This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/a-ve on 2025-06-07 20:36:39+00:00.

Hi everyone!

I’ve been using anubis (https://github.com/TecharoHQ/anubis) for some time and love its clever use of client-side proof-of-work as an AI firewall. Inspired by that idea, I decided to create an adjacent, self-hostable CAPTCHA system that can be deployed with minimal fuss.

The result is Wicketkeeper: https://github.com/a-ve/wicketkeeper

It’s a full-stack CAPTCHA system based on the same proof-of-work logic as anubis - offloading a small, unnoticeable computational task to the user’s browser, making it trivial for humans but costly for simple bots.

On the server side:

• it’s a lightweight Go server that issues challenges and verifies solutions.

• it implements a time-windowed Redis Bloom filter (via an atomic Lua script) to prevent reuse of solved challenges.

• uses short-expiry (10 minutes) Ed25519-signed JWTs for the entire challenge/response flow, so no session state is needed.

And on the client side:

• It includes a simple, dependency-free JavaScript widget.

• I’ve included a complete Express.js example showing exactly how to integrate it into a real web form.

Wicketkeeper is open source under the MIT license. I’d love to hear your feedback. Thanks for taking a look!