First work on timer field against bots

client/index.js

@@ -74,6 +74,14 @@ function jeanCloudContactFormIntercept (formId, notifier) {
         loadingText.classList.add("contact-mailer-sending");
         loadingText.textContent = 'Envoi en cours…'
         submitButton.after(loadingText)
+
+        /* Add the filling timer in seconds */
+        const timerField = document.createElement('input')
+        timerField.value = Math.round((Date.now() - contactMailerPageLoadedTime) / 1000)
+        timerField.name = 'timerfield'
+        timerField.hidden = 'hidden'
+        formElem.appendChild(timerField)
+
         /* XHR */
         fetch(formElem.action, {
             method: formElem.method,
@@ -115,3 +123,5 @@ function jeanCloudContactFormIntercept (formId, notifier) {
     // cat style.css | openssl dgst -sha384 -binary | openssl base64 -A
     document.head.appendChild(link);
 })()
+
+var contactMailerPageLoadedTime = Date.now()

main.py

@@ -141,6 +141,12 @@ def submission ():
         if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '':
             response.status = 400
             return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
+        # Is the js timer enabled?
+        if 'timerdelay' in form:
+            # Did it work?
+            if 'timerfield' not in request.forms or request.forms.get('timerfield') < form['timerdelay']:
+                response.status = 400
+                return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
 
     except MissingParameterException as e:
         response.status = 404