1
0
Fork 0
forked from OpenNeo/impress

Add shadowban mechanism for closet lists

Simple enough to start! If `shadowbanned: true` gets set on a user,
then we show a 404 instead of the actual list page, *unless* you're
logged in as that user, or coming from a known IP of that user.

This isn't a very strong mechanism! Just something to hopefully
increase the costs of messing around with list spam.
This commit is contained in:
Emi Matchu 2024-04-20 20:57:15 -07:00
parent 4ae5acfdc3
commit 156cabbab4
5 changed files with 22 additions and 2 deletions

View file

@ -1,6 +1,5 @@
require 'async'
require 'async/container'
require 'ipaddr'
class ApplicationController < ActionController::Base
include FragmentLocalization

View file

@ -2,6 +2,7 @@ class ClosetHangersController < ApplicationController
before_action :authorize_user!, :only => [:destroy, :create, :update, :update_quantities, :petpage]
before_action :find_item, :only => [:create, :update_quantities]
before_action :find_user, :only => [:index, :petpage, :update_quantities]
before_action :enforce_shadowban, only: [:index]
def destroy
if params[:list_id]
@ -214,6 +215,14 @@ class ClosetHangersController < ApplicationController
end
end
def enforce_shadowban
# If this user is shadowbanned, and this *doesn't* seem to be a request
# from that user, render the 404 page.
if @user.shadowbanned? && !@user.likely_is?(current_user, request.remote_ip)
render file: "public/404.html", layout: false, status: :not_found
end
end
def find_item
@item = Item.find params[:item_id]
end

View file

@ -46,6 +46,12 @@ class User < ApplicationRecord
serializable_hash only: [:id, :name]
end
# Given info about a request, return whether that request is likely to be
# coming from the same person who owns this account.
def likely_is?(current_user, remote_ip)
current_user == self || auth_user.current_sign_in_ip == remote_ip
end
def unowned_items
# Join all items against our owned closet hangers, group by item ID, then
# only return those with zero matching hangers.

View file

@ -0,0 +1,5 @@
class AddShadowbannedToUsers < ActiveRecord::Migration[7.1]
def change
add_column :users, :shadowbanned, :boolean, default: false, null: false
end
end

View file

@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[7.1].define(version: 2024_04_01_124200) do
ActiveRecord::Schema[7.1].define(version: 2024_04_21_033509) do
create_table "alt_styles", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|
t.integer "species_id", null: false
t.integer "color_id", null: false
@ -266,6 +266,7 @@ ActiveRecord::Schema[7.1].define(version: 2024_04_01_124200) do
t.integer "contact_neopets_connection_id"
t.timestamp "last_trade_activity_at"
t.boolean "support_staff", default: false, null: false
t.boolean "shadowbanned", default: false, null: false
end
create_table "zones", id: :integer, charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t|