coalition.endorsements.spam_prevention

Spam prevention utilities for endorsement forms

Attributes

akismet

validate_email

logger

Classes

SpamPreventionService

Service for preventing spam in endorsement submissions

Functions

secure_ip_key(→ str)

Custom rate limit key function that uses our secure IP extraction.

get_client_ip(→ str)

Securely extract client IP address with validation and spoofing protection.

Module Contents

coalition.endorsements.spam_prevention.akismet = None[source]
coalition.endorsements.spam_prevention.validate_email = None[source]
coalition.endorsements.spam_prevention.logger[source]
coalition.endorsements.spam_prevention.secure_ip_key(group: str, request: django.http.HttpRequest) str[source]

Custom rate limit key function that uses our secure IP extraction.

This prevents IP spoofing attacks by using get_client_ip() which validates IP addresses and handles proxy headers safely.

coalition.endorsements.spam_prevention.get_client_ip(request: django.http.HttpRequest) str[source]

Securely extract client IP address with validation and spoofing protection.

Validates IP addresses and handles proxy headers safely to prevent rate limit bypass and log pollution attacks.

class coalition.endorsements.spam_prevention.SpamPreventionService[source]

Service for preventing spam in endorsement submissions

RATE_LIMIT_WINDOW[source]
RATE_LIMIT_MAX_ATTEMPTS[source]
SUSPICIOUS_DOMAINS = ['mailinator.com', '10minutemail.com', 'guerrillamail.com', 'temp-mail.org', 'throwaway.email'][source]
classmethod check_rate_limit(request: django.http.HttpRequest) dict[str, Any][source]

Check if request has exceeded rate limit using django-ratelimit Returns dict with ‘allowed’ boolean and ‘remaining’ count

classmethod record_submission_attempt(request: django.http.HttpRequest) None[source]

Record a submission attempt using django-ratelimit

classmethod validate_honeypot(form_data: dict[str, Any]) bool[source]

Validate honeypot fields Returns True if validation passes (human), False if spam detected

classmethod validate_timing(form_data: dict[str, Any]) bool[source]

Validate form submission timing Too fast = bot, too slow = potentially abandoned

classmethod check_email_reputation(email: str) dict[str, Any][source]

Check email address reputation using email-validator Falls back to basic checks if email-validator is unavailable Returns dict with ‘suspicious’ boolean and ‘reasons’ list

classmethod check_content_quality(stakeholder_data: dict[str, Any], statement: str, ip_address: str = None, user_agent: str = None) dict[str, Any][source]

Check content quality for spam indicators using Akismet Falls back to custom checks if Akismet is unavailable Returns dict with ‘suspicious’ boolean and ‘reasons’ list

classmethod comprehensive_spam_check(request: django.http.HttpRequest, stakeholder_data: dict[str, Any], statement: str, form_data: dict[str, Any], user_agent: str = None, skip_rate_limiting: bool = False) dict[str, Any][source]

Run comprehensive spam check Returns dict with overall assessment and details