### Clone ALTCHA Starter Node.js Repository Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Clone the repository to get started with the ALTCHA server demo. Navigate into the cloned directory. ```sh git clone https://github.com/altcha-org/altcha-starter-nodejs-ts.git cd altcha-starter-nodejs-ts ``` -------------------------------- ### Configure and Start Server Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Set environment variables and launch the development server. ```bash # Environment configuration (.env file) PORT=3000 ALTCHA_HMAC_KEY=your_custom_hmac_key # For self-hosted mode # Or use ALTCHA API secret: ALTCHA_HMAC_KEY=csec_your_api_secret # Start the development server npm install npm run dev # Server output: # Server is running on port 3000 ``` -------------------------------- ### Install Node.js Dependencies Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Install the necessary Node.js dependencies using npm. ```sh npm install ``` -------------------------------- ### Start ALTCHA Server Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Run the development server using npm. The server will be accessible on the configured port. ```sh npm run dev ``` -------------------------------- ### GET /altcha Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Fetches a new random challenge to be used by the ALTCHA widget. ```APIDOC ## GET /altcha ### Description Fetches a new random challenge to be used by the ALTCHA widget. ### Method GET ### Endpoint /altcha ### Response #### Success Response (200) - **challenge** (object) - JSON object containing the challenge. ``` -------------------------------- ### GET /altcha - Challenge Generation Endpoint Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Generates a new random Proof-of-Work challenge for the ALTCHA widget. The challenge includes cryptographic parameters that the client must solve before form submission is accepted. The complexity is controlled by the `maxNumber` parameter, and challenges are signed using an HMAC key for verification integrity. ```APIDOC ## GET /altcha - Challenge Generation Endpoint ### Description Generates a new random Proof-of-Work challenge for the ALTCHA widget. The challenge includes cryptographic parameters that the client must solve before form submission is accepted. The complexity is controlled by the `maxNumber` parameter, and challenges are signed using an HMAC key for verification integrity. ### Method GET ### Endpoint /altcha ### Request Example ```bash curl http://localhost:3000/altcha ``` ### Response #### Success Response (200) - **algorithm** (string) - The hashing algorithm used for the challenge. - **challenge** (string) - The unique challenge string. - **salt** (string) - A random salt value for the challenge. - **signature** (string) - An HMAC signature for the challenge integrity. #### Response Example ```json { "algorithm": "SHA-256", "challenge": "a1b2c3d4e5f6...", "salt": "random-salt-value", "signature": "hmac-signature..." } ``` ### Usage Use this endpoint as the `challengeurl` in your ALTCHA widget configuration: ```html ``` ``` -------------------------------- ### Generate ALTCHA Challenge Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Fetch a new challenge from the server to initialize the ALTCHA widget. ```bash # Fetch a new challenge for the ALTCHA widget curl http://localhost:3000/altcha # Expected response: # { # "algorithm": "SHA-256", # "challenge": "a1b2c3d4e5f6...", # "salt": "random-salt-value", # "signature": "hmac-signature..." # } # Use this endpoint as the challengeurl in your ALTCHA widget configuration: # ``` -------------------------------- ### POST /submit - Simple PoW Verification Endpoint Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Accepts form submissions and verifies the Proof-of-Work solution without spam filtering. This endpoint uses `verifySolution()` from altcha-lib to validate that the client correctly solved the challenge. Use this when you only need bot protection without content classification. ```APIDOC ## POST /submit - Simple PoW Verification Endpoint ### Description Accepts form submissions and verifies the Proof-of-Work solution without spam filtering. This endpoint uses `verifySolution()` from altcha-lib to validate that the client correctly solved the challenge. Use this when you only need bot protection without content classification. ### Method POST ### Endpoint /submit ### Parameters #### Request Body - **altcha** (object) - Required - The ALTCHA payload containing the solution. - **algorithm** (string) - Required - The hashing algorithm used. - **challenge** (string) - Required - The challenge string. - **number** (integer) - Required - The solved number. - **salt** (string) - Required - The salt used for the challenge. - **signature** (string) - Required - The signature of the solution. - **email** (string) - Optional - The user's email address. - **message** (string) - Optional - The user's message. ### Request Example ```bash curl -X POST http://localhost:3000/submit \ -F 'altcha={"algorithm":"SHA-256","challenge":"...","number":12345,"salt":"...","signature":"..."}' \ -F 'email=user@example.com' \ -F 'message=Hello World' ``` ### Response #### Success Response (200) - **success** (boolean) - Indicates if the verification was successful. - **data** (object) - Contains the submitted form data if successful. - **altcha** (object) - The verified ALTCHA payload. - **email** (string) - The submitted email. - **message** (string) - The submitted message. #### Error Response - **error** (string) - Description of the error (e.g., "Altcha payload missing", "Invalid Altcha payload"). #### Response Example (Success) ```json { "success": true, "data": { "altcha": "...", "email": "user@example.com", "message": "Hello World" } } ``` #### Response Example (Error) ```json { "error": "Altcha payload missing" } ``` ``` -------------------------------- ### Verify Simple ALTCHA Solution Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Verifies a basic Proof-of-Work solution without spam filter analysis. Ensure the provided solution string matches the expected format. ```typescript import { verifySolution } from 'altcha-lib'; // Verify simple PoW solution (without spam filter) const isValid = await verifySolution( '{"algorithm":"SHA-256","challenge":"...","number":12345,"salt":"...","signature":"..."}', 'your-secret-key' ); // Returns: boolean ``` -------------------------------- ### Configure ALTCHA Server Environment Variables Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Set environment variables for server configuration, including the port and an optional HMAC key for challenge generation. A .env file is commonly used for this. ```ini PORT=3000 ALTCHA_HMAC_KEY=your_custom_hmac_key ``` -------------------------------- ### Submit Form with Simple PoW Verification Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Verify form submissions using the ALTCHA PoW solution without content classification. ```bash # Submit form data with ALTCHA verification payload curl -X POST http://localhost:3000/submit \ -F 'altcha={"algorithm":"SHA-256","challenge":"...","number":12345,"salt":"...","signature":"..."}' \ -F 'email=user@example.com' \ -F 'message=Hello World' # Success response: # { # "success": true, # "data": { # "altcha": "...", # "email": "user@example.com", # "message": "Hello World" # } # } # Error response (missing payload): # { "error": "Altcha payload missing" } # Error response (invalid solution): # { "error": "Invalid Altcha payload" } ``` -------------------------------- ### POST /submit Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Submits form data and verifies the simple PoW challenge without the spam filter. ```APIDOC ## POST /submit ### Description Submits form data and verifies the simple PoW challenge without the spam filter. ### Method POST ### Endpoint /submit ### Parameters #### Request Body - **altcha** (string) - Required - ALTCHA verification payload. ### Request Example curl -X POST -F 'altcha=your_verification_payload' http://localhost:3000/submit ``` -------------------------------- ### Generate ALTCHA Challenge Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Use to create a new Proof-of-Work challenge. Configure complexity with `maxNumber`. Requires an HMAC key for signing. ```typescript import { createChallenge } from 'altcha-lib'; // Generate a new challenge with configurable complexity const challenge = await createChallenge({ hmacKey: 'your-secret-key', maxNumber: 50000 // Higher = harder challenge }); // Returns: { algorithm, challenge, salt, signature } ``` -------------------------------- ### Fetch ALTCHA Challenge Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Use this endpoint to retrieve a new random challenge for the ALTCHA widget. This is typically used in self-hosted mode. ```sh curl http://localhost:3000/altcha ``` -------------------------------- ### Submit Form Data for Simple PoW Verification Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Submit form data to the /submit endpoint for verification of a simple Proof-of-Work (PoW) challenge. This endpoint is used when the ALTCHA widget's Spam Filter is NOT enabled. ```sh curl -X POST -F 'altcha=your_verification_payload' http://localhost:3000/submit ``` -------------------------------- ### POST /submit_spam_filter - Spam Filter Verification Endpoint Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Handles form submissions with full spam filtering enabled. Uses `verifyServerSignature()` to validate the server-signed payload and `verifyFieldsHash()` to ensure form field values haven't been tampered with since spam classification. Submissions classified as "BAD" are automatically rejected. ```APIDOC ## POST /submit_spam_filter - Spam Filter Verification Endpoint ### Description Handles form submissions with full spam filtering enabled. Uses `verifyServerSignature()` to validate the server-signed payload and `verifyFieldsHash()` to ensure form field values haven't been tampered with since spam classification. Submissions classified as "BAD" are automatically rejected. ### Method POST ### Endpoint /submit_spam_filter ### Parameters #### Request Body - **altcha** (string) - Required - Base64 encoded payload from the ALTCHA widget. - **email** (string) - Optional - The user's email address. - **message** (string) - Optional - The user's message. ### Request Example ```bash curl -X POST http://localhost:3000/submit_spam_filter \ -F 'altcha=base64-encoded-payload-from-widget' \ -F 'email=user@example.com' \ -F 'message=Legitimate message content' ``` ### Response #### Success Response (200) - **success** (boolean) - Indicates if the verification was successful. - **data** (object) - Contains the submitted form data if successful. - **altcha** (object) - The verified ALTCHA payload. - **email** (string) - The submitted email. - **message** (string) - The submitted message. - **verificationData** (object) - Data from the spam filter verification. - **classification** (string) - The spam classification (e.g., "GOOD", "BAD"). - **fields** (array) - List of fields included in the hash. - **fieldsHash** (string) - SHA256 hash of the form fields. - **score** (number) - Spam score. #### Error Response - **error** (string) - Description of the error (e.g., "Classified as spam", "Invalid fields hash"). #### Response Example (Success) ```json { "success": true, "data": { "altcha": "...", "email": "user@example.com", "message": "Legitimate message content" }, "verificationData": { "classification": "GOOD", "fields": ["email", "message"], "fieldsHash": "sha256-hash-of-fields", "score": 0.1 } } ``` #### Response Example (Spam Detected) ```json { "error": "Classified as spam" } ``` #### Response Example (Fields Tampered) ```json { "error": "Invalid fields hash" } ``` ``` -------------------------------- ### POST /submit_spam_filter Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Submits form data and verifies the server signature generated by the spam filter. ```APIDOC ## POST /submit_spam_filter ### Description Submits form data and verifies the server signature generated by the spam filter. ### Method POST ### Endpoint /submit_spam_filter ### Parameters #### Request Body - **altcha** (string) - Required - ALTCHA verification payload. ### Request Example curl -X POST -F 'altcha=your_verification_payload' http://localhost:3000/submit_spam_filter ``` -------------------------------- ### Verify ALTCHA Server Signature with Spam Filter Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Verifies the server signature for submissions when the spam filter is enabled. This function is part of the content-aware spam filtering process. ```typescript import { verifyServerSignature } from 'altcha-lib'; // Verify server signature (with spam filter enabled) const { verified, verificationData } = await verifyServerSignature( 'base64-payload', 'your-api-secret' ); // Returns: { verified: boolean, verificationData: { classification, fields, fieldsHash, score } } ``` -------------------------------- ### Submit Form with Spam Filter Verification Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Verify form submissions including spam classification and field integrity checks. ```bash # Submit form with spam filter verification curl -X POST http://localhost:3000/submit_spam_filter \ -F 'altcha=base64-encoded-payload-from-widget' \ -F 'email=user@example.com' \ -F 'message=Legitimate message content' # Success response with verification data: # { # "success": true, # "data": { # "altcha": "...", # "email": "user@example.com", # "message": "Legitimate message content" # }, # "verificationData": { # "classification": "GOOD", # "fields": ["email", "message"], # "fieldsHash": "sha256-hash-of-fields", # "score": 0.1 # } # } # Error response (spam detected): # { "error": "Classified as spam" } # Error response (fields tampered): # { "error": "Invalid fields hash" } ``` -------------------------------- ### Verify ALTCHA Form Fields Hash Source: https://context7.com/altcha-org/altcha-starter-nodejs-ts/llms.txt Checks if form fields have been tampered with after classification. Use this in conjunction with `verifyServerSignature` to ensure data integrity. ```typescript import { verifyFieldsHash } from 'altcha-lib'; // Verify that form fields haven't been modified since classification const fieldsValid = await verifyFieldsHash( formData, // FormData object ['email', 'message'], // Fields that were classified 'expected-hash' // Hash from verificationData ); // Returns: boolean ``` -------------------------------- ### Submit Form Data for Spam Filter Verification Source: https://github.com/altcha-org/altcha-starter-nodejs-ts/blob/main/README.md Submit form data to the /submit_spam_filter endpoint for verification of the server signature generated by the ALTCHA Spam Filter. This is used when the Spam Filter is enabled. ```sh curl -X POST -F 'altcha=your_verification_payload' http://localhost:3000/submit_spam_filter ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.