soroushdes/hamkadr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Anti-abuse hardening: hourly posting rate limit + captcha on facility registration
CI/CD / CI · dotnet build (push) Successful in 26s
Details
CI/CD / Deploy · hamkadr (push) Successful in 40s
Details

Browse Source 
- SubmissionGuard.PostingRateExceededAsync: max 20 new listings (shifts+jobs) per account per rolling hour, enforced in PostJob + PostShift
- Captcha + spam-name screen added to /Employer/RegisterFacility

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-04 09:45:12 +03:30
parent 0587e040d9
commit 178e44c4da
5 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/JobsMedical.Web/Pages/Employer/RegisterFacility.cshtml.cs
+22 -2
View File
@@ -15,10 +15,18 @@ namespace JobsMedical.Web.Pages.Employer;
public class RegisterFacilityModel : PageModel
{
private readonly AppDbContext _db;
public RegisterFacilityModel(AppDbContext db) => _db = db;
private readonly CaptchaService _captcha;
public RegisterFacilityModel(AppDbContext db, CaptchaService captcha)
{
_db = db;
_captcha = captcha;
}
public List<City> Cities { get; private set; } = new();
public List<District> Districts { get; private set; } = new();
public string CaptchaQuestion { get; private set; } = "";
[BindProperty] public string? CaptchaToken { get; set; }
[BindProperty] public string? CaptchaAnswer { get; set; }
[BindProperty] public string Name { get; set; } = "";
[BindProperty] public FacilityType Type { get; set; }
@@ -31,16 +39,21 @@ public class RegisterFacilityModel : PageModel
[BindProperty] public double? Lng { get; set; }
public string? Error { get; private set; }
public async Task OnGetAsync() => await LoadListsAsync();
public async Task OnGetAsync() { await LoadListsAsync(); NewCaptcha(); }
public async Task<IActionResult> OnPostAsync()
{
await LoadListsAsync();
if (!_captcha.Verify(CaptchaToken, CaptchaAnswer))
{ Error = "پاسخ سؤال امنیتی نادرست است."; NewCaptcha(); return Page(); }
if (string.IsNullOrWhiteSpace(Name) || CityId == 0)
{
Error = "نام مرکز و شهر الزامی است.";
NewCaptcha();
return Page();
}
if (SubmissionGuard.ContainsSpam(Name))
{ Error = "نام مرکز نامعتبر به‌نظر می‌رسد."; NewCaptcha(); return Page(); }
var userId = int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!);
var facility = new Facility
@@ -81,4 +94,11 @@ public class RegisterFacilityModel : PageModel
Cities = await _db.Cities.OrderByDescending(c => c.IsActive).ThenBy(c => c.Name).ToListAsync();
Districts = await _db.Districts.Where(d => d.IsActive).OrderBy(d => d.Name).ToListAsync();
}
private void NewCaptcha()
{
var (q, token) = _captcha.Create();
CaptchaQuestion = q;
CaptchaToken = token;
}
}