Skip to content

v3.0.0: Multi-provider captcha architecture#328

Closed
nenes25 wants to merge 4 commits into
17from
claude/analyze-code-01Qh1kuao8gRuXGinhnYVPxy
Closed

v3.0.0: Multi-provider captcha architecture#328
nenes25 wants to merge 4 commits into
17from
claude/analyze-code-01Qh1kuao8gRuXGinhnYVPxy

Conversation

@nenes25

@nenes25 nenes25 commented Nov 21, 2025

Copy link
Copy Markdown
Owner

This major release introduces a modular architecture supporting multiple captcha providers:

New Features:

  • Multi-provider architecture with 4 captcha systems:

    • Google reCAPTCHA v2/v3 (existing, refactored)
    • Google reCAPTCHA Enterprise (with Google Cloud integration)
    • hCaptcha (privacy-focused alternative)
    • Math Captcha (native, no external dependencies)
  • Provider abstraction layer:

    • CaptchaProviderInterface: common contract for all providers
    • AbstractCaptchaProvider: shared functionality
    • CaptchaFactory: dynamic provider instantiation
    • Provider-specific templates
  • Enhanced configuration:

    • Provider selection dropdown in admin
    • Dynamic configuration fields per provider
    • Math Captcha difficulty levels (easy/medium/hard)
    • Google Enterprise project/key configuration

Technical Changes:

  • Refactored eicaptcha.php to use provider pattern
  • Updated ConfigForm.php for provider management
  • Enhanced Debugger.php with provider checks
  • Added upgrade script for migration from 2.x
  • All templates now use provider includes for flexibility

Backward Compatibility:

  • Automatic migration from 2.x to 3.0
  • Defaults to google_recaptcha provider
  • All existing configurations preserved
  • Upgrade script: upgrade/upgrade-3.0.0.php

Architecture:

  • PSR-4 compliant provider structure
  • Lazy loading of providers via factory
  • Session-based validation for Math Captcha
  • CSRF protection for Math Captcha
  • Extensible: new providers can be registered

Breaking changes: Version bumped to 3.0.0 due to architectural changes

This major release introduces a modular architecture supporting multiple captcha providers:

**New Features:**
- Multi-provider architecture with 4 captcha systems:
  * Google reCAPTCHA v2/v3 (existing, refactored)
  * Google reCAPTCHA Enterprise (with Google Cloud integration)
  * hCaptcha (privacy-focused alternative)
  * Math Captcha (native, no external dependencies)

- Provider abstraction layer:
  * CaptchaProviderInterface: common contract for all providers
  * AbstractCaptchaProvider: shared functionality
  * CaptchaFactory: dynamic provider instantiation
  * Provider-specific templates

- Enhanced configuration:
  * Provider selection dropdown in admin
  * Dynamic configuration fields per provider
  * Math Captcha difficulty levels (easy/medium/hard)
  * Google Enterprise project/key configuration

**Technical Changes:**
- Refactored eicaptcha.php to use provider pattern
- Updated ConfigForm.php for provider management
- Enhanced Debugger.php with provider checks
- Added upgrade script for migration from 2.x
- All templates now use provider includes for flexibility

**Backward Compatibility:**
- Automatic migration from 2.x to 3.0
- Defaults to google_recaptcha provider
- All existing configurations preserved
- Upgrade script: upgrade/upgrade-3.0.0.php

**Architecture:**
- PSR-4 compliant provider structure
- Lazy loading of providers via factory
- Session-based validation for Math Captcha
- CSRF protection for Math Captcha
- Extensible: new providers can be registered

Breaking changes: Version bumped to 3.0.0 due to architectural changes
- Complete guide for creating custom captcha providers
- Step-by-step implementation instructions
- Code examples for all required methods
- Template creation guidelines
- Best practices and security recommendations
- Real-world examples (Cloudflare Turnstile)
- Troubleshooting and testing checklist
Cloudflare Turnstile is a free, privacy-friendly alternative to reCAPTCHA:
- No Google tracking
- Free tier: 1M requests/month
- Modern, user-friendly interface
- Support for light, dark, and auto themes
- Compact and normal widget sizes

**New Provider:**
- TurnstileProvider: Full implementation with API validation
- Template: turnstile.tpl with theme and size options
- Configuration fields: Site Key, Secret Key, Theme, Size

**API Integration:**
- Endpoint: https://challenges.cloudflare.com/turnstile/v0/siteverify
- Response field: cf-turnstile-response
- Dashboard: https://dash.cloudflare.com/

**Architecture Improvements:**
- Added getResponseFieldName() to CaptchaProviderInterface
- Default implementation in AbstractCaptchaProvider
- Dynamic field name support in _validateCaptcha()
- Math and Turnstile providers now declare custom field names

**Configuration:**
- 4 new config keys (site/secret keys, theme, size)
- Default theme: auto (follows system preferences)
- Default size: normal
- Full integration in ConfigForm and Installer

This brings the total to 5 captcha providers:
1. Google reCAPTCHA v2/v3
2. Google reCAPTCHA Enterprise
3. hCaptcha
4. Math Captcha (native)
5. Cloudflare Turnstile (new)
**Problem:**
- Configuration fields were hardcoded in ConfigForm.php
- Adding new providers required editing ConfigForm in 3 places
- Inconsistent with provider architecture where providers define their own fields

**Solution:**
- Created getProviderSpecificFields() to dynamically load from current provider
- Split fields into logical groups (provider, common, advanced)
- Generic postProcess() loops through all fields automatically
- Generic getConfigFieldsValues() loads all values dynamically
- Added getAllConfigurationFields() helper for field aggregation

**Result:**
- Adding new provider now requires ZERO changes to ConfigForm.php
- Only need to implement getConfigFields() in provider class
- Fully consistent with provider architecture
- ~200 lines of hardcoded fields removed

**Changes:**
- src/ConfigForm.php: Complete refactoring with new methods:
  * getProviderSpecificFields(): Loads fields from current provider
  * getCommonFields(): Returns always-visible common fields
  * getAdvancedFields(): Returns advanced configuration
  * getAllConfigurationFields(): Aggregates all fields from all sources
  * Simplified postProcess(): Generic loop through all fields
  * Simplified getConfigFieldsValues(): Generic value loading

**Impact:**
Provider developers now only need to:
1. Create Provider class with getConfigFields()
2. Register in CaptchaFactory
3. Create template file

No ConfigForm.php modifications needed when adding new providers.
@nenes25

nenes25 commented Jul 1, 2026

Copy link
Copy Markdown
Owner Author

Closing this in favor of a fresh start on the 3.x branch (see #336), which takes a simpler approach with 3 providers (reCAPTCHA, reCAPTCHA Enterprise, hCaptcha) instead of the full 6-provider factory architecture explored here. Thanks for the work, some of the ideas here may still be revisited later.

@nenes25 nenes25 closed this Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants