Contact

Supaplate comes with a /contact-us route that allows users to send a message to the application owner.

Most applications will not need this feature, and it is very likely you're going to delete it, but the reason I included it is to showcase how to configure and use hCaptcha and Cloudflare Turnstile to prevent spam.

Configuring hCaptcha

1. Head over to hCaptcha and create an account.
2. Create a new site and add the domain of your application.
3. Copy the sitekey and secretkey and save them in the .env file as VITE_HCAPTCHA_SITEKEY and HCAPTCHA_SECRETKEY.

Configuring Cloudflare Turnstile

Follow this guide to get a Turnstile sitekey and secretkey.

Copy the sitekey and secretkey and save them in the .env file as VITE_TURNSTILE_SITEKEY and TURNSTILE_SECRETKEY.

hCaptcha and Cloudflare Turnstile Flow

The flow is the same for both hCaptcha and Cloudflare Turnstile.

1. The user loads the page.
2. The hCaptcha widget or Cloudflare Turnstile React component is displayed.
3. The user solves the challenge.
4. The widget calls a callback function with the token.
5. We save the token in the form data.
6. The user submits the form.
7. The form data is sent to the server.
8. The server verifies the hCaptcha token or Cloudflare Turnstile token using the secretkey.
9. If the token is valid, the form data is sent to the application owner.

Conclusion

As I said, most applications don't need a contact-us page, but it is a good example of how to use hCaptcha and Cloudflare Turnstile to prevent spam.

Use this example to protect any form in your application, like a login form, a comment form, a newsletter signup form, etc.