Merge branch 'develop' of https://code.gab.com/gab/social/gab-social into develop

This commit is contained in:
admin 2021-02-03 10:13:04 -05:00
commit 6a620f388e
17 changed files with 134 additions and 46 deletions

View File

@ -224,3 +224,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1" # SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED= # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL= # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
# Gab Captcha
GAB_CAPTCHA_SECRET_KEY=
GAB_CAPTCHA_CLIENT_KEY=

View File

@ -231,3 +231,7 @@ STREAMING_CLUSTER_NUM=1
# http_proxy=http://gateway.local:8118 # http_proxy=http://gateway.local:8118
# Access control for hidden service. # Access control for hidden service.
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
# Gab Captcha
GAB_CAPTCHA_SECRET_KEY=
GAB_CAPTCHA_CLIENT_KEY=

View File

@ -2,7 +2,7 @@
module Admin module Admin
class AccountsController < BaseController class AccountsController < BaseController
before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro, :edit, :update] before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro, :edit, :update, :reset_spam]
before_action :require_remote_account!, only: [:redownload] before_action :require_remote_account!, only: [:redownload]
before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject] before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]
@ -173,6 +173,11 @@ module Admin
end end
end end
def reset_spam
@account.is_flagged_as_spam = false
@account.save!
redirect_to admin_account_path(@account.id)
end
private private
@ -201,6 +206,7 @@ module Admin
:pending, :pending,
:silenced, :silenced,
:suspended, :suspended,
:spam,
:username, :username,
:display_name, :display_name,
:email, :email,

View File

@ -24,7 +24,7 @@ class Api::V1::Timelines::HomeController < Api::BaseController
end end
def home_statuses def home_statuses
theLimit = params[:max_id].nil? ? 10 : limit_param(DEFAULT_STATUSES_LIMIT) theLimit = params[:max_id].nil? ? 20 : limit_param(DEFAULT_STATUSES_LIMIT)
account_home_feed.get( account_home_feed.get(
theLimit, theLimit,
params[:max_id], params[:max_id],

View File

@ -3,26 +3,22 @@
class Auth::RegistrationsController < Devise::RegistrationsController class Auth::RegistrationsController < Devise::RegistrationsController
layout :determine_layout layout :determine_layout
before_action :set_challenge, only: [:new]
before_action :check_enabled_registrations, only: [:new, :create] before_action :check_enabled_registrations, only: [:new, :create]
before_action :configure_sign_up_params, only: [:create] before_action :configure_sign_up_params, only: [:create]
before_action :set_sessions, only: [:edit, :update] before_action :set_sessions, only: [:edit, :update]
before_action :set_instance_presenter, only: [:new, :create, :update] before_action :set_instance_presenter, only: [:new, :create, :update]
before_action :set_body_classes, only: [:new, :create, :edit, :update] before_action :set_body_classes, only: [:new, :create, :edit, :update]
before_action :set_cache_headers, only: [:edit, :update] before_action :set_cache_headers, only: [:edit, :update]
prepend_before_action :check_captcha, only: [:create]
def new def new
set_challenge_buster
super super
end end
def create def create
if session[:challenge_answer].to_s == params[:user][:challenge].to_s.strip set_challenge_buster
# Reset after, may be errors to return and this ensures its still visible super
set_challenge
super
else
return false
end
end end
def destroy def destroy
@ -66,6 +62,18 @@ class Auth::RegistrationsController < Devise::RegistrationsController
private private
def check_captcha
unless passed_challenge?(params["gab-captcha-st"], params[:user])
self.resource = resource_class.new configure_sign_up_params
resource.validate # Look for any other validation errors besides reCAPTCHA
flash[:captcha_error] = "Incorrect text. Please try again."
set_challenge_buster
respond_with_navigational(resource) {
redirect_to new_user_registration_path
}
end
end
def set_instance_presenter def set_instance_presenter
@instance_presenter = InstancePresenter.new @instance_presenter = InstancePresenter.new
end end
@ -74,10 +82,37 @@ class Auth::RegistrationsController < Devise::RegistrationsController
@body_classes = %w(edit update).include?(action_name) ? 'admin' : '' @body_classes = %w(edit update).include?(action_name) ? 'admin' : ''
end end
def set_challenge def set_challenge_buster
@challenge_add_1 = rand(0...9) @challenge_buster = SecureRandom.hex
@challenge_add_2 = rand(0...9) end
session[:challenge_answer] = @challenge_add_1 + @challenge_add_2
def passed_challenge?(serverToken, userParams)
# Log if captcha keys not present in ENV
if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_CLIENT_KEY is undefined"
end
# Log and return false is captcha key is not present. This will disallow anyone from signing up
if ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').nil?
Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_SECRET_KEY is undefined"
return false
end
typedChallenge = userParams[:challenge]
username = userParams[:account_attributes][:username]
return false if serverToken.nil? || serverToken.empty? || typedChallenge.nil? || typedChallenge.empty?
Request.new(:post, "https://captcha.gab.com/captcha/#{serverToken}/verify", form: {
"serverKey" => ENV.fetch('GAB_CAPTCHA_SECRET_KEY', ''),
"value" => typedChallenge,
"username" => username,
"ip" => request.headers['CF-Real-IP']
}).perform do |res|
body = JSON.parse(res.body_with_limit)
result = !!body["success"]
return result
end
end end
def determine_layout def determine_layout

View File

@ -1,7 +1,7 @@
# frozen_string_literal: true # frozen_string_literal: true
module Admin::FilterHelper module Admin::FilterHelper
ACCOUNT_FILTERS = %i(local remote by_domain active pending silenced suspended username display_name email ip note staff).freeze ACCOUNT_FILTERS = %i(local remote by_domain active pending silenced suspended username display_name email ip note staff spam).freeze
REPORT_FILTERS = %i(resolved account_id target_account_id).freeze REPORT_FILTERS = %i(resolved account_id target_account_id).freeze
INVITE_FILTER = %i(available expired).freeze INVITE_FILTER = %i(available expired).freeze
CUSTOM_EMOJI_FILTERS = %i(local remote by_domain shortcode).freeze CUSTOM_EMOJI_FILTERS = %i(local remote by_domain shortcode).freeze

View File

@ -289,7 +289,7 @@ class StatusOptionsPopover extends ImmutablePureComponent {
}) })
menu.push({ menu.push({
title: intl.formatMessage(messages.admin_status), title: intl.formatMessage(messages.admin_status),
href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses/${status.get('id')}` href: `/admin/accounts/${status.getIn(['account', 'id'])}/account_statuses/${status.get('id')}`
}) })
} }

View File

@ -50,6 +50,9 @@ class SortingQueryBuilder < BaseService
select q.* from ( select q.* from (
select s.* select s.*
from statuses s from statuses s
join accounts a
on s.account_id = a.id
and a.is_flagged_as_spam is false
join group_accounts ga join group_accounts ga
on s.group_id = ga.group_id on s.group_id = ga.group_id
and ga.account_id = #{account_id} " and ga.account_id = #{account_id} "
@ -91,6 +94,8 @@ class SortingQueryBuilder < BaseService
query = Status.without_replies.without_reblogs query = Status.without_replies.without_reblogs
query = query.with_public_visibility if group.nil? query = query.with_public_visibility if group.nil?
query = query.where('statuses.created_at > ?', date_limit) query = query.where('statuses.created_at > ?', date_limit)
query = query.joins(:account)
query = query.where('accounts.is_flagged_as_spam is false')
if source == "explore" if source == "explore"
query = query.where(group: nil) query = query.where(group: nil)
else else
@ -106,6 +111,8 @@ class SortingQueryBuilder < BaseService
query = query.where('status_stats.replies_count > ?', min_replies) unless sort_type == 'recent' query = query.where('status_stats.replies_count > ?', min_replies) unless sort_type == 'recent'
query = query.where('status_stats.reblogs_count > ?', min_reblogs) unless sort_type == 'recent' query = query.where('status_stats.reblogs_count > ?', min_reblogs) unless sort_type == 'recent'
query = query.where('status_stats.favourites_count > ?', min_likes) unless sort_type == 'recent' query = query.where('status_stats.favourites_count > ?', min_likes) unless sort_type == 'recent'
query = query.joins(:account)
query = query.where('accounts.is_flagged_as_spam is false')
query = query.joins(:status) query = query.joins(:status)
query = query.where('statuses.reblog_of_id IS NULL') query = query.where('statuses.reblog_of_id IS NULL')
query = query.where('statuses.in_reply_to_id IS NULL') query = query.where('statuses.in_reply_to_id IS NULL')

View File

@ -58,6 +58,8 @@ class AccountFilter
Account.joins(:account_stat) Account.joins(:account_stat)
when "sign_up_date_gte" when "sign_up_date_gte"
Account.where("created_at >= ?", value) Account.where("created_at >= ?", value)
when "spam"
Account.where(is_flagged_as_spam: true)
else else
raise "Unknown filter: #{key}" raise "Unknown filter: #{key}"
end end

View File

@ -19,24 +19,38 @@ class HomeFeed < Feed
pagination_max = "and s.id < #{max_id}" unless max_id.nil? pagination_max = "and s.id < #{max_id}" unless max_id.nil?
pagination_min = "and s.id > #{min_id}" unless min_id.nil? pagination_min = "and s.id > #{min_id}" unless min_id.nil?
Status.find_by_sql " Status.find_by_sql "
select s.* with cte as
from statuses s (
left join statuses r select
on s.reblog_of_id = r.id row_number() over (partition by sid.reblog_of_id order by sid.id desc) as rn_dupe,
sid.*
FROM
(select
s.id,
s.reblog_of_id
from statuses s
left join statuses r
on s.reblog_of_id = r.id
where
s.created_at > NOW() - INTERVAL '7 days'
and s.reply is false
and (exists(select ff.target_account_id from follows ff where ff.account_id = #{@id} and ff.target_account_id = s.account_id)
or s.account_id = #{@id})
and not exists(select mm.target_account_id from mutes mm where mm.account_id = #{@id} and mm.target_account_id in (s.account_id, r.account_id))
and not exists(select bb.target_account_id from blocks bb where bb.account_id = #{@id} and bb.target_account_id in (s.account_id, r.account_id))
#{pagination_max}
#{pagination_min}
order by s.created_at desc
limit #{limit}
) sid
inner join statuses s on sid.id = s.id
)
select
s.*
from cte
inner join statuses s on cte.id = s.id
where where
s.created_at > NOW() - INTERVAL '7 days' (cte.rn_dupe = 1 or cte.reblog_of_id is null)
and s.reply is false
and (
exists(select ff.target_account_id from follows ff
where ff.account_id = #{@id} and ff.target_account_id = s.account_id)
or s.account_id = #{@id})
and not exists(select mm.target_account_id from mutes mm
where mm.account_id = #{@id} and mm.target_account_id in (s.account_id, r.account_id))
and not exists(select bb.target_account_id from blocks bb
where bb.account_id = #{@id} and bb.target_account_id in (s.account_id, r.account_id))
#{pagination_max}
#{pagination_min}
order by s.created_at desc limit #{limit}
" "
end end
end end

View File

@ -11,7 +11,7 @@
%hr.spacer/ %hr.spacer/
= form_for(@form, url: admin_account_statuses_path(@account.id)) do |f| = form_for(@form, url: admin_account_account_statuses_path(@account.id)) do |f|
= hidden_field_tag :page, params[:page] = hidden_field_tag :page, params[:page]
= hidden_field_tag :media, params[:media] = hidden_field_tag :media, params[:media]

View File

@ -8,6 +8,13 @@
%li= filter_link_to t('admin.accounts.moderation.active'), silenced: nil, suspended: nil, pending: nil %li= filter_link_to t('admin.accounts.moderation.active'), silenced: nil, suspended: nil, pending: nil
%li= filter_link_to t('admin.accounts.moderation.silenced'), silenced: '1', suspended: nil, pending: nil %li= filter_link_to t('admin.accounts.moderation.silenced'), silenced: '1', suspended: nil, pending: nil
%li= filter_link_to t('admin.accounts.moderation.suspended'), suspended: '1', silenced: nil, pending: nil %li= filter_link_to t('admin.accounts.moderation.suspended'), suspended: '1', silenced: nil, pending: nil
.filter-subset
%strong Permissions
%ul
%li= filter_link_to "All", spam: nil
%li= filter_link_to "Spam", spam: '1'
.filter-subset .filter-subset
%strong= t('admin.accounts.role') %strong= t('admin.accounts.role')
%ul %ul

View File

@ -142,6 +142,9 @@
%span YES %span YES
- else - else
%span no %span no
- if @account.is_flagged_as_spam?
%td= table_link_to 'ban', 'Reset', reset_spam_admin_account_path(@account.id), method: :post
%tr %tr
%th= t('admin.accounts.most_recent_ip') %th= t('admin.accounts.most_recent_ip')

View File

@ -5,7 +5,8 @@
= render partial: 'shared/og' = render partial: 'shared/og'
= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| = simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
%h2.form-title Sign up for Gab %div{style: "display:flex;flex-direction:row;height:36px;width:100%;align-items:center;margin-bottom:15px;"}
%h2.form-title{style: "padding:0;margin:0 auto;"} Sign up for Gab
= render 'shared/error_messages', object: resource = render 'shared/error_messages', object: resource
@ -22,8 +23,11 @@
.fields-group .fields-group
= f.input :password_confirmation, wrapper: :with_label, label: t('simple_form.labels.defaults.confirm_password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password'), :autocomplete => 'off' } = f.input :password_confirmation, wrapper: :with_label, label: t('simple_form.labels.defaults.confirm_password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password'), :autocomplete => 'off' }
.fields-group .fields-group{style: "flex-direction:column;"}
= f.input :challenge, wrapper: :with_label, label: "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2} = ", required: true, input_html: { 'aria-label' => "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2}", :autocomplete => 'off' } = f.input :challenge, wrapper: :with_label, label: "Are you a human? Enter the text below.", required: true, input_html: { 'aria-label' => "Are you a human? Enter the text below.", :autocomplete => 'off' }
%span{style: "margin-top:5px;font-size:12px;color:red;"}= flash[:captcha_error]
%div#gab-captcha{style: "display:block;position:relative;width:240px;height:100px;margin-top:10px;border-radius:6px;overflow:hidden;border:1px solid #ccc;"}
%span{style:"display:block;position:absolute;line-height:100px;width:240px;height:100px;top:0;left:0;right:0;bottom:0;text-align:center;color:#ccc;"} • • •
.fields-group-agreement .fields-group-agreement
= f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', about_tos_path: about_tos_path) = f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', about_tos_path: about_tos_path)
@ -32,3 +36,6 @@
= f.button :button, t('auth.register'), type: :submit = f.button :button, t('auth.register'), type: :submit
.form-footer= render 'auth/shared/links' .form-footer= render 'auth/shared/links'
%script{src: "https://captcha.gab.com/captcha/#{ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '')}/challenge.js?b=#{@challenge_buster}", type: "application/javascript" }

View File

@ -15,6 +15,7 @@ class IntroduceAccountProWorker
private private
def deliver_email(date_range) def deliver_email(date_range)
return if @acct.nil? or @acct.user.nil?
UserMailer.introduce_pro(@acct.user, date_range).deliver_now! UserMailer.introduce_pro(@acct.user, date_range).deliver_now!
@acct.user.touch(:last_emailed_at) @acct.user.touch(:last_emailed_at)
end end

View File

@ -4,13 +4,10 @@ class LocalNotificationWorker
include Sidekiq::Worker include Sidekiq::Worker
def perform(receiver_account_id, activity_id = nil, activity_class_name = nil) def perform(receiver_account_id, activity_id = nil, activity_class_name = nil)
if activity_id.nil? && activity_class_name.nil? return true if activity_id.nil? or activity_class_name.nil?
activity = Mention.find(receiver_account_id)
receiver = activity.account receiver = Account.find(receiver_account_id)
else activity = activity_class_name.constantize.find(activity_id)
receiver = Account.find(receiver_account_id)
activity = activity_class_name.constantize.find(activity_id)
end
NotifyService.new.call(receiver, activity) NotifyService.new.call(receiver, activity)
rescue ActiveRecord::RecordNotFound rescue ActiveRecord::RecordNotFound

View File

@ -140,6 +140,7 @@ Rails.application.routes.draw do
post :remove_donor_badge post :remove_donor_badge
post :add_investor_badge post :add_investor_badge
post :remove_investor_badge post :remove_investor_badge
post :reset_spam
get :edit_pro get :edit_pro
put :save_pro put :save_pro
end end