Merge branch 'develop' of https://code.gab.com/gab/social/gab-social into develop

2021-02-03 10:13:04 -05:00 · 2021-02-03 10:13:04 -05:00 · 6a620f388e
parent 80297c4d21 dd8531237d
commit 6a620f388e
17 changed files with 134 additions and 46 deletions
--- a/.env.nanobox
+++ b/.env.nanobox
@ -224,3 +224,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
+
+# Gab Captcha
+GAB_CAPTCHA_SECRET_KEY=
+GAB_CAPTCHA_CLIENT_KEY=
--- a/.env.production.sample
+++ b/.env.production.sample
@ -231,3 +231,7 @@ STREAMING_CLUSTER_NUM=1
 # http_proxy=http://gateway.local:8118
 # Access control for hidden service.
 # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
+
+# Gab Captcha
+GAB_CAPTCHA_SECRET_KEY=
+GAB_CAPTCHA_CLIENT_KEY=
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@ -2,7 +2,7 @@

 module Admin
  class AccountsController < BaseController
-    before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro, :edit, :update]
+    before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro, :edit, :update, :reset_spam]
    before_action :require_remote_account!, only: [:redownload]
    before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]

@ -173,6 +173,11 @@ module Admin
      end
    end

+    def reset_spam
+      @account.is_flagged_as_spam = false
+      @account.save!
+      redirect_to admin_account_path(@account.id)
+    end

    private

@ -201,6 +206,7 @@ module Admin
        :pending,
        :silenced,
        :suspended,
+        :spam,
        :username,
        :display_name,
        :email,
--- a/app/controllers/api/v1/timelines/home_controller.rb
+++ b/app/controllers/api/v1/timelines/home_controller.rb
@ -24,7 +24,7 @@ class Api::V1::Timelines::HomeController < Api::BaseController
  end

  def home_statuses
-    theLimit = params[:max_id].nil? ? 10 : limit_param(DEFAULT_STATUSES_LIMIT)
+    theLimit = params[:max_id].nil? ? 20 : limit_param(DEFAULT_STATUSES_LIMIT)
    account_home_feed.get(
      theLimit,
      params[:max_id],
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@ -3,26 +3,22 @@
 class Auth::RegistrationsController < Devise::RegistrationsController
  layout :determine_layout

-  before_action :set_challenge, only: [:new]
  before_action :check_enabled_registrations, only: [:new, :create]
  before_action :configure_sign_up_params, only: [:create]
  before_action :set_sessions, only: [:edit, :update]
  before_action :set_instance_presenter, only: [:new, :create, :update]
  before_action :set_body_classes, only: [:new, :create, :edit, :update]
  before_action :set_cache_headers, only: [:edit, :update]
+  prepend_before_action :check_captcha, only: [:create]

  def new
+    set_challenge_buster
    super
  end

  def create
-    if session[:challenge_answer].to_s == params[:user][:challenge].to_s.strip
-      # Reset after, may be errors to return and this ensures its still visible
-      set_challenge
-      super
-    else
-      return false
-    end
+    set_challenge_buster
+    super
  end

  def destroy
@ -66,6 +62,18 @@ class Auth::RegistrationsController < Devise::RegistrationsController

  private

+  def check_captcha
+    unless passed_challenge?(params["gab-captcha-st"], params[:user])
+      self.resource = resource_class.new configure_sign_up_params
+      resource.validate # Look for any other validation errors besides reCAPTCHA
+      flash[:captcha_error] = "Incorrect text. Please try again."
+      set_challenge_buster
+      respond_with_navigational(resource) {
+        redirect_to new_user_registration_path
+      }
+    end 
+  end
+
  def set_instance_presenter
    @instance_presenter = InstancePresenter.new
  end
@ -74,10 +82,37 @@ class Auth::RegistrationsController < Devise::RegistrationsController
    @body_classes = %w(edit update).include?(action_name) ? 'admin' : ''
  end

-  def set_challenge
-    @challenge_add_1 = rand(0...9)
-    @challenge_add_2 = rand(0...9)
-    session[:challenge_answer] = @challenge_add_1 + @challenge_add_2
+  def set_challenge_buster
+    @challenge_buster = SecureRandom.hex
+  end
+
+  def passed_challenge?(serverToken, userParams)
+    # Log if captcha keys not present in ENV
+    if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
+      Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_CLIENT_KEY is undefined"
+    end
+
+    # Log and return false is captcha key is not present. This will disallow anyone from signing up
+    if ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').nil?
+      Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_SECRET_KEY is undefined"
+      return false
+    end
+
+    typedChallenge = userParams[:challenge]
+    username = userParams[:account_attributes][:username]
+
+    return false if serverToken.nil? || serverToken.empty? || typedChallenge.nil? || typedChallenge.empty?
+    
+    Request.new(:post, "https://captcha.gab.com/captcha/#{serverToken}/verify", form: {
+      "serverKey" => ENV.fetch('GAB_CAPTCHA_SECRET_KEY', ''),
+      "value" => typedChallenge,
+      "username" => username,
+      "ip" => request.headers['CF-Real-IP']
+    }).perform do |res|
+      body = JSON.parse(res.body_with_limit)
+      result = !!body["success"]
+      return result
+    end
  end

  def determine_layout
--- a/app/helpers/admin/filter_helper.rb
+++ b/app/helpers/admin/filter_helper.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true

 module Admin::FilterHelper
-  ACCOUNT_FILTERS      = %i(local remote by_domain active pending silenced suspended username display_name email ip note staff).freeze
+  ACCOUNT_FILTERS      = %i(local remote by_domain active pending silenced suspended username display_name email ip note staff spam).freeze
  REPORT_FILTERS       = %i(resolved account_id target_account_id).freeze
  INVITE_FILTER        = %i(available expired).freeze
  CUSTOM_EMOJI_FILTERS = %i(local remote by_domain shortcode).freeze
--- a/app/javascript/gabsocial/components/popover/status_options_popover.js
+++ b/app/javascript/gabsocial/components/popover/status_options_popover.js
@ -289,7 +289,7 @@ class StatusOptionsPopover extends ImmutablePureComponent {
      })
      menu.push({
        title: intl.formatMessage(messages.admin_status),
-        href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses/${status.get('id')}`
+        href: `/admin/accounts/${status.getIn(['account', 'id'])}/account_statuses/${status.get('id')}`
      })
    }

--- a/app/lib/sorting_query_builder.rb
+++ b/app/lib/sorting_query_builder.rb
@ -50,6 +50,9 @@ class SortingQueryBuilder < BaseService
        select q.* from (
        select s.*
        from statuses s
+        join accounts a
+          on s.account_id = a.id
+          and a.is_flagged_as_spam is false
        join group_accounts ga
          on s.group_id = ga.group_id
          and ga.account_id = #{account_id} "
@ -91,6 +94,8 @@ class SortingQueryBuilder < BaseService
      query = Status.without_replies.without_reblogs
      query = query.with_public_visibility if group.nil?
      query = query.where('statuses.created_at > ?', date_limit)
+      query = query.joins(:account)
+      query = query.where('accounts.is_flagged_as_spam is false')
      if source == "explore"
        query = query.where(group: nil)
      else
@ -106,6 +111,8 @@ class SortingQueryBuilder < BaseService
      query = query.where('status_stats.replies_count > ?', min_replies) unless sort_type == 'recent'
      query = query.where('status_stats.reblogs_count > ?', min_reblogs) unless sort_type == 'recent'
      query = query.where('status_stats.favourites_count > ?', min_likes) unless sort_type == 'recent'
+      query = query.joins(:account)
+      query = query.where('accounts.is_flagged_as_spam is false')
      query = query.joins(:status)
      query = query.where('statuses.reblog_of_id IS NULL')
      query = query.where('statuses.in_reply_to_id IS NULL')
--- a/app/models/account_filter.rb
+++ b/app/models/account_filter.rb
@ -58,6 +58,8 @@ class AccountFilter
      Account.joins(:account_stat)
    when "sign_up_date_gte"
      Account.where("created_at >= ?", value)
+    when "spam"
+      Account.where(is_flagged_as_spam: true)
    else
      raise "Unknown filter: #{key}"
    end
--- a/app/models/home_feed.rb
+++ b/app/models/home_feed.rb
@ -19,24 +19,38 @@ class HomeFeed < Feed
    pagination_max = "and s.id < #{max_id}" unless max_id.nil?
    pagination_min = "and s.id > #{min_id}" unless min_id.nil?
    Status.find_by_sql "
-      select s.*
-        from statuses s
-        left join statuses r
-          on s.reblog_of_id = r.id
+      with cte as
+      (
+        select
+          row_number() over (partition by sid.reblog_of_id order by sid.id desc) as rn_dupe,
+          sid.*
+        FROM
+         (select
+          s.id,
+          s.reblog_of_id
+         from statuses s
+         left join statuses r
+           on s.reblog_of_id = r.id
+         where
+          s.created_at > NOW() - INTERVAL '7 days'
+          and s.reply is false
+          and (exists(select ff.target_account_id from follows ff where ff.account_id = #{@id} and ff.target_account_id = s.account_id)
+            or s.account_id = #{@id})
+          and not exists(select mm.target_account_id from mutes mm where mm.account_id = #{@id} and mm.target_account_id in (s.account_id, r.account_id))
+          and not exists(select bb.target_account_id from blocks bb where bb.account_id = #{@id} and bb.target_account_id in (s.account_id, r.account_id))
+          #{pagination_max}
+          #{pagination_min}
+         order by s.created_at desc
+          limit #{limit}
+        ) sid
+        inner join statuses s on sid.id = s.id
+      )
+      select
+        s.*
+      from cte
+      inner join statuses s on cte.id = s.id
      where
-        s.created_at > NOW() - INTERVAL '7 days'
-        and s.reply is false
-        and (
-          exists(select ff.target_account_id from follows ff
-            where ff.account_id = #{@id} and ff.target_account_id = s.account_id)
-          or s.account_id = #{@id})
-        and not exists(select mm.target_account_id from mutes mm
-          where mm.account_id = #{@id} and mm.target_account_id in (s.account_id, r.account_id))
-        and not exists(select bb.target_account_id from blocks bb
-          where bb.account_id = #{@id} and bb.target_account_id in (s.account_id, r.account_id))
-        #{pagination_max}
-        #{pagination_min}
-      order by s.created_at desc limit #{limit}
+          (cte.rn_dupe = 1 or cte.reblog_of_id is null)
    "
  end
 end
--- a/app/views/admin/account_statuses/show.html.haml
+++ b/app/views/admin/account_statuses/show.html.haml
@ -11,7 +11,7 @@

 %hr.spacer/

-= form_for(@form, url: admin_account_statuses_path(@account.id)) do |f|
+= form_for(@form, url: admin_account_account_statuses_path(@account.id)) do |f|
  = hidden_field_tag :page, params[:page]
  = hidden_field_tag :media, params[:media]

--- a/app/views/admin/accounts/index.html.haml
+++ b/app/views/admin/accounts/index.html.haml
@ -8,6 +8,13 @@
      %li= filter_link_to t('admin.accounts.moderation.active'), silenced: nil, suspended: nil, pending: nil
      %li= filter_link_to t('admin.accounts.moderation.silenced'), silenced: '1', suspended: nil, pending: nil
      %li= filter_link_to t('admin.accounts.moderation.suspended'), suspended: '1', silenced: nil, pending: nil
+  
+  .filter-subset
+    %strong Permissions
+    %ul
+      %li= filter_link_to "All", spam: nil
+      %li= filter_link_to "Spam", spam: '1'
+
  .filter-subset
    %strong= t('admin.accounts.role')
    %ul
--- a/app/views/admin/accounts/show.html.haml
+++ b/app/views/admin/accounts/show.html.haml
@ -142,6 +142,9 @@
                %span YES
              - else
                %span no
+            - if @account.is_flagged_as_spam?
+              %td= table_link_to 'ban', 'Reset', reset_spam_admin_account_path(@account.id), method: :post
+

          %tr
            %th= t('admin.accounts.most_recent_ip')
--- a/app/views/auth/registrations/new.html.haml
+++ b/app/views/auth/registrations/new.html.haml
@ -5,8 +5,9 @@
  = render partial: 'shared/og'

 = simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
-  %h2.form-title Sign up for Gab
-
+  %div{style: "display:flex;flex-direction:row;height:36px;width:100%;align-items:center;margin-bottom:15px;"}
+    %h2.form-title{style: "padding:0;margin:0 auto;"} Sign up for Gab
+    
  = render 'shared/error_messages', object: resource

  = f.simple_fields_for :account do |ff|
@ -22,9 +23,12 @@
  .fields-group
    = f.input :password_confirmation, wrapper: :with_label, label: t('simple_form.labels.defaults.confirm_password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password'), :autocomplete => 'off' }

-  .fields-group
-    = f.input :challenge, wrapper: :with_label, label: "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2} = ", required: true, input_html: { 'aria-label' => "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2}", :autocomplete => 'off' }
-
+  .fields-group{style: "flex-direction:column;"}
+    = f.input :challenge, wrapper: :with_label, label: "Are you a human? Enter the text below.", required: true, input_html: { 'aria-label' => "Are you a human? Enter the text below.", :autocomplete => 'off' }
+    %span{style: "margin-top:5px;font-size:12px;color:red;"}= flash[:captcha_error]
+    %div#gab-captcha{style: "display:block;position:relative;width:240px;height:100px;margin-top:10px;border-radius:6px;overflow:hidden;border:1px solid #ccc;"}
+      %span{style:"display:block;position:absolute;line-height:100px;width:240px;height:100px;top:0;left:0;right:0;bottom:0;text-align:center;color:#ccc;"} •   •   •
+ 
  .fields-group-agreement
    = f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', about_tos_path: about_tos_path)

@ -32,3 +36,6 @@
    = f.button :button, t('auth.register'), type: :submit

 .form-footer= render 'auth/shared/links'
+
+
+%script{src: "https://captcha.gab.com/captcha/#{ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '')}/challenge.js?b=#{@challenge_buster}", type: "application/javascript" }
--- a/app/workers/introduce_account_pro_worker.rb
+++ b/app/workers/introduce_account_pro_worker.rb
@ -15,6 +15,7 @@ class IntroduceAccountProWorker
  private

  def deliver_email(date_range)
+    return if @acct.nil? or @acct.user.nil?
    UserMailer.introduce_pro(@acct.user, date_range).deliver_now!
    @acct.user.touch(:last_emailed_at)
  end
--- a/app/workers/local_notification_worker.rb
+++ b/app/workers/local_notification_worker.rb
@ -4,13 +4,10 @@ class LocalNotificationWorker
  include Sidekiq::Worker

  def perform(receiver_account_id, activity_id = nil, activity_class_name = nil)
-    if activity_id.nil? && activity_class_name.nil?
-      activity = Mention.find(receiver_account_id)
-      receiver = activity.account
-    else
-      receiver = Account.find(receiver_account_id)
-      activity = activity_class_name.constantize.find(activity_id)
-    end
+    return true if activity_id.nil? or activity_class_name.nil?
+
+    receiver = Account.find(receiver_account_id)
+    activity = activity_class_name.constantize.find(activity_id)

    NotifyService.new.call(receiver, activity)
  rescue ActiveRecord::RecordNotFound
--- a/config/routes.rb
+++ b/config/routes.rb
@ -140,6 +140,7 @@ Rails.application.routes.draw do
        post :remove_donor_badge
        post :add_investor_badge
        post :remove_investor_badge
+        post :reset_spam
        get :edit_pro
        put :save_pro
      end