🚀 Try the Live Demo - Experience Cloudflare Turnstile CAPTCHA integration in action!
A comprehensive demonstration application showcasing Cloudflare Turnstile CAPTCHA integration with a complete web stack.
This project is a complete Cloudflare Turnstile verification demonstration application featuring:
- Frontend: Pure vanilla HTML/CSS/JavaScript implementation
- Backend: Python Flask API with robust validation
- Features: Complete Turnstile verification workflow with interactive debug interface
- 🛡️ Security Protection: Effectively prevents bot attacks and brute force attempts
- 🎯 User Experience: No image clicking required - one-click verification completion
- 🔧 Easy Integration: Simple API interface, integrate with just a few lines of code
- 📊 Real-time Monitoring: Detailed verification logs and status monitoring
- 🐳 Docker Ready: Containerized application for easy deployment
- 🌍 Multi-Architecture: Supports AMD64, ARM64, and more platforms
Cloudflare-Turnstile-Goat/
├── backend/ # Python Flask backend
│ ├── app.py # Main application file
│ ├── config.py # Configuration file
│ ├── requirements.txt # Python dependencies
│ ├── .env # Environment variables
│ └── utils/
│ └── turnstile.py # Turnstile verification utilities
├── frontend/ # Frontend static files
│ ├── index.html # Main page
│ ├── login.html # Login page
│ ├── css/ # Stylesheets
│ │ ├── main.css # Main styles
│ │ ├── login.css # Login page styles
│ │ └── components.css # Component styles
│ └── js/ # JavaScript files
│ ├── main.js # Main script
│ └── login.js # Login page script
├── Dockerfile # Docker configuration
├── docker-compose.yml # Docker Compose setup
└── README.md # Project documentation
# Pull and run the container
docker run -p 59623:59623 jsreidockerhub/cloudflare-turnstile-goat:latest
# Or with custom environment variables
docker run -p 59623:59623 \
-e TURNSTILE_SITE_KEY=your_site_key \
-e TURNSTILE_SECRET_KEY=your_secret_key \
jsreidockerhub/cloudflare-turnstile-goat:latest- Python 3.11+
- Modern browser (ES6+ support)
# Navigate to backend directory
cd backend
# Install Python dependencies
pip install -r requirements.txtCopy the environment template:
cp .env.example .envEdit the .env file with your Turnstile keys:
# Cloudflare Turnstile Configuration
TURNSTILE_SITE_KEY=your_site_key
TURNSTILE_SECRET_KEY=your_secret_keyNote: The project uses Cloudflare's test keys by default, suitable for development and demonstration. Replace with real keys for production.
# Start the backend service
cd backend
python app.pyAfter startup, visit:
- Main Page: http://127.0.0.1:59623/
- Login Page: http://127.0.0.1:59623/login.html
- Username:
admin - Password:
password
- Visit the login page
- Enter username and password
- Complete Turnstile CAPTCHA verification
- Click the login button
- View verification results and debug information
GET /api/configReturns the Turnstile site key and configuration.
POST /api/verify
Content-Type: application/json
{
"token": "turnstile_token"
}POST /api/login
Content-Type: application/json
{
"username": "admin",
"password": "password",
"token": "turnstile_token"
}- Visit the Cloudflare Dashboard
- Select your domain
- Navigate to "Security" > "Turnstile"
- Create a new site key
- Copy the Site Key and Secret Key
The project uses the following test keys by default:
- Site Key:
1x00000000000000000000AA - Secret Key:
1x0000000000000000000000000000000AA
These keys are for development and testing only and will always return successful results.
- HTML: Semantic structure following web standards
- CSS: Modular styles following the four UI design principles
- JavaScript: ES6+ syntax with modular design
- Flask: Lightweight web framework
- Modular Design: Separated configuration and utility classes
- Error Handling: Comprehensive exception handling mechanisms
- Logging: Detailed operation logs
- Proximity: Related elements close together, unrelated elements separated
- Alignment: All elements properly aligned, left, center, or right
- Repetition: Consistent styles, unified colors and fonts
- Contrast: Important content stands out with size and color differences
- ✅ Server-side Turnstile token verification
- ✅ User IP address validation
- ✅ Request timeout handling
- ✅ Error message sanitization
- ✅ CORS security configuration
-
Turnstile Widget Not Displaying
- Check network connection
- Verify Site Key configuration
- Check browser console for errors
-
Verification Failures
- Check Secret Key configuration
- Ensure server time is correct
- Review backend logs
-
CORS Errors
- Check CORS_ORIGINS configuration
- Ensure request domain is in the allowlist
Enable debug mode for detailed logs:
FLASK_DEBUG=trueThe Docker image supports multiple architectures:
linux/amd64(Intel/AMD 64-bit)linux/arm64(ARM 64-bit - Apple M1/M2, AWS Graviton, etc.)linux/arm/v7(ARM 32-bit - Raspberry Pi 4, etc.)linux/arm/v6(ARM 32-bit - Raspberry Pi Zero, etc.)linux/ppc64le(PowerPC 64-bit Little Endian - IBM Power systems)linux/s390x(IBM Z - IBM mainframe architecture)
- How to integrate Cloudflare Turnstile CAPTCHA
- Backend API validation techniques
- Frontend CAPTCHA handling
- Security best practices for CAPTCHA implementation
- Docker containerization for web applications
MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit Issues and Pull Requests.
If you have any questions, please contact us through GitHub Issues.