hettiger/spa-honeypot
最新稳定版本:v0.3.0
Composer 安装命令:
composer require hettiger/spa-honeypot
包简介
Honeypot package for Single Page Applications
README 文档
README
Helps to protect SPA's (Single Page Applications) against SPAM without using cookies or user input.
Installation
composer require hettiger/spa-honeypot php artisan spa-honeypot:install
Usage
- Add the
form.honeypot,form.tokenorformmiddleware to a forms target route
Route::post('form', fn () => 'OK')->middleware('form');
The
formmiddleware group simply combinesform.honeypotandform.tokenso you don't have to. Using justform.tokenprotection without theform.honeypotmiddleware or vise versa is supported.
- Use one of the corresponding frontend libraries to make form token requests
Lighthouse GraphQL API
- Add the
form.token.handlemiddleware to thelighthouse.route.middlewareconfig
// config/lighthouse.php — must be published 'middleware' => [ // … 'form.token.handle', ],
- Register the honeypot scalar in your
graphql/schema.graphqlfile
scalar Honeypot @scalar(class: "Hettiger\\Honeypot\\GraphQL\\Scalars\\HoneypotScalar") # …
- Add a honeypot field to any input that you want to protect against SPAM
input SendContactRequestInput { # … honey: Honeypot }
The
fieldconfig is not being used in GraphQL context.
- Add the
@requireFormTokendirective to any field that you want to protect against SPAM
# e.g. graphql/contact.graphql extend type Mutation { sendContactRequest(input: SendContactRequestInput): SendContactRequestPayload @requireFormToken }
- Use one of the corresponding frontend libraries to make form token requests
Customizing Responses
You may provide custom error response factories using the config:
return [ // … 'honeypot_error_response_factory' => \Hettiger\Honeypot\ErrorResponseFactory::class, 'form_token_error_response_factory' => \Hettiger\Honeypot\ErrorResponseFactory::class, ];
Alternatively you can provide a simple Closure anywhere in your application:
use Hettiger\Honeypot\Facades\Honeypot; use Illuminate\Support\ServiceProvider; class AppServiceProvider extends ServiceProvider { // … public function boot() { $errorResponseFactory = fn (bool $isGraphQLRequest) => $isGraphQLRequest ? ['errors' => [['message' => 'Whoops, something went wrong …']]] : 'Whoops, something went wrong …'; Honeypot::respondToHoneypotErrorsUsing($errorResponseFactory); Honeypot::respondToFormTokenErrorsUsing($errorResponseFactory); } }
You don't have to worry about adding the form token header yourself. It'll be added for you automatically.
Testing
composer test
Frontend Libraries
Changelog
Please see CHANGELOG for more information on what has changed recently.
Credits
License
The MIT License (MIT). Please see License File for more information.
统计信息
- 总下载量: 215
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 1
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2022-12-30