mirror of
https://github.com/pezkuwichain/pezkuwi-mobile-app.git
synced 2026-04-22 22:27:56 +00:00
2.0 KiB
2.0 KiB
Cloudflare Turnstile Production Setup
Current Setup (Development)
The app is currently using Cloudflare Turnstile test keys for development:
- Site Key:
1x00000000000000000000AA - Secret Key:
1x0000000000000000000000000000000AA
These keys work with the real Cloudflare API but are for testing purposes only.
Production Setup
When you're ready to deploy to production, follow these steps:
1. Create Production Turnstile Widget
- Go to https://dash.cloudflare.com/
- Navigate to Turnstile in the left menu
- Click "Add widget"
- Fill in the details:
- Widget name: PezkuwiChain Mobile
- Domains: Add your production domain(s)
- Example:
pezkuwichain.io - Example:
app.pezkuwichain.io
- Example:
- Widget Mode: Managed (recommended)
- Click "Create"
- Copy the Site Key and Secret Key
2. Update Backend Configuration
Update /app/backend/.env:
TURNSTILE_SECRET_KEY=your_production_secret_key_here
3. Update Frontend Configuration
Update the site key in /app/frontend/src/screens/HumanVerificationScreen.tsx:
// Change this line:
const TURNSTILE_SITE_KEY = '1x00000000000000000000AA';
// To:
const TURNSTILE_SITE_KEY = 'your_production_site_key_here';
4. Testing
After updating the keys:
- Test the human verification flow
- Verify that the widget loads correctly
- Confirm that verification succeeds after completing the challenge
Security Notes
- NEVER commit production keys to git
- Store production keys in environment variables
- The secret key should ONLY be used on the backend
- The site key can be public (used in frontend)
Troubleshooting
If verification fails in production:
- Check that your domain is added to Cloudflare Turnstile widget settings
- Verify keys are correctly copied (no extra spaces)
- Check backend logs for Cloudflare API responses
- Ensure your domain has proper HTTPS certificate
Cost
Cloudflare Turnstile is completely free with no usage limits for legitimate traffic.