rack-honeypot 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +2 -2
- data/lib/rack/honeypot.rb +29 -10
- metadata +3 -3
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Honeypot, a Rack Middleware for trapping spambots
|
|
2
2
|
|
|
3
|
-
Written by Luigi Montanez of
|
|
3
|
+
Written by Luigi Montanez of Sunlight Labs, with contributions from Luc Castera and Daniel Schierbeck. Copyright 2009-2011.
|
|
4
4
|
|
|
5
5
|
This middleware acts as a spam trap. It inserts, into every outputted `<form>`, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software.
|
|
6
6
|
|
|
@@ -32,7 +32,7 @@ You will need to install these RubyGems:
|
|
|
32
32
|
|
|
33
33
|
## Configuration
|
|
34
34
|
|
|
35
|
-
To use in your Rails app, place `honeypot.rb` in `lib/rack
|
|
35
|
+
To use in your Rails app, place `honeypot.rb` in `lib/rack` or add `rack-honeypot` to your Gemfile.
|
|
36
36
|
|
|
37
37
|
Then in `environment.rb`:
|
|
38
38
|
|
data/lib/rack/honeypot.rb
CHANGED
|
@@ -4,13 +4,17 @@ module Rack
|
|
|
4
4
|
class Honeypot
|
|
5
5
|
include Unindentable
|
|
6
6
|
|
|
7
|
+
HONEYPOT_HEADER = "X-Honeypot"
|
|
8
|
+
|
|
7
9
|
def initialize(app, options={})
|
|
8
10
|
@app = app
|
|
9
|
-
|
|
10
|
-
@
|
|
11
|
-
@
|
|
12
|
-
@
|
|
13
|
-
@
|
|
11
|
+
|
|
12
|
+
@class_name = options[:class_name] || "phonetoy"
|
|
13
|
+
@label = options[:label] || "Don't fill in this field"
|
|
14
|
+
@input_name = options[:input_name] || "email"
|
|
15
|
+
@input_value = options[:input_value] || ""
|
|
16
|
+
@logger = options[:logger]
|
|
17
|
+
@always_enabled = options.fetch(:always_enabled, true)
|
|
14
18
|
end
|
|
15
19
|
|
|
16
20
|
def call(env)
|
|
@@ -18,10 +22,14 @@ module Rack
|
|
|
18
22
|
@logger.warn("[Rack::Honeypot] Spam bot detected; responded with null") unless @logger.nil?
|
|
19
23
|
null_response
|
|
20
24
|
else
|
|
21
|
-
status, headers,
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
+
status, headers, body = @app.call(env)
|
|
26
|
+
|
|
27
|
+
if @always_enabled || honeypot_header_present?(headers)
|
|
28
|
+
body = insert_honeypot(body)
|
|
29
|
+
headers = response_headers(headers, body)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
[status, headers, body]
|
|
25
33
|
end
|
|
26
34
|
end
|
|
27
35
|
|
|
@@ -30,13 +38,23 @@ module Rack
|
|
|
30
38
|
def spambot_submission?(form_hash)
|
|
31
39
|
form_hash && form_hash[@input_name] && form_hash[@input_name] != @input_value
|
|
32
40
|
end
|
|
41
|
+
|
|
42
|
+
def honeypot_header_present?(headers)
|
|
43
|
+
header = headers.delete(HONEYPOT_HEADER)
|
|
44
|
+
header && header.index("enabled")
|
|
45
|
+
end
|
|
33
46
|
|
|
34
47
|
def null_response
|
|
35
48
|
[200, {'Content-Type' => 'text/html', "Content-Length" => "0"}, []]
|
|
36
49
|
end
|
|
37
50
|
|
|
38
51
|
def response_body(response)
|
|
39
|
-
|
|
52
|
+
body = ""
|
|
53
|
+
|
|
54
|
+
# The body may not be an array, so we need to call #each here.
|
|
55
|
+
response.each {|part| body << part }
|
|
56
|
+
|
|
57
|
+
body
|
|
40
58
|
end
|
|
41
59
|
|
|
42
60
|
def response_headers(headers, body)
|
|
@@ -44,6 +62,7 @@ module Rack
|
|
|
44
62
|
end
|
|
45
63
|
|
|
46
64
|
def insert_honeypot(body)
|
|
65
|
+
body = response_body(body)
|
|
47
66
|
body.gsub!(/<\/head>/, css + "\n</head>")
|
|
48
67
|
body.gsub!(/<form(.*)>/, '<form\1>' + "\n" + div)
|
|
49
68
|
body
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-honeypot
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 31
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 2
|
|
10
|
+
version: 0.1.2
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Luigi Montanez
|