studio-variable/world-game
3
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Fix: suppression du timing check (faux positifs sur desktop)

Browse source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
isUnknown 2026-03-19 07:15:44 +01:00
parent 67d8159787
commit 9f8854efa5
2 changed files with 3 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
site/config/routes/download-white-paper.php
View file

@ -24,12 +24,6 @@ return [
wpReject(400, 'Bad request'); wpReject(400, 'Bad request');
} }
// ── Timing check (min 3 s) ────────────────────────────────
$openedAt = isset($body['_t']) ? (int)$body['_t'] : 0;
if ($openedAt === 0 || (time() * 1000 - $openedAt) < 3000) {
wpReject(400, 'Too fast');
}
// ── Rate limiting (5 req / hour / IP) ───────────────────── // ── Rate limiting (5 req / hour / IP) ─────────────────────
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? 'unknown'; $ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$cacheKey = 'wp-dl-' . md5($ip); $cacheKey = 'wp-dl-' . md5($ip);

11
src/views/WhitePaper.svelte
View file

@ -13,12 +13,7 @@
let submitting = $state(false) let submitting = $state(false)
let status = $state(null) // null | 'success' | 'error' let status = $state(null) // null | 'success' | 'error'
let showForm = $state(false) let showForm = $state(false)
let honeypot = $state('') let honeypot = $state('')
let formOpenedAt = $state(0)
$effect(() => {
if (showForm && formOpenedAt === 0) formOpenedAt = Date.now()
})
let isEmailValid = $derived.by(() => { let isEmailValid = $derived.by(() => {
const emailValidator = /^[\w\-\.]+@([\w-]+\.)+[\w-]{2,}$/gm const emailValidator = /^[\w\-\.]+@([\w-]+\.)+[\w-]{2,}$/gm
@ -39,7 +34,7 @@
const res = await fetch(`${prefix}/${data.uri}/download`, { const res = await fetch(`${prefix}/${data.uri}/download`, {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ firstName, lastName, company, role, email, _hp: honeypot, _t: formOpenedAt }) body: JSON.stringify({ firstName, lastName, company, role, email, _hp: honeypot })
}) })
const result = await res.json() const result = await res.json()
if (result.fileUrl) { if (result.fileUrl) {
@ -167,7 +162,7 @@
font-family: "Danzza", sans-serif; font-family: "Danzza", sans-serif;
font-size: var(--font-size-paragraph); font-size: var(--font-size-paragraph);
opacity: 0.8; opacity: 0.8;
max-width: 480px; max-width: 90%;
} }
/* Mobile trigger: hidden on desktop */ /* Mobile trigger: hidden on desktop */