|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Psr7Middlewares\Middleware; |
|
4
|
|
|
|
|
5
|
|
|
use Psr7Middlewares\Utils; |
|
6
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
7
|
|
|
use Psr\Http\Message\ResponseInterface; |
|
8
|
|
|
|
|
9
|
|
|
/** |
|
10
|
|
|
* Middleware to span protection using the honeypot technique. |
|
11
|
|
|
*/ |
|
12
|
|
|
class Honeypot |
|
13
|
|
|
{ |
|
14
|
|
|
use Utils\FormTrait; |
|
15
|
|
|
use Utils\AttributeTrait; |
|
16
|
|
|
|
|
17
|
|
|
const KEY_GENERATOR = 'HONEYPOT_GENERATOR'; |
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* @var string The honeypot input name |
|
21
|
|
|
*/ |
|
22
|
|
|
private $inputName = 'hpt_name'; |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* @var string The honeypot class name |
|
26
|
|
|
*/ |
|
27
|
|
|
private $inputClass = 'hpt_input'; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* Returns a callable to generate the inputs. |
|
31
|
|
|
* |
|
32
|
|
|
* @param ServerRequestInterface $request |
|
33
|
|
|
* |
|
34
|
|
|
* @return callable|null |
|
35
|
|
|
*/ |
|
36
|
|
|
public static function getGenerator(ServerRequestInterface $request) |
|
37
|
|
|
{ |
|
38
|
|
|
return self::getAttribute($request, self::KEY_GENERATOR); |
|
39
|
|
|
} |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* Set the field name. |
|
43
|
|
|
* |
|
44
|
|
|
* @param string $inputName |
|
45
|
|
|
* |
|
46
|
|
|
* @return self |
|
47
|
|
|
*/ |
|
48
|
|
|
public function inputName($inputName) |
|
49
|
|
|
{ |
|
50
|
|
|
$this->inputName = $inputName; |
|
51
|
|
|
|
|
52
|
|
|
return $this; |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* Set the field class. |
|
57
|
|
|
* |
|
58
|
|
|
* @param string $inputClass |
|
59
|
|
|
* |
|
60
|
|
|
* @return self |
|
61
|
|
|
*/ |
|
62
|
|
|
public function inputClass($inputClass) |
|
63
|
|
|
{ |
|
64
|
|
|
$this->inputClass = $inputClass; |
|
65
|
|
|
|
|
66
|
|
|
return $this; |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
/** |
|
70
|
|
|
* Execute the middleware. |
|
71
|
|
|
* |
|
72
|
|
|
* @param ServerRequestInterface $request |
|
73
|
|
|
* @param ResponseInterface $response |
|
74
|
|
|
* @param callable $next |
|
75
|
|
|
* |
|
76
|
|
|
* @return ResponseInterface |
|
77
|
|
|
*/ |
|
78
|
|
|
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) |
|
79
|
|
|
{ |
|
80
|
|
|
if (Utils\Helpers::getMimeType($response) !== 'text/html') { |
|
81
|
|
|
return $next($request, $response); |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
if (Utils\Helpers::isPost($request) && !$this->isValid($request)) { |
|
85
|
|
|
return $response->withStatus(403); |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
$generator = function () { |
|
89
|
|
|
return '<input type="text" name="'.$this->inputName.'" class="'.$this->inputClass.'">'; |
|
90
|
|
|
}; |
|
91
|
|
|
|
|
92
|
|
View Code Duplication |
if (!$this->autoInsert) { |
|
|
|
|
|
|
93
|
|
|
$request = self::setAttribute($request, self::KEY_GENERATOR, $generator); |
|
94
|
|
|
|
|
95
|
|
|
return $next($request, $response); |
|
96
|
|
|
} |
|
97
|
|
|
|
|
98
|
|
|
$response = $next($request, $response); |
|
99
|
|
|
|
|
100
|
|
|
return $this->insertIntoPostForms($response, function ($match) use ($generator) { |
|
101
|
|
|
return $match[0].$generator(); |
|
102
|
|
|
}); |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
/** |
|
106
|
|
|
* Check whether the request is valid. |
|
107
|
|
|
* |
|
108
|
|
|
* @param ServerRequestInterface $request |
|
109
|
|
|
* |
|
110
|
|
|
* @return bool |
|
111
|
|
|
*/ |
|
112
|
|
|
private function isValid(ServerRequestInterface $request) |
|
113
|
|
|
{ |
|
114
|
|
|
$data = $request->getParsedBody(); |
|
115
|
|
|
|
|
116
|
|
|
return isset($data[$this->inputName]) && $data[$this->inputName] === ''; |
|
117
|
|
|
} |
|
118
|
|
|
} |
|
119
|
|
|
|
oscarotero /
psr7-middlewares
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.