devlop / speedtrap
Simple speedtrap honeypot made for Laravel FormRequest
Requires
- php: ^7.4|^8.0
- illuminate/collections: ^7.0|^8.0
- illuminate/container: ^7.0|^8.0
- illuminate/support: ^7.0|^8.0
- laravel/framework: ^7.0|^8.0
README
Speedtrap
Simple speedtrap honeypot made for Laravel FormRequest that detects spam bots by measuring the time it took to submit the form.
Installation
composer require devlop/speedtrap
If you wish to change any of the speedtrap configuration options (such as the default threshold of 5 seconds or component name) you can publish the config, but this is usually not needed.
php artisan vendor:publish --provider="Devlop\Speedtrap\SpeedtrapServiceProvider"
Usage
First, add the WithSpeedtrap
trait to your FormRequest.
namespace App\Http\Requests; use Devlop\Speedtrap\WithSpeedtrap; use Illuminate\Foundation\Http\FormRequest; class DemoRequest extends FormRequest { use WithSpeedtrap;
Next you need to add the speedtrap to your form.
<form method="POST" action="/"> <x-speedtrap /> ... all your other form contents </form>
Optionally you can add a message to show when the speedtrap was triggered, this only works when using automatic validation.
<form method="POST" action="/"> <x-speedtrap> <p>Slow down there muchacho!</p> </x-speedtrap> ... all your other form contents </form>
Lastly, you need to configure the validation, it can either be automatic or manual.
Automatic validation
Add the speedtrap rules to your rules configuration, this will make it redirect back to the form when triggered, as any other form validation error.
/** * Get the validation rules that apply to the request. * * @return array */ public function rules() : array { return $this->withSpeedtrapRules([ // your normal rules goes here ]); }
Optionally you can also register the rules like this
/** * Get the validation rules that apply to the request. * * @return array */ public function rules() : array { return [ // your normal rules goes here, $this->getSpeedtrapInputName() => $this->speedtrapRules(), ]; }
Manual validation
If you are doing the validation manually you have more control of how you handle spammers, maybe you want to silently ignore it and give the spammer the impression of success? it's all up to you.
namespace App\Http\Controllers; use App\Requests\DemoRequest; use Illuminate\Http\Request; class DemoController { public function store(DemoRequest $request) { // get the speedtrap $speedtrap = $request->speedtrap(); if ($speedtrap->triggered()) { // do something when the speedtrap was triggered } } }