feat: add captcha-backed forum security hardening

resources/views/partials/bot-fingerprint-script.blade.php

@@ -0,0 +1,55 @@
+<script>
+(() => {
+    const forms = document.querySelectorAll('[data-bot-form]');
+    if (!forms.length || !window.crypto?.subtle) {
+        return;
+    }
+
+    const readWebglVendor = () => {
+        try {
+            const canvas = document.createElement('canvas');
+            const gl = canvas.getContext('webgl') || canvas.getContext('experimental-webgl');
+            if (!gl) {
+                return 'no-webgl';
+            }
+
+            const extension = gl.getExtension('WEBGL_debug_renderer_info');
+            if (!extension) {
+                return 'webgl-hidden';
+            }
+
+            return [
+                gl.getParameter(extension.UNMASKED_VENDOR_WEBGL),
+                gl.getParameter(extension.UNMASKED_RENDERER_WEBGL),
+            ].join(':');
+        } catch {
+            return 'webgl-error';
+        }
+    };
+
+    const fingerprintPayload = [
+        navigator.userAgent || 'unknown-ua',
+        navigator.language || 'unknown-language',
+        navigator.platform || 'unknown-platform',
+        Intl.DateTimeFormat().resolvedOptions().timeZone || 'unknown-timezone',
+        `${window.screen?.width || 0}x${window.screen?.height || 0}x${window.devicePixelRatio || 1}`,
+        readWebglVendor(),
+    ].join('|');
+
+    const encodeHex = (buffer) => Array.from(new Uint8Array(buffer))
+        .map((part) => part.toString(16).padStart(2, '0'))
+        .join('');
+
+    window.crypto.subtle.digest('SHA-256', new TextEncoder().encode(fingerprintPayload))
+        .then((buffer) => {
+            const fingerprint = encodeHex(buffer);
+            forms.forEach((form) => {
+                const input = form.querySelector('input[name="_bot_fingerprint"]');
+                if (input) {
+                    input.value = fingerprint;
+                }
+            });
+        })
+        .catch(() => {});
+})();
+</script>