Feedback on google recaptcha on files list

Question

I want a solution to stop a scapers gobbling a list of public downloadable files. This the only problem but I have list it multiple steps.

The downloadable files is a list of asp.net generated hrefs.

Since I know that the recaptcha validation from google can only be used once my idea was to solve it like this:

1. The google recaptcha uses the callback javascript to send to an API serverside action
2. The API action verifies the token with google. Then it stores the result in a session variable for that user.
3. When the users press the download action on asp.net page, the server also looks for the session variable.

I think there has to be a solution that's more leaner. If anyone has a better solution or any suggestion I would be happy to hear about it.

Answer 1

I solved it like so:

1. Catched the callback from google recaptcha with a javascript.

2. The javascript made a fetch post to an api method. The method checked the callback response against google and if ok then cached the user ip adress on the server as granted.

3. Javascript continiues with then (after fetch) and enabled the links (if granted)

4. When the user click on the files the server method checks user ip and it exist in the cache the user gets the file.