form_guard 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4c52f84444c765efffe63b1be6771ba9a8bfcbbe077d2809f38935b66a03fa32
+  data.tar.gz: 9081dfd61917416bc8cb83b79919e3c93930bee9e637513458a2f777d0202283
+SHA512:
+  metadata.gz: f6a81703c40d8e923fe7bd52163f8d3ca8e4267543c0386904bfbf21908bdf3789a64c75a5dacb89e8ab620f6744ee370ecad456f26672fa20d512f7cae64aff
+  data.tar.gz: 4438c1d1000c698a989c84911ec4c803dd74e67a4f63621dc43a8fd8fde4eace8ef56e52231c36f64e8690d53631980a0ff99ca4fec827f4be4261f82f45d8bc

data/CHANGELOG.md

@@ -0,0 +1 @@
+## [Unreleased]

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Stoyan Nikolov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,38 @@
+# Form Guard
+
+Form Guard is a lightweight gem to protect your forms from bots and spammy submissions using a simple and effective honeypot + timing strategy.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```bash
+gem 'form_guard'
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+## Usage
+
+1. Add hidden guard field to your forms:
+```bash
+<%= form_guard_fields %>
+```
+
+## How it works
+
+- Bots tend to fill all fields — including hidden ones. If the honeypot is filled, the submission is rejected.
+
+- Bots submit instantly. If the form is submitted too quickly (under 2 seconds), it’s probably a bot.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/amigobg/form_guard.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "rake"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.pattern = "test/**/*_test.rb"
+  t.verbose = true
+end
+
+task default: :test

data/lib/form_guard/controller.rb

@@ -0,0 +1,28 @@
+require "active_support/concern"
+
+module FormGuard
+  module Controller
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :verify_honeypot!
+    end
+
+    private
+      def verify_honeypot!
+        return unless request.post? || request.patch? || request.put?
+
+        config = FormGuard.configuration
+        min_delay = config.min_delay
+
+        raw_params = params.to_unsafe_h
+
+        honeypot_value = raw_params.find { |key, _| key.start_with?(config.honeypot_field_prefix) }&.last
+        honeypot_time = raw_params.find { |key, _| key.start_with?(config.honeypot_time_prefix) }&.last.to_i
+
+        if honeypot_value.present? || honeypot_time <= 0 || (Time.now.to_i - honeypot_time) < min_delay
+          redirect_to root_path, alert: "Suspicious activity detected"
+        end
+      end
+  end
+end

data/lib/form_guard/railtie.rb

@@ -0,0 +1,17 @@
+require "rails/railtie"
+
+module FormGuard
+  class Railtie < Rails::Railtie
+    initializer "form_guard.action_view_integration" do
+      ActiveSupport.on_load(:action_view, run_once: true) do
+        include FormGuard::ViewHelper if defined?(ActionView)
+      end
+    end
+
+    initializer "form_guard.action_controller_integration" do
+      ActiveSupport.on_load(:action_controller, run_once: true) do
+        include FormGuard::Controller if defined?(ActionController)
+      end
+    end
+  end
+end

data/lib/form_guard/version.rb

@@ -0,0 +1,3 @@
+module FormGuard
+  VERSION = "0.1.0"
+end

data/lib/form_guard/view_helper.rb

@@ -0,0 +1,16 @@
+require "securerandom"
+
+module FormGuard
+  module ViewHelper
+    def form_guard_fields
+      config = FormGuard.configuration
+
+      tag.div style: "display:none;", "aria-hidden": "true" do
+        safe_join([
+          hidden_field_tag("#{config.honeypot_field_prefix}#{SecureRandom.hex(4)}", nil, autocomplete: "off"),
+          hidden_field_tag( "#{config.honeypot_time_prefix}#{SecureRandom.hex(4)}", Time.now.to_i, autocomplete: "off")
+        ])
+      end
+    end
+  end
+end

data/lib/form_guard.rb

@@ -0,0 +1,29 @@
+require_relative "form_guard/version"
+require_relative "form_guard/view_helper"
+require_relative "form_guard/controller"
+require_relative "form_guard/railtie"
+
+module FormGuard
+  class Error < StandardError; end
+
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+
+  class Configuration
+    attr_accessor :min_delay, :honeypot_field_prefix, :honeypot_time_prefix
+
+    def initialize
+      @min_delay = 2
+      @honeypot_field_prefix = "field_"
+      @honeypot_time_prefix = "ts_"
+    end
+  end
+
+  FormGuard.configuration ||= FormGuard::Configuration.new
+end

data/test/test_form_guard.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class TestFormGuard < Minitest::Test
+  def test_that_it_has_a_version_number
+    refute_nil ::FormGuard::VERSION
+  end
+
+  def test_it_has_default_configuration
+    config = FormGuard.configuration
+    assert_equal 2, config.min_delay
+    assert_equal "field_", config.honeypot_field_prefix
+    assert_equal "ts_", config.honeypot_time_prefix
+  end
+
+  def test_configure_changes_settings
+    FormGuard.configure do |config|
+      config.min_delay = 5
+      config.honeypot_field_prefix = "hp_"
+      config.honeypot_time_prefix = "time_"
+    end
+
+    config = FormGuard.configuration
+    assert_equal 5, config.min_delay
+    assert_equal "hp_", config.honeypot_field_prefix
+    assert_equal "time_", config.honeypot_time_prefix
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "minitest/autorun"
+require "mocha/minitest"
+require "rails"
+require "action_controller"
+require "action_view"
+require "form_guard"
+
+class TestController < ActionController::Base
+  include FormGuard::Controller
+end
+
+class TestViewContext
+  include ActionView::Helpers::FormTagHelper
+  include ActionView::Helpers::TagHelper
+  include ActionView::Context
+  include FormGuard::ViewHelper
+
+  def root_path
+    "/"
+  end
+end

metadata

@@ -0,0 +1,141 @@
+--- !ruby/object:Gem::Specification
+name: form_guard
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Stoyan Nikolov
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-06-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.16'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: actionview
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+description: FormGuard provides a simple way to prevent bot form submissions in Rails
+  applications using honeypot fields and timestamp-based validation.
+email:
+- s.nikolov@roomspilot.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/form_guard.rb
+- lib/form_guard/controller.rb
+- lib/form_guard/railtie.rb
+- lib/form_guard/version.rb
+- lib/form_guard/view_helper.rb
+- test/test_form_guard.rb
+- test/test_helper.rb
+homepage: https://github.com/amigobg/form_guard
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/amigobg/form_guard
+  changelog_uri: https://github.com/amigobg/form_guard/blob/master/CHANGELOG.md
+  bug_tracker_uri: https://github.com/amigobg/form_guard/issues
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: A Rails gem to protect forms from bot submissions using honeypot and timestamp
+  checks.
+test_files: []