reCAPTCHA setup (#45)

* recaptcha setup * more explicit code example --------- Co-authored-by: Sebastien Guillemot <[email protected]>
PaimaStudios · Jun 7, 2024 · aefcb54 · aefcb54
1 parent a2d13fe
commit aefcb54
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/docs/home/1-setup/20-paima-bacher.md b/docs/home/1-setup/20-paima-bacher.md
@@ -72,3 +72,27 @@ At any point after stopping the batcher, you can clean up via the following comm
 ```bash
 sh ./shutdown.sh
 ```
+
+## Batcher Security (reCAPTCHA)
+
+As the Paima Batcher posts user submissions, you might want only to allow human users to submit data and avoid bots or malicious agents. This is a difficult task, but Paima Batcher can leverage Google's reCAPTCHA V3 and easily be integrated into games.
+
+1. Create a reCAPTCHA V3 account and get the `site-key` and `secret-key`. (https://www.google.com/recaptcha)
+  * Set `RECAPTCHA_V3_BACKEND` in the `.env.<NETWORK>` file with your `secret-key`.
+  * Set `RECAPTCHA_V3_FRONTEND` in the `.env.<NETWORK>` file with your `site-key`.
+2. Add the reCAPTCHA code to your project
+  * Add the reCaptcha3 script `<script src="https://www.google.com/recaptcha/api.js?render=${site_key}" />` into your main HTML. 
+  * Or call `injectReCaptchaToHTML()` in your frontend through the middleware.
+
+```js
+import { ENV, injectReCaptchaToHTML } from '@paima/sdk/utils';
+
+if (ENV.RECAPTCHA_V3_FRONTEND) {
+  // highlight-next-line
+  injectReCaptchaToHTML().then(() => {
+    console.log('ReCaptcha loaded');
+  });
+}
+```
+Once enabled all batcher calls will be validated and reject calls if no token or non-human activity is detected.
+