Implemented a comprehensive CAPTCHA gating system similar to Cloudflare Turnstile
that allows per-endpoint protection of resources with CAPTCHA challenges.
Features:
- Per-endpoint CAPTCHA configuration (just like rate limiting)
- Support for Cloudflare Turnstile
- Support for Google reCAPTCHA v2 (checkbox) and v3 (invisible with score)
- Session management with configurable duration (default 1 hour)
- Exception rules for paths and IP ranges/CIDR blocks
- Modern, responsive CAPTCHA challenge pages
- Secure session cookies with HttpOnly and Secure flags
- Automatic cleanup of expired sessions
Implementation details:
- Added CaptchaConfig, CaptchaProvider, and CaptchaExceptionRule types
- Created captcha.go module with verification logic for both providers
- Integrated CAPTCHA middleware into proxy request chain (after rate limiting, before auth)
- Added CAPTCHA session store to Router for tracking validated users
- Updated API endpoints (add/edit) to support CAPTCHA configuration
- Added comprehensive documentation in CAPTCHA_FEATURE.md
The feature follows existing Zoraxy patterns:
- Per-endpoint control similar to rate limiting
- Exception rules similar to basic auth exceptions
- IP detection similar to access control
Configuration is stored in proxy endpoint .config files and can be managed
via the existing /api/proxy/add and /api/proxy/edit endpoints.
- Added new behavior in upstream random selector (ignore offline check for upstream if there is only one upstream for this proxy rule)
- Added config file only DisableAutoFallback option
- Moved certification related functions into tlscert module
- Added specific host TLS behavior logic
- Added support for disabling SNI and manually overwrite preferred certificate to serve
- Fixed SSO requestHeaders null bug
- Optimized types and definitions
- Moved shutdown seq to start.go file
- Moved authelia to auth/sso module
- Added different auth types support (wip)
- Updated proxy config structure
- Added v3.1.4 to v3.1.5 auto upgrade utilities
- Fixed#426
- Optimized status page UI
- Added options to disable uptime montior in config
+ Added automatic self-sign certificate sniffing
+ Moved all constant into def.go
+ Added auto restart on port change when proxy server is running
+ Optimized slow search geoIP resolver by introducing new cache mechanism
+ Updated default incoming port to HTTPS instead of HTTP
- Rewritten the logger to make it more apache log parser friendly
- Fixed uptime not updating after upstream change bug
- Added SSO page (wip)
- Added log viewer
- Moved rate limiter scope into proxy router
- Give IpTable a better name following clean code guideline
- Optimized client IP retrieval method
- Added stop channel for request counter ticker
- Fixed#199
- Optimized UI for rate limit
+ Moved custom header rewrite to dpcore
+ Restructure dpcore header rewrite sequence
+ Added advance custom header settings (zoraxy to upstream and zoraxy to downstream mode)
+ Added header remove feature
+ Removed password requirement for SMTP #80
+ Completed stream proxy module (TCP and UDP)
+ Optimized UX for reminding user to click Apply after port change
+ Added version number to footer #160
+ Added unset subdomain custom redirection feature #46
+ Optimized memory usage by space time tradeoff in geoip lookup to fix#52
+ Replaced all stori/go.uuid to google/uuid for security reasons #55
