`maxnumber` from javacript server API not passed to widget

[cdcarson]

This looks like a great solution. Thanks! I did run into one issue or confusing bit testing it out, using the web component (this library) and your javascript server API in SvelteKit. I'm creating the challenge like this...

// test/+page.server.ts
export const load = async () => {
  const challenge = await createChallenge({
    hmacKey: APP_SECRET,
    salt: nanoid(12),
    maxNumber: 100_000,
  });
  return {challenge}
}

...and rendering the widget like this...

<!-- test/+page.svelte -->
<altcha-widget  challengejson="{JSON.stringify(data.challenge)}"></altcha-widget>

This works, but I the verification was taking a long time (>2s on a decent macbook air) despite the fact that I'd set maxNumber: 100_000 on the server. I realized that the widget wasn't picking up maxNumber from challengejson. Adding the maxnumber attribute to the widget made it work as expected:

<!-- test/+page.svelte -->
<altcha-widget  maxnumber="100000" challengejson="{JSON.stringify(data.challenge)}"></altcha-widget>

Is this a bug? I'd expect the challenge data from the server to be automatically picked up by the widget.

[ovx]

Hi, thanks for reporting. It's not an issues, settings the right maxnumber is important because it helps the widget to calculate work distribution between multiple workers.

Currently, the maxnumber is not propagated from the server, but I plan to add it to the challenge created by the server so that the widget can optimize the work better and also to avoid mistakes, these number can cause.

Also, just for completeness, I wouldn't recommend using nanoid as salt, it's better to use cryptographically secure bytes. The createChallenge will generate salt for you if you don't provide the salt parameter.

[cdcarson]

@ovx Thanks, and thanks for the tip. I'll close this.