Finally a POW challenge(captcha) package for dart.
Note: Ideas borrowed at xenohunter/lapti-pow-captcha
If there are some methods in the API which take much time to serve, you may want to guard them against DDoS attacks. A way of doing that is described below.
The server keeps some secret data SECRET which is unknown to anyone. The server can also generate additional salt to go into generating a challenge, say for example, session_id of the visit. Then the server returns a token token which is Hash(SECRET + additional salt), and also a number complexity which sets the complexity level.
The client then takes token and tries to find such an int value nonce that the first n bit of Hash(token + nonce.toString()) are 0 bits, where n equals complexity.
When the needed nonce is found the client sends a request to the server and attach nounce.
The server then calculates the Hash(token + nounce) and checks if the result matches the given complexity.