pezkuwichain/pezkuwi-mobile-app
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-mobile-app.git synced 2026-04-23 07:47:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c502e4c74c8d3f7fff6fd1085c4a9fa231ebeb2b
pezkuwi-mobile-app/TURNSTILE_PRODUCTION_SETUP.md
T
emergent-agent-e1 4503a1ef5b auto-commit for e649d7f6-d4bc-43b6-870b-f1951d30f00b
2025-11-08 15:17:53 +00:00

74 lines
2.0 KiB
Markdown
Raw Blame History

# Cloudflare Turnstile Production Setup
## Current Setup (Development)
The app is currently using **Cloudflare Turnstile test keys** for development:
- Site Key: `1x00000000000000000000AA`
- Secret Key: `1x0000000000000000000000000000000AA`
These keys work with the real Cloudflare API but are for testing purposes only.
## Production Setup
When you're ready to deploy to production, follow these steps:
### 1. Create Production Turnstile Widget
1. Go to https://dash.cloudflare.com/
2. Navigate to **Turnstile** in the left menu
3. Click **"Add widget"**
4. Fill in the details:
- **Widget name**: PezkuwiChain Mobile
- **Domains**: Add your production domain(s)
- Example: `pezkuwichain.io`
- Example: `app.pezkuwichain.io`
- **Widget Mode**: **Managed** (recommended)
5. Click **"Create"**
6. Copy the **Site Key** and **Secret Key**
### 2. Update Backend Configuration
Update `/app/backend/.env`:
```env
TURNSTILE_SECRET_KEY=your_production_secret_key_here
```
### 3. Update Frontend Configuration
Update the site key in `/app/frontend/src/screens/HumanVerificationScreen.tsx`:
```typescript
// Change this line:
const TURNSTILE_SITE_KEY = '1x00000000000000000000AA';
// To:
const TURNSTILE_SITE_KEY = 'your_production_site_key_here';
```
### 4. Testing
After updating the keys:
1. Test the human verification flow
2. Verify that the widget loads correctly
3. Confirm that verification succeeds after completing the challenge
## Security Notes
- **NEVER** commit production keys to git
- Store production keys in environment variables
- The secret key should ONLY be used on the backend
- The site key can be public (used in frontend)
## Troubleshooting
If verification fails in production:
- Check that your domain is added to Cloudflare Turnstile widget settings
- Verify keys are correctly copied (no extra spaces)
- Check backend logs for Cloudflare API responses
- Ensure your domain has proper HTTPS certificate
## Cost
Cloudflare Turnstile is **completely free** with no usage limits for legitimate traffic.
Reference in New Issue View Git Blame Copy Permalink