forked from OpenNeo/impress
Add shadowban mechanism for closet lists
Simple enough to start! If `shadowbanned: true` gets set on a user, then we show a 404 instead of the actual list page, *unless* you're logged in as that user, or coming from a known IP of that user. This isn't a very strong mechanism! Just something to hopefully increase the costs of messing around with list spam.
This commit is contained in:
parent
4ae5acfdc3
commit
156cabbab4
5 changed files with 22 additions and 2 deletions
|
@ -1,6 +1,5 @@
|
||||||
require 'async'
|
require 'async'
|
||||||
require 'async/container'
|
require 'async/container'
|
||||||
require 'ipaddr'
|
|
||||||
|
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
include FragmentLocalization
|
include FragmentLocalization
|
||||||
|
|
|
@ -2,6 +2,7 @@ class ClosetHangersController < ApplicationController
|
||||||
before_action :authorize_user!, :only => [:destroy, :create, :update, :update_quantities, :petpage]
|
before_action :authorize_user!, :only => [:destroy, :create, :update, :update_quantities, :petpage]
|
||||||
before_action :find_item, :only => [:create, :update_quantities]
|
before_action :find_item, :only => [:create, :update_quantities]
|
||||||
before_action :find_user, :only => [:index, :petpage, :update_quantities]
|
before_action :find_user, :only => [:index, :petpage, :update_quantities]
|
||||||
|
before_action :enforce_shadowban, only: [:index]
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
if params[:list_id]
|
if params[:list_id]
|
||||||
|
@ -214,6 +215,14 @@ class ClosetHangersController < ApplicationController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def enforce_shadowban
|
||||||
|
# If this user is shadowbanned, and this *doesn't* seem to be a request
|
||||||
|
# from that user, render the 404 page.
|
||||||
|
if @user.shadowbanned? && !@user.likely_is?(current_user, request.remote_ip)
|
||||||
|
render file: "public/404.html", layout: false, status: :not_found
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def find_item
|
def find_item
|
||||||
@item = Item.find params[:item_id]
|
@item = Item.find params[:item_id]
|
||||||
end
|
end
|
||||||
|
|
|
@ -46,6 +46,12 @@ class User < ApplicationRecord
|
||||||
serializable_hash only: [:id, :name]
|
serializable_hash only: [:id, :name]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Given info about a request, return whether that request is likely to be
|
||||||
|
# coming from the same person who owns this account.
|
||||||
|
def likely_is?(current_user, remote_ip)
|
||||||
|
current_user == self || auth_user.current_sign_in_ip == remote_ip
|
||||||
|
end
|
||||||
|
|
||||||
def unowned_items
|
def unowned_items
|
||||||
# Join all items against our owned closet hangers, group by item ID, then
|
# Join all items against our owned closet hangers, group by item ID, then
|
||||||
# only return those with zero matching hangers.
|
# only return those with zero matching hangers.
|
||||||
|
|
5
db/migrate/20240421033509_add_shadowbanned_to_users.rb
Normal file
5
db/migrate/20240421033509_add_shadowbanned_to_users.rb
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
class AddShadowbannedToUsers < ActiveRecord::Migration[7.1]
|
||||||
|
def change
|
||||||
|
add_column :users, :shadowbanned, :boolean, default: false, null: false
|
||||||
|
end
|
||||||
|
end
|
|
@ -10,7 +10,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema[7.1].define(version: 2024_04_01_124200) do
|
ActiveRecord::Schema[7.1].define(version: 2024_04_21_033509) do
|
||||||
create_table "alt_styles", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|
|
create_table "alt_styles", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|
|
||||||
t.integer "species_id", null: false
|
t.integer "species_id", null: false
|
||||||
t.integer "color_id", null: false
|
t.integer "color_id", null: false
|
||||||
|
@ -266,6 +266,7 @@ ActiveRecord::Schema[7.1].define(version: 2024_04_01_124200) do
|
||||||
t.integer "contact_neopets_connection_id"
|
t.integer "contact_neopets_connection_id"
|
||||||
t.timestamp "last_trade_activity_at"
|
t.timestamp "last_trade_activity_at"
|
||||||
t.boolean "support_staff", default: false, null: false
|
t.boolean "support_staff", default: false, null: false
|
||||||
|
t.boolean "shadowbanned", default: false, null: false
|
||||||
end
|
end
|
||||||
|
|
||||||
create_table "zones", id: :integer, charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|
|
create_table "zones", id: :integer, charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|
|
||||||
|
|
Loading…
Reference in a new issue