TIL: I made a rubygem implementing Cloudflare Turnstile for Rubo on Rails

For the last couple of weeks I have been fighting against fake signups on some of my personal Ruby on Rails projects.

In one case it resulted in AWS SES Sending out 3000 signup emails. So a solution was needed.

Luckily Cloudflare have a nice captcha service called Turnstile. Which you might already know by their orange box.

Since I had to implement it across different projects I decided to make a RubyGem called turnstiled(github.com/displayful/turnstiled).

It also implements a mock javascript widget for use in Testing or Development.

Usage is super easy.

Add it to your Gemfile and run bundle install

gem 'turnstiled' 

Create config/initializers/turnstiled.rb and configure it with your site key and secret

Rails.application.config.to_prepare do
  Turnstiled.site_key = ''
  TUrnstiled.site_secret = ''
end 

Include the javascript in your layout with

<%= turnstile_javascript_tag %>

Render the widget within your forms

<%= form_with model: @some_model do %>
  <%= turnstile_tag %>
<% end %>

Then make sure your controller is verifying the request with

class SomeController < ApplicationController
  verify_turnstile_request only: %i[create]
end