Documentation Index
Fetch the complete documentation index at: https://mintlify.com/midudev/mundial-de-clicks/llms.txt
Use this file to discover all available pages before exploring further.
GET /api/captcha/session is called on every page load to determine whether the Cap captcha widget needs to be shown. It reads the cap_session cookie, then validates the session in DragonFly by checking the remaining vote quota and the IP binding stored when the session was created. The result drives two binary decisions in the client: whether to download the Cap WASM bundle at all, and whether to show the challenge UI immediately.
Request
The browser’s
Cookie header. The endpoint reads the cap_session value from it. No Authorization header or request body is required.Response
200 OK — always returned (errors are represented in the body fields, never as non-200 statuses).true when CAP_API_URL is set and DragonFly is reachable (hasCaptcha). When false, the captcha widget is never loaded — no WASM download occurs — and all POST /api/vote requests are accepted without a session cookie.true when all of the following hold: a cap_session cookie was sent, the corresponding cap:sess:{id} key exists in DragonFly with a remaining quota greater than zero, and the cap:sess-ip:{id} key matches the current trusted client IP (CF-Connecting-IP). If DragonFly is temporarily unavailable, returns false as a safe default — the client will re-verify on the next vote attempt rather than failing with a 500.Cache-Control: no-store is set on every response. Session validity changes within seconds (votes consume quota; TTL expires), so proxy or browser caching must be avoided.Behavior matrix
Session validation internals
The endpoint callsisSessionValid(id, ip) from src/lib/captcha.ts, which executes a single MGET against two DragonFly keys:
| DragonFly key | Contains | TTL |
|---|---|---|
cap:sess:{id} | Remaining vote quota (integer string) | max(30, CAP_SESSION_TTL_SECONDS) (default 120 s) |
cap:sess-ip:{id} | Trusted client IP bound at session creation | Same TTL |
storedIp === callerIp && quota > 0. The entire MGET is wrapped in a hard timeout (REDIS_COMMAND_TIMEOUT_MS, default 2 000 ms); a timeout throws and valid is set to false.
Environment variables
| Variable | Default | Effect |
|---|---|---|
CAP_API_URL | (unset) | Enables captcha. Must be set alongside DragonFly for required to be true. |
REDIS_URL / DRAGONFLY_HOST | localhost:6379 | Required for session lookups. If absent, captcha is disabled regardless of CAP_API_URL. |
REDIS_COMMAND_TIMEOUT_MS | 2000 | Hard timeout (ms) for the DragonFly MGET. |