Implement some kind of captcha or any way to prevent automated registration epxloits.

[weibeu]

https://github.com/thec0sm0s/instant-notes/blob/9ef1405841d545a408c39ac5c10dd6b29ead7876/application/api/views/authorization/__init__.py#L11-L30

[kir0ul]

Hey, I tried to setup the project but I only get a header bar on the front-end and the back-end returns a 401 Unauthorized error when it tries to access to the /api/notes/ route. Any idea what I'm missing?

[weibeu]

@kir0ul sorry for the troubles. Yes this is expected since I have re written the whole project. So everything has changed. But yes, rewrite of this repository, cosnote has been completed. So you may run server normally but don't rely on the web client. It's still under development. Can you try something like postman just for the APIs part? I know it could be hard for captchas thing but we just need its backend implemented in Flask.

Here is the Postman Collection to try out the API.

[weibeu]

Here is minimal documentation to the current endpoints: https://github.com/thec0sm0s/cosnote#api-endpoints

[kir0ul]

Here is minimal documentation to the current endpoints: https://github.com/thec0sm0s/cosnote#api-endpoints

Ok I'm starting to understand :slightly_smiling_face: Used Insomnia but anyway the API works.

[weibeu]

Are we going to use reCaptcha? If so then I think this will help: https://developers.google.com/recaptcha/docs/verify. I will do the client side thing. Also just a heads up, try following the same design pattern of backend flask views 😁

[kir0ul]

Are we going to use reCaptcha?

Ah... I was more thinking about captcha or visualCaptcha.

[weibeu]

They work great but in our case, reCaptcha will help best because it provides auto verification thing and can guess without user needing to click the i am not robot checkbox.

[kir0ul]

I understand it's easier to use Google services for this but I tell you honestly I'm more interested in building stuff within the open source ecosystem. Also as a side note I'm really concerned about so many websites adding Google trackers everywhere. So if using Google services is a requirement for this issue, I guess I prefer to bail out, sorry about that.

[weibeu]

I completely accept what you said is correct. And we should really use opensource tools. But its like I don't want to use that but if I don't I am afraid the other captchas would ruin user experience. As, I really want the login process to be quick as possible. This is the only reason I have not added email verification. Because, its just another thing for users to do. So yeah no offence, thanks for checking on here! Hope we could collaborate on other projects later on!