Integrate CAPTCHAs powered by Cloudflare Turnstile

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

datasette-turnstile

PyPI Changelog Tests License

Protect Datasette paths with Cloudflare Turnstile challenges.

Installation

Install this plugin in the same environment as Datasette.

datasette install datasette-turnstile

Configuration

Configure the plugin in your datasette.yaml:

plugins:
  datasette-turnstile:
    site_key: "0x4AAAAAAxxxxxxxxxxxxxxx"
    secret_key:
      $env: TURNSTILE_SECRET_KEY
    protected_paths:
      - "/admin/*"
      - "/-/import-*"
    exclude_patterns:
      - "*.json"
    cookie_max_age: 86400

Configuration options

  • site_key (required): Your Turnstile site key from the Cloudflare dashboard
  • secret_key (required): Your Turnstile secret key (supports $env syntax)
  • protected_paths (required): List of URL patterns to protect
  • exclude_patterns (optional): Patterns to exclude from protection (e.g., *.json)
  • cookie_max_age (optional): Cookie lifetime in seconds (default: 86400 = 24 hours)
  • cookie_name (optional): Name of the verification cookie (default: ds_turnstile)

URL Pattern Matching

Patterns use simple wildcard matching where * matches any characters:

  • /admin/* - Protects all paths under /admin/
  • /-/import-* - Protects /-/import-csv, /-/import-json, etc.
  • /data?*&*&* - Protects /data with 2+ query string parameters

Use ? in patterns to match against the full URL including query string. Without ?, patterns only match the path.

How It Works

  1. When a user visits a protected path, they're redirected to /-/turnstile
  2. The challenge page displays a Cloudflare Turnstile widget
  3. Upon completing the challenge, the token is verified server-side
  4. On success, a signed cookie is set and the user is redirected to their original destination
  5. The cookie remains valid for 24 hours (configurable)

API Requests

For requests with Accept: application/json header, the plugin returns a 403 JSON response instead of redirecting:

{"error": "turnstile_required"}

Use exclude_patterns: ["*.json"] to exclude JSON endpoints from protection entirely.

Development

To set up this plugin locally, first checkout the code:

cd datasette-turnstile

To run the tests:

uv run pytest

Create a config file using Turnstile test keys:

cat > datasette.yaml << 'EOF'
plugins:
  datasette-turnstile:
    site_key: "1x00000000000000000000AA"
    secret_key:
      $env: TURNSTILE_SECRET_KEY
    protected_paths:
      - "/demo/example*
EOF

Create an example database:

sqlite3 demo.db "CREATE TABLE example (id INTEGER PRIMARY KEY, name TEXT);"

Put the secret in an environment variable and run Datasette with the plugin:

TURNSTILE_SECRET_KEY='1x0000000000000000000000000000000AA' uv run datasette -c datasette.yaml demo.db

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.1a3 pre-release

This version

0.1a2 pre-release

0.1a1 pre-release

0.1a0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datasette_turnstile-0.1a2.tar.gz (15.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

datasette_turnstile-0.1a2-py3-none-any.whl (13.4 kB view details)

Uploaded Python 3

File details

Details for the file datasette_turnstile-0.1a2.tar.gz.

File metadata

  • Download URL: datasette_turnstile-0.1a2.tar.gz
  • Upload date:
  • Size: 15.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for datasette_turnstile-0.1a2.tar.gz
Algorithm Hash digest
SHA256 dc4e09ca6706f1ad28d5e1e4cf363305ca7f70d1f6a347f9a2afa15aefce435a
MD5 a71d52217cd0c4aad9013ddca5b8cd50
BLAKE2b-256 c7b62a35f304eafb5eee7d52902eb02b2c9530100fab3c96756cd07931bad6a7

See more details on using hashes here.

Provenance

The following attestation bundles were made for datasette_turnstile-0.1a2.tar.gz:

Publisher: publish.yml on simonw/datasette-turnstile

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file datasette_turnstile-0.1a2-py3-none-any.whl.

File metadata

File hashes

Hashes for datasette_turnstile-0.1a2-py3-none-any.whl
Algorithm Hash digest
SHA256 a4f4b69adc61b42dde7ad86fc3a3f1f76c804bf35f2bc132952ad01dee71f0c0
MD5 0caedd28f8749e6cd51f469f0a95d674
BLAKE2b-256 ddc80813b3acfe6d5a57379ff2584b6a9d98887ee24f8f7eced279a8c61874e6

See more details on using hashes here.

Provenance

The following attestation bundles were made for datasette_turnstile-0.1a2-py3-none-any.whl:

Publisher: publish.yml on simonw/datasette-turnstile

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page