search

appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
33.95k stars 3.66k forks source link

[Feature] Integrate Google recaptcha on Appsmith. #872

Closed anvaynk closed 3 years ago

anvaynk commented 4 years ago

Summary

It'd be great if you could include Google recaptcha as a plugin on Appsmith and use the token that it generates as an input in the header of an API or in javascript.

Motivation

The first screen that any kind of web app admin tool generally starts with is authentication. This is done by having a login page. And we use Google recaptcha to check if the person logging in is not a bot. Google recaptcha is a very common DDOS protection mechanism for login functionality. We want to use Appsmith for our internal admin tool but this recaptcha functionality is blocking us from going ahead.

Additional Context

Any other context or screenshots or API request payload/responses that you pertain to the feature.

Nikhil-Nandagopal commented 4 years ago

Hi @anvaynk 👋, thank you for the feature request. Are you looking to use re-captcha with appsmith's in-built authentication or do you have your own authentication mechanism? If you have your own authentication, I'm thinking a good solution Will be to add a re-captcha widget which you can drag and drop inside your application. If it's with appsmith's authentication, we can discuss a solution where re-captcha shows up on the main login page. Let me know what you think!

anvaynk commented 4 years ago

We have our own api based authentication mechanism which we want to integrate with Appsmith's UI. I think it'd be great to have recaptcha as a widget so that it can also be added to other pages in the future too (ex: a signup page).

Nikhil-Nandagopal commented 4 years ago

@anvaynk after doing a little research, Recaptcha v3 seems like the best way to implement this https://developers.google.com/recaptcha/docs/versions In this way, we won't need an additional widget but instead add a re-captcha enabled property to a button. So if that property is enabled, the login call will only be made if the Recaptcha succeeds. This library here seems like a good starting point https://github.com/t49tran/react-google-recaptcha-v3 Does this work? This should be fairly straight forward for us to implement

anvaynk commented 4 years ago

Awesome! Yes this should work.

Nikhil-Nandagopal commented 3 years ago

@anvaynk we're in the process of shipping this out. We had one clarification. There's a token verification that needs to occur which is what protects an endpoint from bots. We're thinking we'll pass this token back to your login API and your login API is going to verify the token. Is this understanding correct? This will also mean that the sitekey which you generate should have app.appsmith.com in the list of domains.

Nikhil-Nandagopal commented 3 years ago

@anvaynk just wanted to update you that we have shipped this feature and it is now available in the latest version of appsmith 🎉