A bot to protect the texts or with a captcha or Google reCaptcha.
- Nearly Easy Setup: You can easily setup this bot and use it under 10 minutes (without reCaptcha; Signing up for reCaptcha and registering domain requires more than 30 minutes)
- reCaptcha Support: Beside a normal captcha you can use Google's Recaptcha for extra security. reCaptcha V2 and V3 are both supported.
- Deep Links: With support of deeplinks, you can instantly send share a link that points to the token. Example:
https://telegram.me/testbot?start=thetoken
; This link will open the bot with the requested token. - Small Code Base: With small code base everyone can study the program.
- Multi-OS Support: You can run this bot an any os supported by goLang. You can even run in on Android.
Go to releases and download one for your operating system. Then head to next part for setting up the bot
At first get all the required packages:
go get github.com/TeamRyoishin/captcha
go get github.com/go-telegram-bot-api/telegram-bot-api
go get github.com/boltdb/bolt
Then build the program with
go build main.go database.go
Bot sends the user a normal captcha image that contains 8 digits. User must enter the digits via telegram to receive the link.
However these old captchas might not be very secure.
Bot send the user a link to complete the recaptcha. The site is hosted in the bot's server. A domain name is required for the bot to work.
Recaptcha V3 is different from all of the other captchas. It does not require the user to do anything; Instead, it rates the user from 0.0 to 1.0. The more this number is, the user is more likely a human.
So how this bot works? At first you should define a minimum pass score for the users that request the captcha. At first the bot gets the user's score. It checks it with the minimum score, if it's less than it, bot refuses to send the user the link or text. So method is very strict. If the user does not achieve the minimum score, there is no way for user to get the link. On client side, then the user sends the token to bot, bot send them a link to the server. After the user opens it, he must just wait for the captcha to give the user a score. Bot automatically sends them the link or text afterwards.
If the user receives a low score this will be shown to him: Unfortunately you are not worthy enough to access this right now.
At really first you should download or build the bot according to the previous step. Then download the config.json
file into the same directory as bot.
At really first, you should create a bot. Contact BotFather to create a new bot. At the last of the process you should be given a Bot Token. It is like 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11
. Enter it in the config.json
file after the Token field. (config file example at the next step)
Admins can add or remove links to database, besides viewing links. So setting a (or more) admin(s) for your bot is mandatory.
To define admins you need to know the admins ID, and this ID is not the ID that starts with @. It is an int value. To get it you have 2 choices:
- Use bots on telegram: You can basically just search the telegram for some ID bots. Here is an example: myidbot
- Use this bot: This bot is also capable of returning your own ID yo yourself. Just set the token of your bot in
config.json
and run the bot. Send the bot/id
and you get your own ID.
After you got your ID, enter it into the Admins
array in config.json
. For example if your admins IDs are 1234 and 9876 your config should be like this:
{
"Token": "123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11",
"Admins": [1234 , 9876],
"DBName": "database.db"
}
After you set the new admins you need to restart the bot.
As described above there are 2 different captcha modes
You do not need to do anything more. Just move to next step
At first, thanks to this project I implemented a custom recaptcha API in my own app.
Before configuring the bot you should do three things:
- Set a domain on your server
- Get the reCaptcha tokens
- Open a port for recaptcha webserver on your server
Domain is required in order to recaptcha work. You can use a free domain at Now-DNS and register the domain (not the sub-domain) at the google admin console.
reCaptcha Works with 2 tokens: Private Key and Site Key. To generate one and register go to here and register. While registering, you will be asked to choose between reCaptcha V2 and V3; If you wish to create V3, just choose the radio button and continue; but If you want to choose the V2, make sure you choose "I'm not a robot" Checkbox
radio button; You will be given a site key and private key. You need them for the config file.
The bot will listen for http connections on a port. That port must be opened in your firewall.
To make the bot work with reCaptcha you should add a Recaptcha object to config.json. Example for V2 reCaptcha:
{
"Token": "123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11",
"Admins": [1234],
"DBName": "database.db",
"Recaptcha": {
"V2" : true,
"PrivateKey" : "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"PublicKey": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
"Domain" : "demo.test.com",
"Port" : 8080
}
}
Here:
V2: true
tells the bot that is should use reCaptcha V2Private Key
is the secret key that reCaptcha admin panel gave youPublic Key
is the site key that reCaptcha admin panel gave youDomain
is the domain that points to your server IPPort
is the port that bot starts the webserver on it; This should not be in use
Example for V3:
{
"Token": "123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11",
"Admins": [1234],
"DBName": "database.db",
"Recaptcha": {
"V2" : false,
"PrivateKey" : "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"PublicKey": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
"Domain" : "demo.test.com",
"MinScore": 0.6,
"Port" : 8080
}
}
Here:
V2: false
tells the bot that is should use reCaptcha V3Private Key
is the secret key that reCaptcha admin panel gave youPublic Key
is the site key that reCaptcha admin panel gave youDomain
is the domain that points to your server IPMinScore
is the minimum score that user requires to get the link. Should be between 0 and 1. A reasonable value is 0.5 or 0.6Port
is the port that bot starts the webserver on it; This should not be in use
After you setup everything, just run the bot.
You can either use a service or just tmux
to keep the bot alive after you close the SSH connection.
As an admin you can use one of these commands to update the database:
/add
: Adds a string or link to database and returns the token to the admin. Users can use the token to access the links or texts./remove
: Remove a string or text from database by it's token./cancel
: Cancel removing or adding a text/list
: Lists all of the keys and values in database
Admins can also send a token to bot to access it's data.