rack-honeypot 0.1.1 → 0.1.2

data/README.md

@@ -1,6 +1,6 @@
 # Honeypot, a Rack Middleware for trapping spambots
 
-Written by Luigi Montanez of the Sunlight Labs, with contributions from Luc Castera. Copyright 2009.
+Written by Luigi Montanez of Sunlight Labs, with contributions from Luc Castera and Daniel Schierbeck. Copyright 2009-2011.
 
 This middleware acts as a spam trap. It inserts, into every outputted `<form>`, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software.
 
@@ -32,7 +32,7 @@ You will need to install these RubyGems:
 
 ## Configuration
 
-To use in your Rails app, place `honeypot.rb` in `lib/rack`.
+To use in your Rails app, place `honeypot.rb` in `lib/rack` or add `rack-honeypot` to your Gemfile.
 
 Then in `environment.rb`:
 

data/lib/rack/honeypot.rb

@@ -4,13 +4,17 @@ module Rack
   class Honeypot
     include Unindentable
 
+    HONEYPOT_HEADER = "X-Honeypot"
+
     def initialize(app, options={})
       @app = app
-      @class_name   = options[:class_name] || "phonetoy"
-      @label        = options[:label] || "Don't fill in this field"
-      @input_name   = options[:input_name] || "email"
-      @input_value  = options[:input_value] || ""
-      @logger       = options[:logger]
+
+      @class_name     = options[:class_name] || "phonetoy"
+      @label          = options[:label] || "Don't fill in this field"
+      @input_name     = options[:input_name] || "email"
+      @input_value    = options[:input_value] || ""
+      @logger         = options[:logger]
+      @always_enabled = options.fetch(:always_enabled, true)
     end
 
     def call(env)
@@ -18,10 +22,14 @@ module Rack
         @logger.warn("[Rack::Honeypot] Spam bot detected; responded with null") unless @logger.nil?
         null_response
       else
-        status, headers, response = @app.call(env)
-        new_body = insert_honeypot(response_body(response))
-        new_headers = response_headers(headers, new_body)
-        [status, new_headers, new_body]
+        status, headers, body = @app.call(env)
+
+        if @always_enabled || honeypot_header_present?(headers)
+          body = insert_honeypot(body)
+          headers = response_headers(headers, body)
+        end
+
+        [status, headers, body]
       end
     end
 
@@ -30,13 +38,23 @@ module Rack
     def spambot_submission?(form_hash)
       form_hash && form_hash[@input_name] && form_hash[@input_name] != @input_value
     end
+
+    def honeypot_header_present?(headers)
+      header = headers.delete(HONEYPOT_HEADER)
+      header && header.index("enabled")
+    end
     
     def null_response
       [200, {'Content-Type' => 'text/html', "Content-Length" => "0"}, []]
     end
     
     def response_body(response)
-      response.join("")
+      body = ""
+
+      # The body may not be an array, so we need to call #each here.
+      response.each {|part| body << part }
+
+      body
     end
     
     def response_headers(headers, body)
@@ -44,6 +62,7 @@ module Rack
     end
 
     def insert_honeypot(body)
+      body = response_body(body)
       body.gsub!(/<\/head>/, css + "\n</head>")
       body.gsub!(/<form(.*)>/, '<form\1>' + "\n" + div)
       body

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-honeypot
 version: !ruby/object:Gem::Version 
-  hash: 25
+  hash: 31
   prerelease: 
   segments: 
   - 0
   - 1
-  - 1
-  version: 0.1.1
+  - 2
+  version: 0.1.2
 platform: ruby
 authors: 
 - Luigi Montanez