forked from OpenNeo/impress
Add shadowban mechanism for closet lists
Simple enough to start! If `shadowbanned: true` gets set on a user, then we show a 404 instead of the actual list page, *unless* you're logged in as that user, or coming from a known IP of that user. This isn't a very strong mechanism! Just something to hopefully increase the costs of messing around with list spam.
This commit is contained in:
parent
4ae5acfdc3
commit
156cabbab4
5 changed files with 22 additions and 2 deletions
|
@ -1,6 +1,5 @@
|
|||
require 'async'
|
||||
require 'async/container'
|
||||
require 'ipaddr'
|
||||
|
||||
class ApplicationController < ActionController::Base
|
||||
include FragmentLocalization
|
||||
|
|
|
@ -2,6 +2,7 @@ class ClosetHangersController < ApplicationController
|
|||
before_action :authorize_user!, :only => [:destroy, :create, :update, :update_quantities, :petpage]
|
||||
before_action :find_item, :only => [:create, :update_quantities]
|
||||
before_action :find_user, :only => [:index, :petpage, :update_quantities]
|
||||
before_action :enforce_shadowban, only: [:index]
|
||||
|
||||
def destroy
|
||||
if params[:list_id]
|
||||
|
@ -214,6 +215,14 @@ class ClosetHangersController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
def enforce_shadowban
|
||||
# If this user is shadowbanned, and this *doesn't* seem to be a request
|
||||
# from that user, render the 404 page.
|
||||
if @user.shadowbanned? && !@user.likely_is?(current_user, request.remote_ip)
|
||||
render file: "public/404.html", layout: false, status: :not_found
|
||||
end
|
||||
end
|
||||
|
||||
def find_item
|
||||
@item = Item.find params[:item_id]
|
||||
end
|
||||
|
|
|
@ -46,6 +46,12 @@ class User < ApplicationRecord
|
|||
serializable_hash only: [:id, :name]
|
||||
end
|
||||
|
||||
# Given info about a request, return whether that request is likely to be
|
||||
# coming from the same person who owns this account.
|
||||
def likely_is?(current_user, remote_ip)
|
||||
current_user == self || auth_user.current_sign_in_ip == remote_ip
|
||||
end
|
||||
|
||||
def unowned_items
|
||||
# Join all items against our owned closet hangers, group by item ID, then
|
||||
# only return those with zero matching hangers.
|
||||
|
|
5
db/migrate/20240421033509_add_shadowbanned_to_users.rb
Normal file
5
db/migrate/20240421033509_add_shadowbanned_to_users.rb
Normal file
|
@ -0,0 +1,5 @@
|
|||
class AddShadowbannedToUsers < ActiveRecord::Migration[7.1]
|
||||
def change
|
||||
add_column :users, :shadowbanned, :boolean, default: false, null: false
|
||||
end
|
||||
end
|
|
@ -10,7 +10,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema[7.1].define(version: 2024_04_01_124200) do
|
||||
ActiveRecord::Schema[7.1].define(version: 2024_04_21_033509) do
|
||||
create_table "alt_styles", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|
|
||||
t.integer "species_id", null: false
|
||||
t.integer "color_id", null: false
|
||||
|
@ -266,6 +266,7 @@ ActiveRecord::Schema[7.1].define(version: 2024_04_01_124200) do
|
|||
t.integer "contact_neopets_connection_id"
|
||||
t.timestamp "last_trade_activity_at"
|
||||
t.boolean "support_staff", default: false, null: false
|
||||
t.boolean "shadowbanned", default: false, null: false
|
||||
end
|
||||
|
||||
create_table "zones", id: :integer, charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|
|
||||
|
|
Loading…
Reference in a new issue