cannot do verification on self hosted docker

[vongoethe]

i self-hosted the mcaptcha docker. and i can access it normally and can make the widget integreated into my forms.
but according to the docs of the backend settings.
1payload = { 2 "token": mcaptcha_token, 3 "key": mcaptcha_sitekey, # captcha site key 4 # mCaptcha account secret; available in settings 5 "secret": mcaptcha_account_secret, 6} 7resp = requests.post( 8 "https://demo.mcaptha.org/api/v1/pow/siteverify", json=payload 9) 10resp = resp.json()

the "https://demo.mcaptha.org/api/v1/pow/siteverify" part. when i replace my own host. it reports 404. and i try to open https://my-own-host/api/v1/pow/siteverify, still 404.

so...how can i solve this situation.
thank you.

[realaravinth]

Hi,
That route responds to only HTTP POST request, it won't respond to HTTP GET requests. Opening it in the browser, too, will result in a HTTP GET request.

I hope that helps.

[vongoethe]

i tried, and http://demo.mcaptcha.org/api/v1/pow/siteverify did the trick.
but when i try my-own-host, it reports 404. so does the self host docker include the verification function?
thank you

[vongoethe]

and i opened the api doc of my own host. there's no such api like /api/v1/pow/ exists.
so...how can i make this happen? to do the verification.
thank you

[realaravinth]

The API doc is outdated, /api/v1/pow/* exists in all binaries shipped by the project. Can you please share the portion of the source code where you are trying to integrate mCaptcha?

[vongoethe]

i follow the README of this git.
git clone https://github.com/mCaptcha/mCaptcha.git
do some mod and then,
docker-compose up -d

and it goes fine. i can do registration and create sitekey. and i can integrate the widget to other sites.
but cannot do verification.

i barely can do coding. i just follow the guide from chatgpt.

thank you

[realaravinth]

That's alright, can you please tell me which language you are trying to code in? We have exapmles for Python, JavaScript and Rust. Maybe those will be of help?

[vongoethe]

frontend is vue and backend is go.
so the verification process can be at my backend?
my structure is as follow:
i host a site which is A, and it provide mcaptcha service by docker.
and my user site is B which is vue and go. i integrated widget from A to the frontend of B. and to my knowledge, i believe the verification should happend at A, right? so my backend of B will open the URL of http://A-site/api/v1/pow/siteverify. and i cannot make it.
any suggestions?
thank you

[realaravinth]

That's right, B's backend must do the do a POST request to /api/v1/siteverify. Can you please share the part of the backend code where you are trying to do the verification? Maybe there's something we are missing here.

[vongoethe]

sure.
here's the thing.
`
// mcaptchat check should start here
// Directly access the form value
mcaptchaToken := data.Key

// Define the payload
payload := map[string]string{
	"token":  mcaptchaToken,                      // Assume mcaptchaToken is defined elsewhere
	"key":    "something", // Assume mcaptchaSitekey is defined elsewhere
	"secret": "something", // Assume mcaptchaAccountSecret is defined elsewhere
}
// Marshal the payload into JSON
payloadBytes, jsonErr := json.Marshal(payload)
if jsonErr != nil {
	log.Fatalf("Error marshaling payload: %v", jsonErr)
}

// Create a new POST request with JSON payload
req, reqErr := http.NewRequest("POST", "https://the-B-site/api/v1/pow/siteverify", bytes.NewBuffer(payloadBytes))
if reqErr != nil {
	log.Fatalf("Error creating request: %v", reqErr)
}
req.Header.Set("Content-Type", "application/json")

// Execute the request
client := &http.Client{}
response, clientErr := client.Do(req)
if clientErr != nil {
	log.Fatalf("Error executing request: %v", clientErr)
}
defer response.Body.Close()

// Read and parse the response body
body, readErr := io.ReadAll(response.Body)
if readErr != nil {
	log.Fatalf("Error reading response body: %v", readErr)
}

var responseMap map[string]interface{}
if unmarshalErr := json.Unmarshal(body, &responseMap); unmarshalErr != nil {
	log.Fatalf("Error unmarshaling response: %v", unmarshalErr)
}

and the frontend part is:

`

[vongoethe]

and the frontend part is as below:
<div class="block"> <label data-mcaptcha_url="https://the-B-site/widget/?sitekey=something" for="mcaptcha__token" id="mcaptcha__token-label"> <input type="text" name="mcaptcha__token" id="mcaptcha__token" /> </label> <div id="mcaptcha__widget-container"></div> </div>

[realaravinth]

I assume "something" in the client code is replaced with the sitekey?

I have no idea what is going on. There's a Go server-side library that does the validation, maybe that'll help.

[vongoethe]

ah, yes. it's a long text, so i replaced it with something.
i'll check the doc you provided.
thank you