Integrate CAPTCHAs powered by Cloudflare Turnstile

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

datasette-turnstile

PyPI Changelog Tests License

Protect Datasette paths with Cloudflare Turnstile challenges.

Installation

Install this plugin in the same environment as Datasette.

datasette install datasette-turnstile

Configuration

Configure the plugin in your datasette.yaml:

plugins:
  datasette-turnstile:
    site_key: "0x4AAAAAAxxxxxxxxxxxxxxx"
    secret_key:
      $env: TURNSTILE_SECRET_KEY
    protected_paths:
      - "/admin/*"
      - "/-/import-*"
    exclude_patterns:
      - "*.json"
    cookie_max_age: 86400

Configuration options

  • site_key (required): Your Turnstile site key from the Cloudflare dashboard
  • secret_key (required): Your Turnstile secret key (supports $env syntax)
  • protected_paths (required): List of URL patterns to protect
  • exclude_patterns (optional): Patterns to exclude from protection (e.g., *.json)
  • cookie_max_age (optional): Cookie lifetime in seconds (default: 86400 = 24 hours)
  • cookie_name (optional): Name of the verification cookie (default: ds_turnstile)

URL Pattern Matching

Patterns use simple wildcard matching where * matches any characters:

  • /admin/* - Protects all paths under /admin/
  • /-/import-* - Protects /-/import-csv, /-/import-json, etc.
  • /data?*&*&* - Protects /data with 2+ query string parameters

Use ? in patterns to match against the full URL including query string. Without ?, patterns only match the path.

How It Works

  1. When a user visits a protected path, they're redirected to /-/turnstile
  2. The challenge page displays a Cloudflare Turnstile widget
  3. Upon completing the challenge, the token is verified server-side
  4. On success, a signed cookie is set and the user is redirected to their original destination
  5. The cookie remains valid for 24 hours (configurable)

API Requests

For requests with Accept: application/json header, the plugin returns a 403 JSON response instead of redirecting:

{"error": "turnstile_required"}

Use exclude_patterns: ["*.json"] to exclude JSON endpoints from protection entirely.

Development

To set up this plugin locally, first checkout the code:

cd datasette-turnstile

To run the tests:

uv run pytest

Create a config file using Turnstile test keys:

cat > datasette.yaml << 'EOF'
plugins:
  datasette-turnstile:
    site_key: "1x00000000000000000000AA"
    secret_key:
      $env: TURNSTILE_SECRET_KEY
    protected_paths:
      - "/demo/example*
EOF

Create an example database:

sqlite3 demo.db "CREATE TABLE example (id INTEGER PRIMARY KEY, name TEXT);"

Put the secret in an environment variable and run Datasette with the plugin:

TURNSTILE_SECRET_KEY='1x0000000000000000000000000000000AA' uv run datasette -c datasette.yaml demo.db

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.1a3 pre-release

0.1a2 pre-release

0.1a1 pre-release

This version

0.1a0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datasette_turnstile-0.1a0.tar.gz (15.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

datasette_turnstile-0.1a0-py3-none-any.whl (13.4 kB view details)

Uploaded Python 3

File details

Details for the file datasette_turnstile-0.1a0.tar.gz.

File metadata

  • Download URL: datasette_turnstile-0.1a0.tar.gz
  • Upload date:
  • Size: 15.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for datasette_turnstile-0.1a0.tar.gz
Algorithm Hash digest
SHA256 d117c524c67ea696896239c8bb9206d9a81dbeb7c5ab018cadb491ac3e197616
MD5 46b769d7e32de59387721dfc9e30087f
BLAKE2b-256 25a7d44fde2e937ca4a220f353bcabf86d4c9020cb215f0c73b671c4ec81bce6

See more details on using hashes here.

Provenance

The following attestation bundles were made for datasette_turnstile-0.1a0.tar.gz:

Publisher: publish.yml on simonw/datasette-turnstile

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file datasette_turnstile-0.1a0-py3-none-any.whl.

File metadata

File hashes

Hashes for datasette_turnstile-0.1a0-py3-none-any.whl
Algorithm Hash digest
SHA256 ca422492490e0c918c6c16674a5a1b2a2057042b56dfd41be63bf8c32b23bdf1
MD5 95d7c6f17c535448275b31553018a64f
BLAKE2b-256 cf59200e61ff07031450b65634f094e981bd4c7920386f721eec42c2508fc2ca

See more details on using hashes here.

Provenance

The following attestation bundles were made for datasette_turnstile-0.1a0-py3-none-any.whl:

Publisher: publish.yml on simonw/datasette-turnstile

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page