This PR, although functional, serves more as a Proof of Concept for the robot detection on the contact form. And could be vastly improved.
Normally, the recaptcha implementation would require a back-end part. Which we do not really have because this is a static website.
But...
I noticed you were using a Google Script App to send the contact form data towards. Since i don't have access to its source, i decided to create another one using my own google account and handle the recaptcha backend part there.
It's a simple app that will contact the recaptcha verify api and return the "bot probability" score along with others variables.
TODO to replicate
Create your own recaptcha project with pyronear's google account
Replace the client ID in the code (here: 6LdEaA4qAAAAACDNhU72_De3d9dNhGJ87dKyuFby). The both of them (in the .js file and in the param on script setup)
Create your own GoogleScript file publicly accessible and copy the content of my snippet in it (Do not forget to replace the secret key (here: 6LdEaA4qAAAAAMQr1nDzvDrki-DBMDWaPOQ4nJds) ).
Replace the url of the GoogleScript called in the .js (here: https://script.google.com/macros/s/AKfycbxRKmuN_AoP_4gzvsio4L101YCcI_1n1XUWB1YMgHKqhZDSEeayxJXo7wRks24PMKhe)
By simply doing this you'd have a working detection system that still could be improved:
Next steps
The ideal situation would be to have a single GoogleScript file that would check for bots AND ingest form data afterwards (if the sender is human, that is).
So the code snippet above could be addded to your existing script (https://script.google.com/macros/s/AKfycbxzvB_Jbta7xCVuz-iThqXftPb1DcBTf-P-ah4KnbxBn3OhcHJF) and stop execution earlier in case of a bot detection!
This one addresses the issue #17
This PR, although functional, serves more as a Proof of Concept for the robot detection on the contact form. And could be vastly improved.
Normally, the recaptcha implementation would require a back-end part. Which we do not really have because this is a static website.
But... I noticed you were using a Google Script App to send the contact form data towards. Since i don't have access to its source, i decided to create another one using my own google account and handle the recaptcha backend part there.
Hence, i'll copy here the content of my GoogleScript hosted at this URL: https://script.google.com/macros/s/AKfycbxRKmuN_AoP_4gzvsio4L101YCcI_1n1XUWB1YMgHKqhZDSEeayxJXo7wRks24PMKhe
It's a simple app that will contact the recaptcha verify api and return the "bot probability" score along with others variables.
TODO to replicate
6LdEaA4qAAAAACDNhU72_De3d9dNhGJ87dKyuFby
). The both of them (in the .js file and in the param on script setup)6LdEaA4qAAAAAMQr1nDzvDrki-DBMDWaPOQ4nJds
) ).https://script.google.com/macros/s/AKfycbxRKmuN_AoP_4gzvsio4L101YCcI_1n1XUWB1YMgHKqhZDSEeayxJXo7wRks24PMKhe)
By simply doing this you'd have a working detection system that still could be improved:
Next steps
The ideal situation would be to have a single GoogleScript file that would check for bots AND ingest form data afterwards (if the sender is human, that is). So the code snippet above could be addded to your existing script (
https://script.google.com/macros/s/AKfycbxzvB_Jbta7xCVuz-iThqXftPb1DcBTf-P-ah4KnbxBn3OhcHJF
) and stop execution earlier in case of a bot detection!Hope it helps!