Gem-idea:当HTTP方法被发布,放入或删除时,在before_filter中使用captcha进行自动垃圾邮件保护 [英] Gem-idea: Automatic spam protection with captcha in before_filter when HTTP-method is post,put or delete
问题描述
我的想法是在辅助方法中加入一个辅助方法application_controller fe:
class ApplicationController< ActionController :: Base
automatic_captcha_redirect(:min_time => 30.seconds:limit => 50)
...
end
然后我想在每个控制器中包含一个自动的before_filter,它检查当前请求是否通过post,put或delete-method。 b
$ b
如果用户的最后一次请求小于:min_time,则请求应该重定向到验证码输入页面(发布的用户数据驻留在隐藏的html字段中)。
#before_filter:check_spam
def check_spam
if!request.get? &安培;&安培; session [:last_manipulation_at]
&& session [:last_manipulation_at]> = DateTime.now - 30.seconds
redirect_to captcha_path
#(不知道如何处理发布数据到
#在隐藏字段中显示spam-captcha-form)
end
end
在captcha.haml
= form_tag
-request.params.each do | key,value |
= hidden_field_tag键值
$ b = captcha_image
= submit_button_tag
如果用户提交正确的验证字,他的数据将被发布到正确的操作。
你认为这是可以实现的吗?
任何评论或建议?或者一个想法如何实现这种行为?
编辑:
编辑:
处理的第一个结构(非机架应用程序 - 我不知道如何写机架)
$ p $ auto_recaptcha
0)environment.rb中的设置[:limit] = 10
auto_recaptcha [:min_time] = 1.minute
<1>用户发布数据
检查last_manipulation和max。 application_controller.rb中允许的操纵的数量
class ApplicationController< / p> ActionController :: Base
before_filter:automatic_captcha_redirect
def automatic_captcha_redirect
session [:last_manipulation_at] [:manipultation] = []除非session [:last_manipulation_at] [:操作]
#检查请求是否低于显示验证码的规格
if!request.get?
&& session [:last_manipulation_at] [:date]> DateTime.now - auto_recaptcha [:min_time]
&&会话[:last_manipulation_at] [:操作] .count< auto_recaptcha [:limit]
#如果用户应答captcha,验证
if!verify_captcha(params)
@url = request.url
@params = request。 params
renderlayouts / captcha.haml
else
#添加成功的操作来计数
session [:last_manipulation_at] [:操作]<< DateTime.now
session [:last_manipulation_at] [:date] = DateTime.now
end
end
end
end
captcha.haml
-form_tag @url做
-request.params.each do | key,value |
= hidden_field_tag键值
$ b = captcha_image
= submit_button_tag
2)
...
...
...
最后)将userdata发布到正确的位置
post(params)=> users_path#path/ userswith method:post
一种方法可以放在一起:
-
中间件/ rails金属组件
监视请求并添加
信息到机架会话中。
-
控制器helper for before_filters
用于可能需要验证码的事物 -
查看帮助程序以显示
验证码
您可以通过的使用
#config / environment.rb
config.middleware.use'CaptchaMiddleware',:period => 5.minutes,:limit => 50,:captcha_url =>'/ captcha'
简单的中间件示例代码(轻微的但仍然) class CaptchaMiddleware
def初始化应用程序,选项
@app = app
@ options = options
end
def update_stats!
#session基于懒惰
session [:reqs] || = []
session [:reqs] .reject!{| request |请求< Time.now - @options [:period]}
session [:reqs]<< Time.now
end
def over_limit?
session [:reqs] .length> @options [:limit]
end
def call env
@env = env
if @env [REQUEST_METHOD]!='GET'
update_stats!
如果over_limit?
return [302,{Location:#{options [:captcha_url]}},'']
end
end
@ app.call env
end
def session
@env [rack.session]
end
end
I'm thinking about writing an automatic spam protection system (maybe I will write a public gem) for rails.
My concept is to include a helper method in application_controller f.e.:
class ApplicationController < ActionController::Base
automatic_captcha_redirect(:min_time => 30.seconds :limit => 50)
...
end
Then I want to include automatical a before_filter in every controller, which checks, if the current request is via post, put or delete-method.
If the user's last post-request is smaller than :min_time, then the request should be redirected to an captcha-input-page (the posted user-data resides in hidden html fields).
# before_filter :check_spam
def check_spam
if !request.get? && session[:last_manipulation_at]
&& session[:last_manipulation_at] >= DateTime.now - 30.seconds
redirect_to captcha_path
# (doesn't know yet how to handle the post data to
# display in hidden fields in the spam-captcha-form)
end
end
And in captcha.haml
=form_tag
-request.params.each do |key, value|
=hidden_field_tag key, value
=captcha_image
=submit_button_tag
If the user submits the right captcha-word, his data will be posted to the right action.
Do you think thats realizable?
Any critics or suggestions? Or an idea how to realize this behaviour?
EDIT:
- this should not pass through all the ActiveRecord stack; can't it be implemented as a middleware hook (Rails Rack)?
- Yes, would be a good idea - but I'm not very familiar with rails rack :/
- what about file uploads? (you can not store it in a hidden file)
- Hm... maybe a check if there is a file in the post? (How could that be realized?)
- what about Ajax posting?
- Maybe sending back http-status codes (f.e. 503 Service temporary unavailable)
- why only POST and not also PUT and DELETE?
- corrected this in my question
EDIT:
First structure of processing (as non rack-app - I dont know how to write rack apps):
0) Settings in environment.rb
auto_recaptcha[:limit] = 10
auto_recaptcha[:min_time] = 1.minute
1) User posts data
Check last_manipulation and max. amount of allowed manipultations in application_controller.rb
class ApplicationController < ActionController::Base
before_filter :automatic_captcha_redirect
def automatic_captcha_redirect
session[:last_manipulation_at][:manipultation] = [] unless session[:last_manipulation_at][:manipultation]
# Checks if requests are falling under the specifications for showing captcha
if !request.get?
&& session[:last_manipulation_at][:date] > DateTime.now - auto_recaptcha[:min_time]
&& session[:last_manipulation_at][:manipultation].count < auto_recaptcha[:limit]
# If user answered captcha, verify it
if !verify_captcha(params)
@url = request.url
@params = request.params
render "layouts/captcha.haml"
else
# Add successfull manipulation to counter
session[:last_manipulation_at][:manipultation] << DateTime.now
session[:last_manipulation_at][:date] = DateTime.now
end
end
end
end
captcha.haml
-form_tag @url do
-request.params.each do |key, value|
=hidden_field_tag key, value
=captcha_image
=submit_button_tag
2)
...
...
...
last) Post userdata to the right location
post(params) => users_path # path "/users" with method: post
解决方案 One way this could be put together:
Middleware/rails metal component that
monitors the requests and adds the
information to the rack session.
Controller helpers for before_filters
on things that might need captchas
View helpers for displaying the
captchas
You could make the captcha rate adjustable through the args passing mechanism of use
#config/environment.rb
config.middleware.use 'CaptchaMiddleware',:period=>5.minutes,:limit=>50,:captcha_url=>'/captcha'
Also, this should not rely on hidden form fields because a determined bot writer could just change the value they are posting to your server code.
Simple middleware example code(slightly better than a stab in the dark, but still)
class CaptchaMiddleware
def initialize app,options
@app = app
@options=options
end
def update_stats!
#session based,on account of laziness
session[:reqs] ||= []
session[:reqs].reject!{ |request| request < Time.now - @options[:period]}
session[:reqs] << Time.now
end
def over_limit?
session[:reqs].length > @options[:limit]
end
def call env
@env = env
if @env["REQUEST_METHOD"]!='GET'
update_stats!
if over_limit?
return [302,{"Location: #{options[:captcha_url]}"},'']
end
end
@app.call env
end
def session
@env["rack.session"]
end
end
这篇关于Gem-idea:当HTTP方法被发布,放入或删除时,在before_filter中使用captcha进行自动垃圾邮件保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
