Installed spatie/laravel-honeypot

kilobyteno · Sep 21, 2021 · 2cd1365 · 2cd1365
1 parent 6308bc1
commit 2cd1365
Show file tree

Hide file tree

Showing 6 changed files with 136 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -6,6 +6,7 @@ This is my personal preference when starting a new Laravel web application. This
 Composer:
 - [laravel/jetstream](https://github.com/laravel/jetstream)
 - [spatie/laravel-permission](https://github.com/spatie/laravel-permission)
+- [spatie/laravel-honeypot](https://github.com/spatie/laravel-honeypot)
 
 NPM:
 - [tailwindcss-debug-screens](https://github.com/jorenvanhee/tailwindcss-debug-screens)

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -21,6 +21,7 @@ class Kernel extends HttpKernel
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        \Spatie\Honeypot\ProtectAgainstSpam::class,
     ];
 
     /**

diff --git a/composer.json b/composer.json
@@ -13,6 +13,7 @@
         "laravel/sanctum": "^2.11",
         "laravel/tinker": "^2.5",
         "livewire/livewire": "^2.5",
+        "spatie/laravel-honeypot": "^3.0",
         "spatie/laravel-permission": "^5.1"
     },
     "require-dev": {

diff --git a/composer.lock b/composer.lock
diff --git a/config/honeypot.php b/config/honeypot.php
@@ -0,0 +1,59 @@
+<?php
+
+use Spatie\Honeypot\SpamResponder\BlankPageResponder;
+
+return [
+    /*
+     * Here you can specify name of the honeypot field. Any requests that submit a non-empty
+     * value for this name will be discarded. Make sure this name does not
+     * collide with a form field that is actually used.
+     */
+    'name_field_name' => env('HONEYPOT_NAME', 'bee_name'),
+
+    /*
+     * When this is activated there will be a random string added
+     * to the name_field_name. This improves the
+     * protection against bots.
+     */
+    'randomize_name_field_name' => env('HONEYPOT_RANDOMIZE', true),
+
+    /*
+     * When this is activated, requests will be checked if
+     * form is submitted faster than this amount of seconds
+     */
+    'valid_from_timestamp' => env('HONEYPOT_VALID_FROM_TIMESTAMP', true),
+
+    /*
+     * This field contains the name of a form field that will be used to verify
+     * if the form wasn't submitted too quickly. Make sure this name does not
+     * collide with a form field that is actually used.
+     */
+    'valid_from_field_name' => env('HONEYPOT_VALID_FROM', 'valid_from'),
+
+    /*
+     * If the form is submitted faster than this amount of seconds
+     * the form submission will be considered invalid.
+     */
+    'amount_of_seconds' => env('HONEYPOT_SECONDS', 1),
+
+    /*
+     * This class is responsible for sending a response to requests that
+     * are detected as being spammy. By default a blank page is shown.
+     *
+     * A valid responder is any class that implements
+     * `Spatie\Honeypot\SpamResponder\SpamResponder`
+     */
+    'respond_to_spam_with' => BlankPageResponder::class,
+
+    /*
+     * When activated, requests will be checked if honeypot fields are missing,
+     * if so the request will be stamped as spam. Be careful! When using the
+     * global middleware be sure to add honeypot fields to each form.
+     */
+    'honeypot_fields_required_for_all_forms' => false,
+
+    /*
+     * This switch determines if the honeypot protection should be activated.
+     */
+    'enabled' => env('HONEYPOT_ENABLED', true),
+];
diff --git a/resources/views/auth/register.blade.php b/resources/views/auth/register.blade.php
@@ -8,7 +8,7 @@
 
         <form method="POST" action="{{ route('register') }}">
             @csrf
-
+            @honeypot
             <div>
                 <x-jet-label for="name" value="{{ __('Name') }}" />
                 <x-jet-input id="name" class="block mt-1 w-full" type="text" name="name" :value="old('name')" required autofocus autocomplete="name" />