|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Psr7Middlewares\Middleware; |
|
4
|
|
|
|
|
5
|
|
|
use Psr7Middlewares\Middleware; |
|
6
|
|
|
use Psr7Middlewares\Utils; |
|
7
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
8
|
|
|
use Psr\Http\Message\ResponseInterface; |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* Middleware to span protection using the honeypot technique. |
|
12
|
|
|
*/ |
|
13
|
|
|
class Honeypot |
|
14
|
|
|
{ |
|
15
|
|
|
use Utils\FormTrait; |
|
16
|
|
|
|
|
17
|
|
|
/** |
|
18
|
|
|
* @var string The honeypot input name |
|
19
|
|
|
*/ |
|
20
|
|
|
protected $inputName = 'hpt_name'; |
|
21
|
|
|
|
|
22
|
|
|
/** |
|
23
|
|
|
* @var string The honeypot class name |
|
24
|
|
|
*/ |
|
25
|
|
|
protected $inputClass = 'hpt_input'; |
|
26
|
|
|
|
|
27
|
|
|
/** |
|
28
|
|
|
* Set the field name. |
|
29
|
|
|
* |
|
30
|
|
|
* @param string $inputName |
|
31
|
|
|
* |
|
32
|
|
|
* @return self |
|
33
|
|
|
*/ |
|
34
|
|
|
public function inputName($inputName) |
|
35
|
|
|
{ |
|
36
|
|
|
$this->inputName = $inputName; |
|
37
|
|
|
|
|
38
|
|
|
return $this; |
|
39
|
|
|
} |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* Set the field class. |
|
43
|
|
|
* |
|
44
|
|
|
* @param string $inputClass |
|
45
|
|
|
* |
|
46
|
|
|
* @return self |
|
47
|
|
|
*/ |
|
48
|
|
|
public function inputClass($inputClass) |
|
49
|
|
|
{ |
|
50
|
|
|
$this->inputClass = $inputClass; |
|
51
|
|
|
|
|
52
|
|
|
return $this; |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* Execute the middleware. |
|
57
|
|
|
* |
|
58
|
|
|
* @param ServerRequestInterface $request |
|
59
|
|
|
* @param ResponseInterface $response |
|
60
|
|
|
* @param callable $next |
|
61
|
|
|
* |
|
62
|
|
|
* @return ResponseInterface |
|
63
|
|
|
*/ |
|
64
|
|
View Code Duplication |
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) |
|
|
|
|
|
|
65
|
|
|
{ |
|
66
|
|
|
if (!Middleware::hasAttribute($request, FormatNegotiator::KEY)) { |
|
67
|
|
|
throw new RuntimeException('Honeypot middleware needs FormatNegotiator executed before'); |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
if (FormatNegotiator::getFormat($request) !== 'html') { |
|
71
|
|
|
return $next($request, $response); |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
if ($this->isPost($request) && !$this->isValid($request)) { |
|
75
|
|
|
return $response->withStatus(403); |
|
76
|
|
|
} |
|
77
|
|
|
|
|
78
|
|
|
$response = $next($request, $response); |
|
79
|
|
|
|
|
80
|
|
|
return $this->insertIntoPostForms($response, '<input type="text" name="'.$this->inputName.'" class="'.$this->inputClass.'">'); |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* Check whether the request is valid. |
|
85
|
|
|
* |
|
86
|
|
|
* @param ServerRequestInterface $request |
|
87
|
|
|
* |
|
88
|
|
|
* @return bool |
|
89
|
|
|
*/ |
|
90
|
|
|
protected function isValid(ServerRequestInterface $request) |
|
91
|
|
|
{ |
|
92
|
|
|
$data = $request->getParsedBody(); |
|
93
|
|
|
|
|
94
|
|
|
return isset($data[$this->inputName]) && $data[$this->inputName] === ''; |
|
95
|
|
|
} |
|
96
|
|
|
} |
|
97
|
|
|
|
oscarotero /
psr7-middlewares
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.