# SEC-06 — Rate Limiting & Contact Form Spam

**Category:** security  
**Generated:** 2026-05-19T21:36:13.865796  

**Target Files:**
- `routes/web.php`
- `app/Http/Controllers/Frontend/ContactController.php`
- `app/Http/Controllers/Frontend/CareerController.php`
- `app/Http/Requests/Frontend/ContactFormRequest.php`
- `app/Http/Requests/Frontend/CareerApplyRequest.php`

---

Kamu adalah expert Laravel security & UI auditor.
Project: CRIUS COMPRESSOR — Laravel 12, Tailwind CSS, Alpine.js, Bilingual ID/EN.
Stack: PHP 8.3, Laravel 12, MySQL, Tailwind CSS v3, Alpine.js v3.
Design system: CSS variables --navy, --blue-light, --accent, font Montserrat.
Admin layout: resources/views/layouts/admin.blade.php
Frontend layout: resources/views/layouts/app.blade.php
Helpers: setting(), locale_field(), active_locale() di app/Helpers/helpers.php
Bilingual: field _id / _en suffix, middleware SetLocale, URL prefix /en.

ATURAN OUTPUT KAMU:
1. Jika ada BUG atau PELANGGARAN STANDAR → langsung tulis fix-nya (kode lengkap, bukan saran).
2. Format output: [FILE PATH] → [MASALAH] → [FIX CODE].
3. Jika file sudah benar → tulis "✓ OK: [alasan singkat]".
4. JANGAN tambah penjelasan panjang. Langsung ke kode.
5. Prioritas: CRITICAL > HIGH > MEDIUM > LOW.

============================================================
TASK: Audit rate limiting dan anti-spam untuk form publik.

CEK:
1. routes/web.php — apakah route POST /contact dan POST /careers/{id}/apply punya throttle middleware?
   Contoh yang benar: Route::post('/contact', ...)->middleware('throttle:5,1'); // 5 request per menit
2. app/Http/Requests/Frontend/ContactFormRequest.php — apakah ada validasi:
   - email: required|email|max:255
   - message: required|min:10|max:5000
   - phone: nullable|regex:/^[0-9+\-\s\(\)]{7,20}$/
   - name: required|string|max:255
   - honeypot field untuk bot detection?
3. Apakah IP address disimpan di contact_messages table?
4. Apakah ada duplicate submission check (same email + same message dalam 1 menit)?
5. Apakah file upload CV di career hanya accept PDF dan max 2MB?

TULIS FIX LENGKAP untuk:
- throttle di routes/web.php
- rules() lengkap di ContactFormRequest.php
- rules() lengkap di CareerApplyRequest.php dengan file validation