pezkuwichain/pezkuwi-mobile-app
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-mobile-app.git synced 2026-06-12 03:01:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

auto-commit for e649d7f6-d4bc-43b6-870b-f1951d30f00b

Browse Source
This commit is contained in:
emergent-agent-e1
2025-11-08 15:17:53 +00:00
parent 9e4fe9fc3c
commit 4503a1ef5b
1 changed files with 73 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TURNSTILE_PRODUCTION_SETUP.md
+73
View File
@@ -0,0 +1,73 @@
# Cloudflare Turnstile Production Setup
## Current Setup (Development)
The app is currently using **Cloudflare Turnstile test keys** for development:
- Site Key: `1x00000000000000000000AA`
- Secret Key: `1x0000000000000000000000000000000AA`
These keys work with the real Cloudflare API but are for testing purposes only.
## Production Setup
When you're ready to deploy to production, follow these steps:
### 1. Create Production Turnstile Widget
1. Go to https://dash.cloudflare.com/
2. Navigate to **Turnstile** in the left menu
3. Click **"Add widget"**
4. Fill in the details:
- **Widget name**: PezkuwiChain Mobile
- **Domains**: Add your production domain(s)
- Example: `pezkuwichain.io`
- Example: `app.pezkuwichain.io`
- **Widget Mode**: **Managed** (recommended)
5. Click **"Create"**
6. Copy the **Site Key** and **Secret Key**
### 2. Update Backend Configuration
Update `/app/backend/.env`:
```env
TURNSTILE_SECRET_KEY=your_production_secret_key_here
```
### 3. Update Frontend Configuration
Update the site key in `/app/frontend/src/screens/HumanVerificationScreen.tsx`:
```typescript
// Change this line:
const TURNSTILE_SITE_KEY = '1x00000000000000000000AA';
// To:
const TURNSTILE_SITE_KEY = 'your_production_site_key_here';
```
### 4. Testing
After updating the keys:
1. Test the human verification flow
2. Verify that the widget loads correctly
3. Confirm that verification succeeds after completing the challenge
## Security Notes
- **NEVER** commit production keys to git
- Store production keys in environment variables
- The secret key should ONLY be used on the backend
- The site key can be public (used in frontend)
## Troubleshooting
If verification fails in production:
- Check that your domain is added to Cloudflare Turnstile widget settings
- Verify keys are correctly copied (no extra spaces)
- Check backend logs for Cloudflare API responses
- Ensure your domain has proper HTTPS certificate
## Cost
Cloudflare Turnstile is **completely free** with no usage limits for legitimate traffic.