feat: add cloudflare turnstile captcha on login

[Kambaa]

Tick the checkbox if you understand [x]:

• I have read and understand the pull request rules.

Description

If a free to use, non-limiting captcha solution is added to the public facing login form, it would provide more security to the application.

I love this project, and i use it on my homelab and private cloud daily. One issue that scratches the back of my mind was there's no captcha in the login form. Forms without these are prone to so many attacks. With this simple widgets, most of the vunerabilities are handled, without the efforts of the dev. So i wanted to try contributing.

I like Cloudflare's Turnstile Captcha solution, it's free to use (without limitation), interchangable with Google's Captcha(as written in its docs). So i spent some time learning Dockge code base, and added this functionality without changing any default behaviour. With this pr, if a user supply Turnstile's site key and secret key(on env), it will be automatically enabled on login form and its backend validation.

Type of change

• User interface (UI)
• New feature (non-breaking change which adds functionality)
• Other
• This change requires a documentation update

Change details

• In backend/socket-handlers/main-socket-handler.ts

  • Added a new socket event that returns Turnstile site key from env TURNSTILE_SITE_KEY
  • Added captcha server side validation method
  • updated login handler to do a backend validation if site key and secret key is defined in env

• In frontend/src/mixins/socket.ts

  • added method that uses the turnstile site key fetching
  • updated the login method to send captcha token with the user information

• In frontend/src/components/Login.vue

  • added Turnstile captcha widget that renders conditionally(with site key existing check)
  • added site key fetching operation on mounted(if site key returns from backend import the necessary js files and render the widget)
  • updated the login operation to check and send the captcha token if exists.

• (No-Changes Sent - For Testing) added TURNSTILE_SITE_KEY and TURNSTILE_SECRET_KEY to npm run dev, added new script that does local docker build that can be run with this npm run build:docker-local , and test the functionality directly and through docker image

  # on package.json:
   ...
   "scripts": {
    ...
          "dev": "TURNSTILE_SITE_KEY=0x4AAAAAAXXXXXXXX TURNSTILE_SECRET_KEY=0x4AAAAAAXXXX concurrently -k -r \"wait-on tcp:5000 && npm run dev:backend \" \"npm run dev:frontend\"",
          "build:docker-local": "npm run build:frontend && docker buildx build -t dockge:nightly --target nightly -f ./docker/Dockerfile .",
    ...
  

• (No-Changes Sent - For Testing) added these in the docker compose file, ran docker compose up and checked it.

  # on compose.yml
  ...
      environment:
      ...  
      - TURNSTILE_SITE_KEY=0x4AAAAAAXXXXXXXX 
      - TURNSTILE_SECRET_KEY=0x4AAAAAAXXXX
  

• Checked the functionality when an invalid credentials are entered, captcha widget resets and does not send old token.

Checklist

• My code follows the style guidelines of this project
• I ran ESLint and other linters for modified files
• I have performed a self-review of my own code and tested it
• I have commented my code, particularly in hard-to-understand areas
  (including JSDoc for methods)
• My changes generate no new warnings
• My code needed automated testing. I have added them (this is optional task)

Screenshots (if any)

[ghost]

I'm not sure this change makes sense for Dockge.

In general, you don't expose container or Docker management UIs directly to the internet - they're typically accessed through a secure private network or behind a reverse proxy (e.g. SSO, or more robust web application firewalls). Adding CAPTCHA to a login screen in this context may give a false sense of security and introduces unnecessary code bloat for a problem that shouldn't exist in a properly deployed setup.