Skip to content

Add Cloudflare Turnstile verification middleware #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
HTMHell wants to merge 6 commits into from
Closed

Add Cloudflare Turnstile verification middleware #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9742c47
Add Cloudflare Turnstile verification middleware
HTMHell Mar 15, 2026
e3ab742
Fail fast on missing TURNSTILE_SECRET_KEY
HTMHell Mar 15, 2026
5780ecb
Skip Turnstile verification when secret key is not configured
HTMHell Mar 15, 2026
163eb51
Revert to fail-fast on missing TURNSTILE_SECRET_KEY, add env to CI
HTMHell Mar 15, 2026
36609d6
Use Cloudflare test secret key in CI
HTMHell Mar 15, 2026
913601c
Inline Turnstile verify URL
HTMHell Mar 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,6 @@ jobs:

- name: Smoke test /health endpoint
run: |
docker run -d --name smoke -e PORT=8080 -e OPENAI_API_KEY=test -p 8080:8080 signwriting-description
docker run -d --name smoke -e PORT=8080 -e OPENAI_API_KEY=test -e TURNSTILE_SECRET_KEY=1x0000000000000000000000000000000AA -p 8080:8080 signwriting-description
sleep 5 # wait for uvicorn cold start
curl -sf http://localhost:8080/health
29 changes: 28 additions & 1 deletion signwriting_description/server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
import os
from datetime import UTC, datetime

import httpx
import uvicorn
from dotenv import load_dotenv
from fastapi import FastAPI, HTTPException, Query
from fastapi import FastAPI, HTTPException, Query, Request
from fastapi.responses import JSONResponse
from signwriting.formats.fsw_to_sign import fsw_to_sign

Expand All @@ -15,9 +16,35 @@
if not OPENAI_API_KEY:
raise RuntimeError("Missing OPENAI_API_KEY environment variable")

TURNSTILE_SECRET_KEY = os.getenv("TURNSTILE_SECRET_KEY")
if not TURNSTILE_SECRET_KEY:
raise RuntimeError("Missing TURNSTILE_SECRET_KEY environment variable")

app = FastAPI(title="Signwriting Description API")



@app.middleware("http")
async def turnstile_verification(request: Request, call_next):
if request.url.path == "/health":
return await call_next(request)

token = request.headers.get("cf-turnstile-response")
if not token:
return JSONResponse(status_code=403, content={"error": "Missing Turnstile token"})

async with httpx.AsyncClient() as client:
result = await client.post(
"https://challenges.cloudflare.com/turnstile/v0/siteverify",
data={"secret": TURNSTILE_SECRET_KEY, "response": token},
)

if not result.json().get("success"):
return JSONResponse(status_code=403, content={"error": "Invalid Turnstile token"})

return await call_next(request)


@app.get("/health")
def health():
return {
Expand Down
Loading