UNPKG

remix-utils-rt

Version:

This package contains simple utility functions to use with [React Router](https://reactrouter.com/home).

github.com/rishabhtayal/remix-utils

rishabhtayal/remix-utils

114 lines 4.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import { decrypt, encrypt, randomString } from "../common/crypto.js"; /** * The error thrown when the Honeypot fails, meaning some automated bot filled * the form and the request is probably spam. */ export class SpamError extends Error { name = "SpamError"; } const DEFAULT_NAME_FIELD_NAME = "name__confirm"; const DEFAULT_VALID_FROM_FIELD_NAME = "from__confirm"; /** * Module used to implement a Honeypot. * A Honeypot is a visually hidden input that is used to detect spam bots. This * field is expected to be left empty by users because they don't see it, but * bots will fill it falling in the honeypot trap. */ export class Honeypot { generatedEncryptionSeed = this.randomValue(); config; constructor(config = {}) { this.config = config; } /** * Get the HoneypotInputProps to be used in your forms. * @param options The options for the input props. * @param options.validFromTimestamp Since when the timestamp is valid. * @returns The props to be used in the form. */ async getInputProps({ validFromTimestamp = Date.now(), } = {}) { return { nameFieldName: this.nameFieldName, validFromFieldName: this.validFromFieldName, encryptedValidFrom: await this.encrypt(validFromTimestamp.toString()), }; } async check(formData) { let nameFieldName = this.config.nameFieldName ?? DEFAULT_NAME_FIELD_NAME; if (this.config.randomizeNameFieldName) { let actualName = this.getRandomizedNameFieldName(nameFieldName, formData); if (actualName) nameFieldName = actualName; } if (!this.shouldCheckHoneypot(formData, nameFieldName)) return; if (!formData.has(nameFieldName)) { throw new SpamError("Missing honeypot input"); } let honeypotValue = formData.get(nameFieldName); if (honeypotValue !== "") throw new SpamError("Honeypot input not empty"); if (!this.validFromFieldName) return; let validFrom = formData.get(this.validFromFieldName); if (!validFrom) throw new SpamError("Missing honeypot valid from input"); let time = await this.decrypt(validFrom); if (!time) throw new SpamError("Invalid honeypot valid from input"); if (!this.isValidTimeStamp(Number(time))) { throw new SpamError("Invalid honeypot valid from input"); } if (this.isFuture(Number(time))) { throw new SpamError("Honeypot valid from is in future"); } } get nameFieldName() { let fieldName = this.config.nameFieldName ?? DEFAULT_NAME_FIELD_NAME; if (!this.config.randomizeNameFieldName) return fieldName; return `${fieldName}_${this.randomValue()}`; } get validFromFieldName() { if (this.config.validFromFieldName === undefined) { return DEFAULT_VALID_FROM_FIELD_NAME; } return this.config.validFromFieldName; } get encryptionSeed() { return this.config.encryptionSeed ?? this.generatedEncryptionSeed; } getRandomizedNameFieldName(nameFieldName, formData) { for (let key of formData.keys()) { if (!key.startsWith(nameFieldName)) continue; return key; } } shouldCheckHoneypot(formData, nameFieldName) { return (formData.has(nameFieldName) || Boolean(this.validFromFieldName && formData.has(this.validFromFieldName))); } randomValue() { return randomString(); } encrypt(value) { return encrypt(value, this.encryptionSeed); } decrypt(value) { return decrypt(value, this.encryptionSeed); } isFuture(timestamp) { return timestamp > Date.now(); } isValidTimeStamp(timestampp) { if (Number.isNaN(timestampp)) return false; if (timestampp <= 0) return false; if (timestampp >= Number.MAX_SAFE_INTEGER) return false; return true; } } //# sourceMappingURL=honeypot.js.map