This npm package provides a simple server-side implementation for validating Cloudflare Turnstile captchas.
npm i turnstile-verifyconst { TurnstileVerify } = require('turnstile-verify');
// Your Cloudflare Turnstile secret key
const SECRET_KEY = '1x0000000000000000000000000000000AA';
// ...
// Access Cloudflare Turnstile response and remote IP address
const cfTurnstileResponse = req.body['cf-turnstile-response'];
const remoteip =
req.headers['CF-Connecting-IP'] ||
req.headers['x-forwarded-for'] ||
req.socket.remoteAddress; // optional
// Create a Turnstile instance with the secret key
const turnstile = new TurnstileVerify({ token: SECRET_KEY });
// Validate the Turnstile response
const turnstileResponse = await turnstile.validate({
response: cfTurnstileResponse,
remoteip,
});
// Handle an invalid captcha response
if (!turnstileResponse.valid) {
// ....Handle invalid captcha response
}
// ...{
valid: boolean, => Indicates if capcha solved correctly?
messages: string[] => In case of an error the messages from cloudflare are passed here.
}
For client side implementaion see official documentation, react-turnstile or use other npm package suitable for your framework.