Feature: Honeypot Form Fields

[tylermmorton]

The torque framework has some APIs for decoding form data. It might be useful to include support for honeypot fields, as described by Kent Dodds on his blog:

https://forms.epicweb.dev/06

Another useful thing you can do along with the honeypot field is to add a field that will allow you to determine when the form was generated. So if the form is submitted too quickly, you can be pretty confident that it's a bot.

The time stamp based field sounds particularly useful and very possible for SSR based applications.

The form API is located here:

https://github.com/tylermmorton/torque/blob/master/form.go

Rough outline of solution:

• [ ] Add ErrFormHoneypot
• [ ] Add API for declaring honeypot form fields on structs.
• [ ] Add check for honeypot fields in form decoder methods. Return ErrFormHoneypot
• [ ] Add documentation and provide guidance on API usage

[AKARSHITJOSHI]

Could you please elaborate what do you mean by Add API for declaring honeypot form fields on structs. I could just add

formSubmissionTime, ok := req.Context().Value("submission_time").(time.Time)
    if !ok {
        return nil, errors.Wrap(ErrFormHoneypot, err.Error())
    }
    currentTime := time.Now()

    diff := currentTime.Sub(formSubmissionTime)

    if diff < 10*time.Second {
        return nil, ErrFormHoneypot
    }

after form.go L:97