Enable Cloudflare Turnstile

Add bot protection to the chat WebSocket connection using Cloudflare Turnstile.

Go to the Cloudflare dashboard → Turnstile
Add a new site with your domain (e.g., cht.bio)
Copy the Site Key and Secret Key

2. Configure the backend

Add to your .env:

CHATINBIO_TURNSTILE_SECRET_KEY=0x4AAAAAAA...
CHATINBIO_TURNSTILE_SITE_KEY=0x4AAAAAAA...

When CHATINBIO_TURNSTILE_SECRET_KEY is set, the WebSocket handler will verify the token on connection. Without it, Turnstile is disabled.

3. Frontend integration

The <turnstile-guard> component in the frontend automatically renders the Turnstile widget when a site key is provided via the /api/bio response. The token is passed as a query parameter when connecting to the WebSocket:

ws://localhost:8000/ws/chat?visitor_id=xxx&turnstile_token=yyy

How it works

Before the first chat message, the frontend renders the Turnstile challenge
On success, the token is included in the WebSocket connection URL
The backend calls Cloudflare's siteverify API to validate the token
If invalid, the connection is rejected with an error message

1. Create a Turnstile widget​

2. Configure the backend​

3. Frontend integration​

How it works​

1. Create a Turnstile widget

2. Configure the backend

3. Frontend integration

How it works