Closed
Description
We are currently experiencing user registration spam on wakapi.dev. Apparently, somebody is running a script to repeatedly create fake accounts with allegedly real e-mail addresses (wow, thanks... 👏🙄 ...). This is why user registration is currently disabled. Rate limiting (#628) doesn't help, because they are using a different IP address each time. Let's try add captchas (sorry to all legitimate users...) to prevent this nonsense.
Google reCaptcha would be most reliable and seamless for users, but, on the other hand, I'd like to keep Wakapi fully self-hosted and don't have it send any data to external (US-based) services. Lets try https://github.com/dchest/captcha and see if it's sufficient.