Gem-idea:当HTTP方法被发布,放入或删除时,在before_filter中使用captcha进行自动垃圾邮件保护 [英] Gem-idea: Automatic spam protection with captcha in before_filter when HTTP-method is post,put or delete
问题描述
我的想法是在辅助方法中加入一个辅助方法application_controller fe:
class ApplicationController< ActionController :: Base
automatic_captcha_redirect(:min_time => 30.seconds:limit => 50)
...
end
然后我想在每个控制器中包含一个自动的before_filter,它检查当前请求是否通过post,put或delete-method。 b
$ b
如果用户的最后一次请求小于:min_time,则请求应该重定向到验证码输入页面(发布的用户数据驻留在隐藏的html字段中)。
#before_filter:check_spam
def check_spam
if!request.get? &安培;&安培; session [:last_manipulation_at]
&& session [:last_manipulation_at]> = DateTime.now - 30.seconds
redirect_to captcha_path
#(不知道如何处理发布数据到
#在隐藏字段中显示spam-captcha-form)
end
end
在captcha.haml
= form_tag
-request.params.each do | key,value |
= hidden_field_tag键值
$ b = captcha_image
= submit_button_tag
如果用户提交正确的验证字,他的数据将被发布到正确的操作。
你认为这是可以实现的吗?
任何评论或建议?或者一个想法如何实现这种行为?
编辑:
编辑:
处理的第一个结构(非机架应用程序 - 我不知道如何写机架)
$ p $ auto_recaptcha
0)environment.rb中的设置[:limit] = 10
auto_recaptcha [:min_time] = 1.minute
<1>用户发布数据
检查last_manipulation和max。 application_controller.rb中允许的操纵的数量
class ApplicationController< / p> ActionController :: Base
before_filter:automatic_captcha_redirect
def automatic_captcha_redirect
session [:last_manipulation_at] [:manipultation] = []除非session [:last_manipulation_at] [:操作]
#检查请求是否低于显示验证码的规格
if!request.get?
&& session [:last_manipulation_at] [:date]> DateTime.now - auto_recaptcha [:min_time]
&&会话[:last_manipulation_at] [:操作] .count< auto_recaptcha [:limit]
#如果用户应答captcha,验证
if!verify_captcha(params)
@url = request.url
@params = request。 params
renderlayouts / captcha.haml
else
#添加成功的操作来计数
session [:last_manipulation_at] [:操作]<< DateTime.now
session [:last_manipulation_at] [:date] = DateTime.now
end
end
end
end
captcha.haml
-form_tag @url做
-request.params.each do | key,value |
= hidden_field_tag键值
$ b = captcha_image
= submit_button_tag
2)
...
...
...
最后)将userdata发布到正确的位置
post(params)=> users_path#path/ userswith method:post
一种方法可以放在一起:
-
中间件/ rails金属组件
监视请求并添加
信息到机架会话中。
-
控制器helper for before_filters
用于可能需要验证码的事物 -
查看帮助程序以显示
验证码
您可以通过的使用
#config / environment.rb
config.middleware.use'CaptchaMiddleware',:period => 5.minutes,:limit => 50,:captcha_url =>'/ captcha'
$ c $另外,这不应该依赖于隐藏的表单域,因为一个确定的机器人编写者可能会改变他们发布到服务器代码的值。 简单的中间件示例代码(轻微的但仍然) class CaptchaMiddleware
def初始化应用程序,选项
@app = app
@ options = options
end
def update_stats!
#session基于懒惰
session [:reqs] || = []
session [:reqs] .reject!{| request |请求< Time.now - @options [:period]}
session [:reqs]<< Time.now
end
def over_limit?
session [:reqs] .length> @options [:limit]
end
def call env
@env = env
if @env [REQUEST_METHOD]!='GET'
update_stats!
如果over_limit?
return [302,{Location:#{options [:captcha_url]}},'']
end
end
@ app.call env
end
def session
@env [rack.session]
end
end
I'm thinking about writing an automatic spam protection system (maybe I will write a public gem) for rails.
My concept is to include a helper method in application_controller f.e.:
class ApplicationController < ActionController::Base
automatic_captcha_redirect(:min_time => 30.seconds :limit => 50)
...
end
Then I want to include automatical a before_filter in every controller, which checks, if the current request is via post, put or delete-method.
If the user's last post-request is smaller than :min_time, then the request should be redirected to an captcha-input-page (the posted user-data resides in hidden html fields).
# before_filter :check_spam
def check_spam
if !request.get? && session[:last_manipulation_at]
&& session[:last_manipulation_at] >= DateTime.now - 30.seconds
redirect_to captcha_path
# (doesn't know yet how to handle the post data to
# display in hidden fields in the spam-captcha-form)
end
end
And in captcha.haml
=form_tag
-request.params.each do |key, value|
=hidden_field_tag key, value
=captcha_image
=submit_button_tag
If the user submits the right captcha-word, his data will be posted to the right action.
Do you think thats realizable?
Any critics or suggestions? Or an idea how to realize this behaviour?
EDIT:
- this should not pass through all the ActiveRecord stack; can't it be implemented as a middleware hook (Rails Rack)?
- Yes, would be a good idea - but I'm not very familiar with rails rack :/
- what about file uploads? (you can not store it in a hidden file)
- Hm... maybe a check if there is a file in the post? (How could that be realized?)
- what about Ajax posting?
- Maybe sending back http-status codes (f.e. 503 Service temporary unavailable)
- why only POST and not also PUT and DELETE?
- corrected this in my question
EDIT:
First structure of processing (as non rack-app - I dont know how to write rack apps):
0) Settings in environment.rb
auto_recaptcha[:limit] = 10
auto_recaptcha[:min_time] = 1.minute
1) User posts data
Check last_manipulation and max. amount of allowed manipultations in application_controller.rb
class ApplicationController < ActionController::Base
before_filter :automatic_captcha_redirect
def automatic_captcha_redirect
session[:last_manipulation_at][:manipultation] = [] unless session[:last_manipulation_at][:manipultation]
# Checks if requests are falling under the specifications for showing captcha
if !request.get?
&& session[:last_manipulation_at][:date] > DateTime.now - auto_recaptcha[:min_time]
&& session[:last_manipulation_at][:manipultation].count < auto_recaptcha[:limit]
# If user answered captcha, verify it
if !verify_captcha(params)
@url = request.url
@params = request.params
render "layouts/captcha.haml"
else
# Add successfull manipulation to counter
session[:last_manipulation_at][:manipultation] << DateTime.now
session[:last_manipulation_at][:date] = DateTime.now
end
end
end
end
captcha.haml
-form_tag @url do
-request.params.each do |key, value|
=hidden_field_tag key, value
=captcha_image
=submit_button_tag
2)
...
...
...
last) Post userdata to the right location
post(params) => users_path # path "/users" with method: post
解决方案 One way this could be put together:
Middleware/rails metal component that
monitors the requests and adds the
information to the rack session.
Controller helpers for before_filters
on things that might need captchas
View helpers for displaying the
captchas
You could make the captcha rate adjustable through the args passing mechanism of use
#config/environment.rb
config.middleware.use 'CaptchaMiddleware',:period=>5.minutes,:limit=>50,:captcha_url=>'/captcha'
Also, this should not rely on hidden form fields because a determined bot writer could just change the value they are posting to your server code.
Simple middleware example code(slightly better than a stab in the dark, but still)
class CaptchaMiddleware
def initialize app,options
@app = app
@options=options
end
def update_stats!
#session based,on account of laziness
session[:reqs] ||= []
session[:reqs].reject!{ |request| request < Time.now - @options[:period]}
session[:reqs] << Time.now
end
def over_limit?
session[:reqs].length > @options[:limit]
end
def call env
@env = env
if @env["REQUEST_METHOD"]!='GET'
update_stats!
if over_limit?
return [302,{"Location: #{options[:captcha_url]}"},'']
end
end
@app.call env
end
def session
@env["rack.session"]
end
end
这篇关于Gem-idea:当HTTP方法被发布,放入或删除时,在before_filter中使用captcha进行自动垃圾邮件保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!