feat(api): add spam content detection for forms

- Add SpamDetectionService to detect gibberish/random text - Detect excessive consonants, low vowel ratio, mixed case patterns - Detect repeated characters and extremely long words - Validate names look realistic (start with letter, have vowels) - Cross-validate multiple suspicious fields - Integrate with ContactFormAjaxHandler and NewsletterAjaxHandler - Log blocked attempts to debug.log Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 09:46:47 -06:00
parent a93e54e1b8
commit eb50c80297
4 changed files with 468 additions and 6 deletions
--- a/Public/ContactForm/Infrastructure/Api/WordPress/ContactFormAjaxHandler.php
+++ b/Public/ContactForm/Infrastructure/Api/WordPress/ContactFormAjaxHandler.php
@@ -5,6 +5,7 @@ namespace ROITheme\Public\ContactForm\Infrastructure\Api\WordPress;

 use ROITheme\Shared\Domain\Contracts\ComponentSettingsRepositoryInterface;
 use ROITheme\Shared\Application\Services\RecaptchaValidationService;
+use ROITheme\Shared\Application\Services\SpamDetectionService;

 /**
 * ContactFormAjaxHandler - Procesa envios del formulario de contacto
@@ -28,7 +29,8 @@ final class ContactFormAjaxHandler

    public function __construct(
        private ComponentSettingsRepositoryInterface $settingsRepository,
-        private ?RecaptchaValidationService $recaptchaService = null
+        private ?RecaptchaValidationService $recaptchaService = null,
+        private ?SpamDetectionService $spamDetectionService = null
    ) {}

    /**
@@ -83,7 +85,15 @@ final class ContactFormAjaxHandler
            return;
        }

-        // 5. Obtener configuracion del componente (incluye webhook URL)
+        // 5. Validar contenido anti-spam (detectar gibberish/texto basura)
+        if (!$this->validateSpamContent($formData)) {
+            wp_send_json_error([
+                'message' => __('El contenido del formulario no es valido. Por favor ingresa informacion real.', 'roi-theme')
+            ], 422);
+            return;
+        }
+
+        // 6. Obtener configuracion del componente (incluye webhook URL)
        $settings = $this->settingsRepository->getComponentSettings(self::COMPONENT_NAME);

        if (empty($settings)) {
@@ -338,4 +348,21 @@ final class ContactFormAjaxHandler
        // Validar con el servicio
        return $this->recaptchaService->validateSubmission($token, $action);
    }
+
+    /**
+     * Validar contenido anti-spam
+     *
+     * @param array $formData Datos del formulario sanitizados
+     * @return bool True si el contenido es valido (no spam)
+     */
+    private function validateSpamContent(array $formData): bool
+    {
+        // Si el servicio no esta inyectado, permitir
+        if ($this->spamDetectionService === null) {
+            return true;
+        }
+
+        $result = $this->spamDetectionService->validateContactForm($formData);
+        return $result['valid'];
+    }
 }
--- a/Public/Footer/Infrastructure/Api/WordPress/NewsletterAjaxHandler.php
+++ b/Public/Footer/Infrastructure/Api/WordPress/NewsletterAjaxHandler.php
@@ -5,6 +5,7 @@ namespace ROITheme\Public\Footer\Infrastructure\Api\WordPress;

 use ROITheme\Shared\Domain\Contracts\ComponentSettingsRepositoryInterface;
 use ROITheme\Shared\Application\Services\RecaptchaValidationService;
+use ROITheme\Shared\Application\Services\SpamDetectionService;

 /**
 * NewsletterAjaxHandler - Procesa suscripciones al newsletter
@@ -27,7 +28,8 @@ final class NewsletterAjaxHandler

    public function __construct(
        private ComponentSettingsRepositoryInterface $settingsRepository,
-        private ?RecaptchaValidationService $recaptchaService = null
+        private ?RecaptchaValidationService $recaptchaService = null,
+        private ?SpamDetectionService $spamDetectionService = null
    ) {}

    /**
@@ -81,7 +83,15 @@ final class NewsletterAjaxHandler
            return;
        }

-        // 5. Obtener configuracion del componente
+        // 5. Validar contenido anti-spam (detectar gibberish/texto basura)
+        if (!$this->validateSpamContent(['name' => $name, 'whatsapp' => $whatsapp])) {
+            wp_send_json_error([
+                'message' => __('El contenido del formulario no es valido. Por favor ingresa informacion real.', 'roi-theme')
+            ], 422);
+            return;
+        }
+
+        // 6. Obtener configuracion del componente
        $settings = $this->settingsRepository->getComponentSettings(self::COMPONENT_NAME);

        if (empty($settings)) {
@@ -238,4 +248,21 @@ final class NewsletterAjaxHandler
        // Validar con el servicio
        return $this->recaptchaService->validateSubmission($token, $action);
    }
+
+    /**
+     * Validar contenido anti-spam
+     *
+     * @param array $formData Datos del formulario sanitizados
+     * @return bool True si el contenido es valido (no spam)
+     */
+    private function validateSpamContent(array $formData): bool
+    {
+        // Si el servicio no esta inyectado, permitir
+        if ($this->spamDetectionService === null) {
+            return true;
+        }
+
+        $result = $this->spamDetectionService->validateNewsletterForm($formData);
+        return $result['valid'];
+    }
 }