Use async method in honeypot service

usercode · usercode · commit a64023f637d5 · 2025-01-24T20:46:23.000+01:00
diff --git a/src/AspNetCore.Honeypot/Extensions.cs b/src/AspNetCore.Honeypot/Extensions.cs
@@ -9,11 +9,8 @@ namespace AspNetCore.Honeypot;
 public static class Extensions
 {
     /// <summary>
-    /// AddHoneypot
+    /// Adds honeypot services.
     /// </summary>
-    /// <param name="services"></param>
-    /// <param name="options"></param>
-    /// <returns></returns>
     public static IServiceCollection AddHoneypot(this IServiceCollection services, Action<HoneypotOptions>? options = null)
     {
         if (options != null)
@@ -27,14 +24,12 @@ public static IServiceCollection AddHoneypot(this IServiceCollection services, A
     }
 
     /// <summary>
-    /// IsHoneypotTrapped
+    /// Is honepot triggered?
     /// </summary>
-    /// <param name="httpContext"></param>
-    /// <returns></returns>
-    public static bool IsHoneypotTrapped(this HttpContext httpContext)
+    public static async Task<bool> IsHoneypotTriggeredAsync(this HttpContext httpContext)
     {
         HoneypotService service = httpContext.RequestServices.GetRequiredService<HoneypotService>();
 
-        return service.IsTrapped(httpContext);
+        return await service.IsTriggeredAsync(httpContext);
     }
 }
diff --git a/src/AspNetCore.Honeypot/HoneypotAttribute.cs b/src/AspNetCore.Honeypot/HoneypotAttribute.cs
@@ -9,15 +9,15 @@ namespace AspNetCore.Honeypot;
 /// </summary>
 public class HoneypotAttribute : ActionFilterAttribute
 {
-    public override void OnActionExecuting(ActionExecutingContext context)
+    public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
     {
-        base.OnActionExecuting(context);
+        bool triggered = await context.HttpContext.IsHoneypotTriggeredAsync();
 
-        bool isTrapped = context.HttpContext.IsHoneypotTrapped();
-
-        if (isTrapped == true)
+        if (triggered == true)
         {
             context.Result = new ContentResult() { Content = "bot detection", ContentType = "text/plain", StatusCode = StatusCodes.Status200OK };
         }
+
+        await base.OnActionExecutionAsync(context, next);
     }
 }
diff --git a/src/AspNetCore.Honeypot/HoneypotOptions.cs b/src/AspNetCore.Honeypot/HoneypotOptions.cs
@@ -6,29 +6,29 @@
 public class HoneypotOptions
 {
     /// <summary>
-    /// EnableFieldCheck
+    /// Is field check enabled?
     /// </summary>
     public bool IsFieldCheckEnabled { get; set; } = true;
 
     /// <summary>
-    /// EnableTimeCheck
+    /// Is time check enabled?
     /// </summary>
     public bool IsTimeCheckEnabled { get; set; } = true;
 
     /// <summary>
-    /// PrefixFieldName
+    /// Prefix for fields.
     /// </summary>
     public string PrefixFieldName { get; set; } = "hp_";
 
     /// <summary>
-    /// TimeFieldName
+    /// Prefix for time fields.
     /// </summary>
     public string TimeFieldName { get; set; } = "_time";
 
     /// <summary>
-    /// MinTimeDuration
+    /// Minimal time for user response.
     /// </summary>
-    public TimeSpan MinTimeDuration { get; set; } = TimeSpan.FromSeconds(1);
+    public TimeSpan MinResponseTime { get; set; } = TimeSpan.FromSeconds(1);
 
     internal bool IsFieldName(string name)
     {
diff --git a/src/AspNetCore.Honeypot/HoneypotService.cs b/src/AspNetCore.Honeypot/HoneypotService.cs
@@ -9,7 +9,7 @@ namespace AspNetCore.Honeypot;
 /// </summary>
 class HoneypotService
 {
-    public const string HttpContextItemName = "AspNetCore.Honeypot.IsHoneypotTrapped";
+    public const string HttpContextItemName = "AspNetCore.Honeypot.IsHoneypotTriggered";
 
     public HoneypotService(IOptions<HoneypotOptions> options)
     {
@@ -22,42 +22,51 @@ public HoneypotService(IOptions<HoneypotOptions> options)
     private HoneypotOptions Options { get; }
 
     /// <summary>
-    /// IsTrapped
+    /// Is honeypot triggered?
     /// </summary>
-    public bool IsTrapped(HttpContext httpContext)
+    public async Task<bool> IsTriggeredAsync(HttpContext httpContext)
     {
         if (httpContext.Items.TryGetValue(HttpContextItemName, out object? value) == false)
         {
-            bool trapped = false;
+            bool triggered = false;
 
             if (httpContext.Request.HasFormContentType == false)
             {
-                trapped = true;
+                triggered = true;
             }
 
-            if (trapped == false && Options.IsFieldCheckEnabled)
+            IFormCollection form = await httpContext.Request.ReadFormAsync();
+
+            if (triggered == false && Options.IsFieldCheckEnabled)
             {
                 //check fields
-                trapped = httpContext.Request.Form.Any(x => Options.IsFieldName(x.Key) && x.Value.Any(v => string.IsNullOrEmpty(v) == false));
+                triggered = form.Any(x => Options.IsFieldName(x.Key) && x.Value.Any(v => string.IsNullOrEmpty(v) == false));
             }
 
-            if (trapped == false && Options.IsTimeCheckEnabled)
+            if (triggered == false && Options.IsTimeCheckEnabled)
             {
                 //check time
-                if (httpContext.Request.Form.TryGetValue(Options.TimeFieldName, out StringValues timeValues))
+                if (form.TryGetValue(Options.TimeFieldName, out StringValues timeValues))
                 {
-                    if (timeValues.Any())
+                    if (timeValues.Count > 0 && timeValues[0] is string timeValue)
                     {
-                        TimeSpan diff = DateTime.UtcNow - new DateTime(long.Parse(timeValues.First()), DateTimeKind.Utc);
+                        if (long.TryParse(timeValue, out long time))
+                        {
+                            TimeSpan diff = DateTime.UtcNow - new DateTime(time, DateTimeKind.Utc);
 
-                        trapped = diff < Options.MinTimeDuration;
+                            triggered = diff < Options.MinResponseTime;
+                        }
+                        else
+                        {
+                            triggered = true; //time field doesn't contain long value.
+                        }
                     }
                 }
             }
 
-            httpContext.Items.Add(HttpContextItemName, trapped);
+            httpContext.Items.Add(HttpContextItemName, triggered);
 
-            return trapped;
+            return triggered;
         }
         else
         {

Original file line number	Diff line number	Diff line change
`@@ -9,11 +9,8 @@ namespace AspNetCore.Honeypot;`
`9`	`9`	`public static class Extensions`
`10`	`10`	`{`
`11`	`11`	`/// <summary>`
`12`		`- /// AddHoneypot`
	`12`	`+ /// Adds honeypot services.`
`13`	`13`	`/// </summary>`
`14`		`- /// <param name="services"></param>`
`15`		`- /// <param name="options"></param>`
`16`		`- /// <returns></returns>`
`17`	`14`	`public static IServiceCollection AddHoneypot(this IServiceCollection services, Action<HoneypotOptions>? options = null)`
`18`	`15`	`{`
`19`	`16`	`if (options != null)`
`@@ -27,14 +24,12 @@ public static IServiceCollection AddHoneypot(this IServiceCollection services, A`
`27`	`24`	`}`
`28`	`25`
`29`	`26`	`/// <summary>`
`30`		`- /// IsHoneypotTrapped`
	`27`	`+ /// Is honepot triggered?`
`31`	`28`	`/// </summary>`
`32`		`- /// <param name="httpContext"></param>`
`33`		`- /// <returns></returns>`
`34`		`- public static bool IsHoneypotTrapped(this HttpContext httpContext)`
	`29`	`+ public static async Task<bool> IsHoneypotTriggeredAsync(this HttpContext httpContext)`
`35`	`30`	`{`
`36`	`31`	`HoneypotService service = httpContext.RequestServices.GetRequiredService<HoneypotService>();`
`37`	`32`
`38`		`- return service.IsTrapped(httpContext);`
	`33`	`+ return await service.IsTriggeredAsync(httpContext);`
`39`	`34`	`}`
`40`	`35`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,15 +9,15 @@ namespace AspNetCore.Honeypot;`
`9`	`9`	`/// </summary>`
`10`	`10`	`public class HoneypotAttribute : ActionFilterAttribute`
`11`	`11`	`{`
`12`		`- public override void OnActionExecuting(ActionExecutingContext context)`
	`12`	`+ public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)`
`13`	`13`	`{`
`14`		`- base.OnActionExecuting(context);`
	`14`	`+ bool triggered = await context.HttpContext.IsHoneypotTriggeredAsync();`
`15`	`15`
`16`		`- bool isTrapped = context.HttpContext.IsHoneypotTrapped();`
`17`		`-`
`18`		`- if (isTrapped == true)`
	`16`	`+ if (triggered == true)`
`19`	`17`	`{`
`20`	`18`	`context.Result = new ContentResult() { Content = "bot detection", ContentType = "text/plain", StatusCode = StatusCodes.Status200OK };`
`21`	`19`	`}`
	`20`	`+`
	`21`	`+ await base.OnActionExecutionAsync(context, next);`
`22`	`22`	`}`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ namespace AspNetCore.Honeypot;`
`9`	`9`	`/// </summary>`
`10`	`10`	`class HoneypotService`
`11`	`11`	`{`
`12`		`- public const string HttpContextItemName = "AspNetCore.Honeypot.IsHoneypotTrapped";`
	`12`	`+ public const string HttpContextItemName = "AspNetCore.Honeypot.IsHoneypotTriggered";`
`13`	`13`
`14`	`14`	`public HoneypotService(IOptions<HoneypotOptions> options)`
`15`	`15`	`{`
`@@ -22,42 +22,51 @@ public HoneypotService(IOptions<HoneypotOptions> options)`
`22`	`22`	`private HoneypotOptions Options { get; }`
`23`	`23`
`24`	`24`	`/// <summary>`
`25`		`- /// IsTrapped`
	`25`	`+ /// Is honeypot triggered?`
`26`	`26`	`/// </summary>`
`27`		`- public bool IsTrapped(HttpContext httpContext)`
	`27`	`+ public async Task<bool> IsTriggeredAsync(HttpContext httpContext)`
`28`	`28`	`{`
`29`	`29`	`if (httpContext.Items.TryGetValue(HttpContextItemName, out object? value) == false)`
`30`	`30`	`{`
`31`		`- bool trapped = false;`
	`31`	`+ bool triggered = false;`
`32`	`32`
`33`	`33`	`if (httpContext.Request.HasFormContentType == false)`
`34`	`34`	`{`
`35`		`- trapped = true;`
	`35`	`+ triggered = true;`
`36`	`36`	`}`
`37`	`37`
`38`		`- if (trapped == false && Options.IsFieldCheckEnabled)`
	`38`	`+ IFormCollection form = await httpContext.Request.ReadFormAsync();`
	`39`	`+`
	`40`	`+ if (triggered == false && Options.IsFieldCheckEnabled)`
`39`	`41`	`{`
`40`	`42`	`//check fields`
`41`		`- trapped = httpContext.Request.Form.Any(x => Options.IsFieldName(x.Key) && x.Value.Any(v => string.IsNullOrEmpty(v) == false));`
	`43`	`+ triggered = form.Any(x => Options.IsFieldName(x.Key) && x.Value.Any(v => string.IsNullOrEmpty(v) == false));`
`42`	`44`	`}`
`43`	`45`
`44`		`- if (trapped == false && Options.IsTimeCheckEnabled)`
	`46`	`+ if (triggered == false && Options.IsTimeCheckEnabled)`
`45`	`47`	`{`
`46`	`48`	`//check time`
`47`		`- if (httpContext.Request.Form.TryGetValue(Options.TimeFieldName, out StringValues timeValues))`
	`49`	`+ if (form.TryGetValue(Options.TimeFieldName, out StringValues timeValues))`
`48`	`50`	`{`
`49`		`- if (timeValues.Any())`
	`51`	`+ if (timeValues.Count > 0 && timeValues[0] is string timeValue)`
`50`	`52`	`{`
`51`		`- TimeSpan diff = DateTime.UtcNow - new DateTime(long.Parse(timeValues.First()), DateTimeKind.Utc);`
	`53`	`+ if (long.TryParse(timeValue, out long time))`
	`54`	`+ {`
	`55`	`+ TimeSpan diff = DateTime.UtcNow - new DateTime(time, DateTimeKind.Utc);`
`52`	`56`
`53`		`- trapped = diff < Options.MinTimeDuration;`
	`57`	`+ triggered = diff < Options.MinResponseTime;`
	`58`	`+ }`
	`59`	`+ else`
	`60`	`+ {`
	`61`	`+ triggered = true; //time field doesn't contain long value.`
	`62`	`+ }`
`54`	`63`	`}`
`55`	`64`	`}`
`56`	`65`	`}`
`57`	`66`
`58`		`- httpContext.Items.Add(HttpContextItemName, trapped);`
	`67`	`+ httpContext.Items.Add(HttpContextItemName, triggered);`
`59`	`68`
`60`		`- return trapped;`
	`69`	`+ return triggered;`
`61`	`70`	`}`
`62`	`71`	`else`
`63`	`72`	`{`