This repository provides an example Go web application that requires human authentication via a PIN split into three distinct parts:
- A 4-digit numeric code (numbers only)
- A four-letter word (from a loaded wordlist)
- Another 4-digit numeric code (numbers only)
Additionally, it uses FingerprintJS to measure browser entropy and dynamically enables the "Submit" button only after a sufficient entropy level is reached. This helps ensure that requests are coming from a legitimate browser environment rather than automated scripts.
- PIN Segmentation: The PIN is visually represented as three separate "casino-style" animated images, each independently rotating through random values before settling on the final number/word.
- Hashed PIN Storage: The final PIN is hashed and stored in a Redis database, treating it as a one-time password (OTP).
- Browser Entropy Check: Integrates
fp.min.js(FingerprintJS) to enable the submit button only when the browser entropy level is high enough. - Dynamic Visuals: Uses Go's
imageandgifpackages to create dynamic, rotating GIFs that reveal the PIN segment by segment.
- Go: Version 1.18+ recommended.
- Redis: A running Redis instance on
localhost:6379with no password (or update the code accordingly if using a password). - Fonts & Static Assets:
static/fonts/dyslexie.ttf(or a fallback font)static/js/fp.min.jsfor FingerprintJSstatic/img/human-ok.pngandstatic/img/no-toasters.webpfor the visuals on the auth page.
- Wordlist: A local wordlist file (e.g.,
/usr/share/dict/words) containing a wide range of words, ensuring that four-letter words are available for the second segment of the PIN.