Spaces:

doniramdani820
/

recaptcha-solver-4x4

Paused

App Files Files Community

doniramdani820 commited on Nov 8, 2025

Commit

fa25762

verified ·

1 Parent(s): 83e4189

Upload 6 files

Browse files

Files changed (2) hide show

README.md +1 -0
app.py +153 -15

README.md CHANGED Viewed

	@@ -151,3 +151,4 @@ MIT License - See LICENSE file for details
151
152	Note: This API is for educational and research purposes only. Use responsibly and respect website terms of service.
153


151
152	Note: This API is for educational and research purposes only. Use responsibly and respect website terms of service.
153
154	+

app.py CHANGED Viewed

@@ -14,11 +14,17 @@ import io
 from PIL import Image
 import time
 import os
-from functools import lru_cache
 app = Flask(__name__)
 CORS(app)  # Enable CORS for browser extension
 # Global variables
 model = None
 class_names = None
@@ -27,6 +33,7 @@ request_count = 0
 successful_count = 0
 failed_count = 0
 total_latency = 0.0
 # Configuration
 MODEL_FOLDER = "."  # Models in root folder (no subfolder)
@@ -34,6 +41,50 @@ CONFIDENCE_THRESHOLD = 0.25
 IOU_THRESHOLD = 0.45
 MASK_THRESHOLD_PERCENTAGE = 1.0  # 1% minimum overlap
 print("="*60)
 print("🚀 reCAPTCHA 4x4 Segmentation API")
 print("="*60)
@@ -130,30 +181,112 @@ def run_segmentation(img):
 def normalize_text(text):
-    """Normalize challenge text"""
     text = text.lower().strip()
-    # Singular/plural mapping
     mappings = {
         'bicycle': 'bicycles',
         'bus': 'buses',
         'car': 'cars',
-        'fire hydrant': 'fire hydrants',
         'motorcycle': 'motorcycles',
         'traffic light': 'traffic lights',
-        'crosswalk': 'crosswalks',
-        'vehicle': 'vehicles',
-        'bridge': 'bridges',
         'boat': 'boats',
-        'taxi': 'taxis',
-        'stair': 'stairs',
-        'chimney': 'chimneys'
     }
-    for singular, plural in mappings.items():
-        if singular in text:
-            return plural
     return text
@@ -176,6 +309,8 @@ def get_tiles_to_click(boxes, scores, class_ids, masks, challenge_title, img_wid
     for i, (box, score, class_id, mask) in enumerate(zip(boxes, scores, class_ids, masks)):
         # Get class name
         det_class = class_names[class_id].lower()
         # Check if detection matches challenge
         if normalized_title not in det_class and det_class not in normalized_title:
@@ -211,21 +346,24 @@ def get_tiles_to_click(boxes, scores, class_ids, masks, challenge_title, img_wid
 @app.route('/health', methods=['GET'])
 def health():
-    """Health check endpoint"""
     return jsonify({
         'status': 'healthy',
         'model_loaded': model is not None,
         'model_load_time_s': model_load_time,
         'requests_total': request_count,
         'requests_successful': successful_count,
         'requests_failed': failed_count,
         'avg_latency_s': total_latency / max(request_count, 1)
     })
 @app.route('/predict', methods=['POST'])
 def predict():
-    """Main prediction endpoint"""
     global request_count, successful_count, failed_count, total_latency
     start_time = time.time()

 from PIL import Image
 import time
 import os
+from functools import lru_cache, wraps
 app = Flask(__name__)
 CORS(app)  # Enable CORS for browser extension
+# API Security - Load secret key from environment
+API_SECRET_KEY = os.environ.get('API_SECRET_KEY', None)
+print(f"\n🔐 API Security: {'ENABLED' if API_SECRET_KEY else 'DISABLED (PUBLIC ACCESS)'}")
+if API_SECRET_KEY:
+    print(f"   Secret Key: {API_SECRET_KEY[:8]}{'*' * (len(API_SECRET_KEY) - 8)}")
 # Global variables
 model = None
 class_names = None
 successful_count = 0
 failed_count = 0
 total_latency = 0.0
+unauthorized_count = 0
 # Configuration
 MODEL_FOLDER = "."  # Models in root folder (no subfolder)
 IOU_THRESHOLD = 0.45
 MASK_THRESHOLD_PERCENTAGE = 1.0  # 1% minimum overlap
+def require_api_key(f):
+    """
+    Decorator to require API key authentication
+    If API_SECRET_KEY is set in environment:
+    - Check X-API-Key header matches secret
+    - Return 401 if missing or invalid
+    If API_SECRET_KEY is NOT set:
+    - Allow all requests (public access)
+    """
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        global unauthorized_count
+        # If no secret key configured, allow all requests
+        if API_SECRET_KEY is None:
+            return f(*args, **kwargs)
+        # Check for API key in header
+        provided_key = request.headers.get('X-API-Key')
+        if not provided_key:
+            unauthorized_count += 1
+            return jsonify({
+                'success': False,
+                'error': 'Missing API key',
+                'message': 'Please provide X-API-Key header'
+            }), 401
+        if provided_key != API_SECRET_KEY:
+            unauthorized_count += 1
+            return jsonify({
+                'success': False,
+                'error': 'Invalid API key',
+                'message': 'The provided API key is incorrect'
+            }), 401
+        # Valid key, proceed with request
+        return f(*args, **kwargs)
+    return decorated_function
 print("="*60)
 print("🚀 reCAPTCHA 4x4 Segmentation API")
 print("="*60)
 def normalize_text(text):
+    """
+    Normalize challenge text with comprehensive synonym mapping
+    Maps: reCAPTCHA challenge text → Model class names
+    Handles: singular/plural, synonyms, articles
+    """
     text = text.lower().strip()
+    # Remove articles "a " and "the " for better matching
+    text = text.replace('a ', '').replace('the ', '')
+    # Comprehensive mapping: challenge_text → model_class (4x4)
+    # Model classes: 'a fire hydrant', 'bicycles', 'buses', 'cars', 'chimneys',
+    #                'crosswalks', 'motorcycles', 'parking meters', 'stairs',
+    #                'taxis', 'tractors', 'traffic lights'
     mappings = {
+        # Fire hydrant (model: "fire hydrant" - already removed "a ")
+        'fire hydrant': 'fire hydrant',
+        'fire hydrants': 'fire hydrant',
+        'hydrant': 'fire hydrant',
+        'hydrants': 'fire hydrant',
+        # Bicycle → bicycles (model: "bicycles")
         'bicycle': 'bicycles',
+        'bike': 'bicycles',
+        'bikes': 'bicycles',
+        # Bus → buses (model: "buses")
         'bus': 'buses',
+        # Car → cars (model: "cars")
         'car': 'cars',
+        'vehicle': 'cars',
+        'vehicles': 'cars',
+        'automobile': 'cars',
+        'automobiles': 'cars',
+        'taxi': 'taxis',  # Model has taxis
+        'cab': 'taxis',
+        'cabs': 'taxis',
+        # Chimney → chimneys (model: "chimneys")
+        'chimney': 'chimneys',
+        # Crosswalk → crosswalks (model: "crosswalks")
+        'crosswalk': 'crosswalks',
+        'pedestrian crossing': 'crosswalks',
+        'zebra crossing': 'crosswalks',
+        # Motorcycle → motorcycles (model: "motorcycles")
         'motorcycle': 'motorcycles',
+        'motorbike': 'motorcycles',
+        'motorbikes': 'motorcycles',
+        # Parking meters (model: "parking meters")
+        'parking meter': 'parking meters',
+        'parking metre': 'parking meters',
+        'parking metres': 'parking meters',
+        # IMPORTANT: Ladder → Stairs (model: "stairs")
+        'ladder': 'stairs',
+        'ladders': 'stairs',
+        'stair': 'stairs',
+        'staircase': 'stairs',
+        'staircases': 'stairs',
+        'step': 'stairs',
+        'steps': 'stairs',
+        # IMPORTANT: Tractor → Tractors (model: "tractors" plural!)
+        'tractor': 'tractors',
+        'farm tractor': 'tractors',
+        'farm tractors': 'tractors',
+        # Traffic light → traffic lights (model: "traffic lights")
         'traffic light': 'traffic lights',
+        'traffic signal': 'traffic lights',
+        'traffic signals': 'traffic lights',
+        # Boat variations (not in 4x4, but keep for fallback)
         'boat': 'boats',
+        'boats': 'boats',
+        'ship': 'boats',
+        'ships': 'boats',
+        # Bridge variations (not in 4x4, but keep for fallback)
+        'bridge': 'bridges',
+        'bridges': 'bridges',
+        # Tree/Palm variations (not in 4x4 model!)
+        'tree': 'trees',
+        'trees': 'trees',
+        'palm': 'trees',
+        'palms': 'trees',
+        'palm tree': 'trees',
+        'palm trees': 'trees'
     }
+    # Check for exact matches first
+    if text in mappings:
+        return mappings[text]
+    # Check for partial matches (e.g., "palm trees" contains "palm")
+    for challenge_variant, model_class in mappings.items():
+        if challenge_variant in text or text in challenge_variant:
+            return model_class
+    # No mapping found, return as-is
     return text
     for i, (box, score, class_id, mask) in enumerate(zip(boxes, scores, class_ids, masks)):
         # Get class name
         det_class = class_names[class_id].lower()
+        # Also remove articles from detection class for consistent matching
+        det_class = det_class.replace('a ', '').replace('the ', '')
         # Check if detection matches challenge
         if normalized_title not in det_class and det_class not in normalized_title:
 @app.route('/health', methods=['GET'])
 def health():
+    """Health check endpoint (public - no API key required)"""
     return jsonify({
         'status': 'healthy',
         'model_loaded': model is not None,
+        'security_enabled': API_SECRET_KEY is not None,
         'model_load_time_s': model_load_time,
         'requests_total': request_count,
         'requests_successful': successful_count,
         'requests_failed': failed_count,
+        'requests_unauthorized': unauthorized_count,
         'avg_latency_s': total_latency / max(request_count, 1)
     })
 @app.route('/predict', methods=['POST'])
+@require_api_key  # 🔐 Require API key for prediction
 def predict():
+    """Main prediction endpoint (protected by API key)"""
     global request_count, successful_count, failed_count, total_latency
     start_time = time.time()