Integrate CAPTCHAs powered by Cloudflare Turnstile

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

datasette-turnstile

PyPI Changelog Tests License

Protect Datasette paths with Cloudflare Turnstile challenges.

Installation

Install this plugin in the same environment as Datasette.

datasette install datasette-turnstile

Configuration

Configure the plugin in your datasette.yaml:

plugins:
  datasette-turnstile:
    site_key: "0x4AAAAAAxxxxxxxxxxxxxxx"
    secret_key:
      $env: TURNSTILE_SECRET_KEY
    protected_paths:
      - "/admin/*"
      - "/-/import-*"
    exclude_patterns:
      - "*.json"
    cookie_max_age: 86400

Configuration options

  • site_key (required): Your Turnstile site key from the Cloudflare dashboard
  • secret_key (required): Your Turnstile secret key (supports $env syntax)
  • protected_paths (required): List of URL patterns to protect
  • exclude_patterns (optional): Patterns to exclude from protection (e.g., *.json)
  • cookie_max_age (optional): Cookie lifetime in seconds (default: 86400 = 24 hours)
  • cookie_name (optional): Name of the verification cookie (default: ds_turnstile)

URL Pattern Matching

Patterns use simple wildcard matching where * matches any characters:

  • /admin/* - Protects all paths under /admin/
  • /-/import-* - Protects /-/import-csv, /-/import-json, etc.
  • /data?*&*&* - Protects /data with 2+ query string parameters

Use ? in patterns to match against the full URL including query string. Without ?, patterns only match the path.

How It Works

  1. When a user visits a protected path, they're redirected to /-/turnstile
  2. The challenge page displays a Cloudflare Turnstile widget
  3. Upon completing the challenge, the token is verified server-side
  4. On success, a signed cookie is set and the user is redirected to their original destination
  5. The cookie remains valid for 24 hours (configurable)

API Requests

For requests with Accept: application/json header, the plugin returns a 403 JSON response instead of redirecting:

{"error": "turnstile_required"}

Use exclude_patterns: ["*.json"] to exclude JSON endpoints from protection entirely.

Development

To set up this plugin locally, first checkout the code:

cd datasette-turnstile

To run the tests:

uv run pytest

Create a config file using Turnstile test keys:

cat > datasette.yaml << 'EOF'
plugins:
  datasette-turnstile:
    site_key: "1x00000000000000000000AA"
    secret_key:
      $env: TURNSTILE_SECRET_KEY
    protected_paths:
      - "/demo/example*
EOF

Create an example database:

sqlite3 demo.db "CREATE TABLE example (id INTEGER PRIMARY KEY, name TEXT);"

Put the secret in an environment variable and run Datasette with the plugin:

TURNSTILE_SECRET_KEY='1x0000000000000000000000000000000AA' uv run datasette -c datasette.yaml demo.db

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.1a3 pre-release

0.1a2 pre-release

0.1a1 pre-release

0.1a0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datasette_turnstile-0.1a3.tar.gz (16.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

datasette_turnstile-0.1a3-py3-none-any.whl (13.4 kB view details)

Uploaded Python 3

File details

Details for the file datasette_turnstile-0.1a3.tar.gz.

File metadata

  • Download URL: datasette_turnstile-0.1a3.tar.gz
  • Upload date:
  • Size: 16.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for datasette_turnstile-0.1a3.tar.gz
Algorithm Hash digest
SHA256 f36532fd591bbfca139e93bc65df41b64ba0e635ecd8f9a95802ada9e51a05b9
MD5 b1febd941311562082bbc04fece0ea2b
BLAKE2b-256 80fd6e7d6138b00541225b2c6323e94f19d823c023b5491d98ef86bd58530863

See more details on using hashes here.

Provenance

The following attestation bundles were made for datasette_turnstile-0.1a3.tar.gz:

Publisher: publish.yml on simonw/datasette-turnstile

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file datasette_turnstile-0.1a3-py3-none-any.whl.

File metadata

File hashes

Hashes for datasette_turnstile-0.1a3-py3-none-any.whl
Algorithm Hash digest
SHA256 ce5a5c7835a52e8ff4be1e29c89b605e35957ac6afe65c4f6968d6f6b93f3fec
MD5 851518085810f40c614e7be081e3bb78
BLAKE2b-256 ce711f4abe145eaf5e5cd70f3a74c3344c6f80e3ab6c08d7ef7c8ef8439f9da1

See more details on using hashes here.

Provenance

The following attestation bundles were made for datasette_turnstile-0.1a3-py3-none-any.whl:

Publisher: publish.yml on simonw/datasette-turnstile

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page