse method of Turnstile facade. The result will be an instance of TurnstileResponse class.
use NjoguAmos\Turnstile\Turnstile;
$response = (new Turnstile())->getResponse($token);
// Result is an instance of \NjoguAmos\Turnstile\TurnstileResponseTo increase the speed of your unit tests, you may wish to disable the turnstile. You can do so by setting TURNSTILE_ENABLED to false. i.e
#.env
TURNSTILE_ENABLED=falseWhen disabled,
- turnstile middleware will always pass
- turnstile validation rule will always pass
😀 Remember to turn turnstile on when you deploy.
Info This package does not mock request. It uses the secret keys provided by Cloudflare. Therefore, test scenarios hits the real turnstile api.
composer testPlease see releases for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}