Go Language
Go Language

Google reCAPTCHA in Go Language


Here’s a snippet for making sure bots don’t get through your processes. You can sign up for Google’s Recaptcha service for free and easily input this script inside your current Go language web application.

Google’s reCAPTCHA Javascript (in head)

1
<script src='https://www.google.com/recaptcha/api.js'></script>

Google’s reCAPTCHA input (next to submit button on end of form)

1
<div class="g-recaptcha" data-sitekey="PUBLIC_KEY_HERE"></div>

Replace ‘PUBLIC_KEY_HERE’

Google reCAPTCHA Check Function

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
func CheckGoogleCaptcha(response string) bool {
	var googleCaptcha string = "SECRET_KEY_HERE"
	req, err := http.NewRequest("POST", "https://www.google.com/recaptcha/api/siteverify", nil)
	q := req.URL.Query()
	q.Add("secret", googleCaptcha)
	q.Add("response", response)
	req.URL.RawQuery = q.Encode()
	client := &http.Client{}
	var googleResponse map[string]interface{}
	resp, err := client.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()
	body, _ := ioutil.ReadAll(resp.Body)
	json.Unmarshal(body, &googleResponse)
	return googleResponse["success"].(bool)
}

You must input the value of ‘g-recaptcha-response’ into CheckGoogleCaptcha. If you are testing locally, be sure to go into reCaptcha on Google, click Advanced for your project, and uncheck ‘Verify the origin of reCAPTCHA solutions’. You should recheck this once you have your captcha on the correct domain/subdomain. Be sure to replace ‘SECRET_KEY_HERE’

Full Example

This will run a local web server on port 9090. Be sure to change the public and secret key. View on Go Playground

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package main
 
import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
)
 
func main() {
 
	http.HandleFunc("/", IndexHandler)
	http.HandleFunc("/send", SendHandler)
 
	err := http.ListenAndServe(":9090", nil)
	if err != nil {
		log.Fatal("ListenAndServe: ", err)
	}
 
}
 
func IndexHandler(w http.ResponseWriter, r *http.Request) {
 
	form := `<script src='https://www.google.com/recaptcha/api.js'></script>
	<form action="/send" method="POST">
	<div class="g-recaptcha" data-sitekey="PUBLIC_KEY_HERE"></div>
	<input type="submit">`
 
	fmt.Fprintf(w, form)
}
 
func SendHandler(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	captcha := r.PostFormValue("g-recaptcha-response")
 
	valid := CheckGoogleCaptcha(captcha)
 
	if valid {
		fmt.Fprintf(w, "The captcha was correct!")
	} else {
		fmt.Fprintf(w, "This captcha was NOT correct, check the public and secret keys.")
	}
}
 
func CheckGoogleCaptcha(response string) bool {
	var googleCaptcha string = "SECRET_KEY_HERE"
	req, err := http.NewRequest("POST", "https://www.google.com/recaptcha/api/siteverify", nil)
	q := req.URL.Query()
	q.Add("secret", googleCaptcha)
	q.Add("response", response)
	req.URL.RawQuery = q.Encode()
	client := &http.Client{}
	var googleResponse map[string]interface{}
	resp, err := client.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()
	body, _ := ioutil.ReadAll(resp.Body)
	json.Unmarshal(body, &googleResponse)
	return googleResponse["success"].(bool)
}

View Comments
There are currently no comments.