Merge branch 'develop' of https://code.gab.com/gab/social/gab-social into develop
This commit is contained in:
commit
6a620f388e
@ -224,3 +224,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
|
||||
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
|
||||
|
||||
# Gab Captcha
|
||||
GAB_CAPTCHA_SECRET_KEY=
|
||||
GAB_CAPTCHA_CLIENT_KEY=
|
@ -231,3 +231,7 @@ STREAMING_CLUSTER_NUM=1
|
||||
# http_proxy=http://gateway.local:8118
|
||||
# Access control for hidden service.
|
||||
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||||
|
||||
# Gab Captcha
|
||||
GAB_CAPTCHA_SECRET_KEY=
|
||||
GAB_CAPTCHA_CLIENT_KEY=
|
@ -2,7 +2,7 @@
|
||||
|
||||
module Admin
|
||||
class AccountsController < BaseController
|
||||
before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro, :edit, :update]
|
||||
before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro, :edit, :update, :reset_spam]
|
||||
before_action :require_remote_account!, only: [:redownload]
|
||||
before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]
|
||||
|
||||
@ -173,6 +173,11 @@ module Admin
|
||||
end
|
||||
end
|
||||
|
||||
def reset_spam
|
||||
@account.is_flagged_as_spam = false
|
||||
@account.save!
|
||||
redirect_to admin_account_path(@account.id)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
@ -201,6 +206,7 @@ module Admin
|
||||
:pending,
|
||||
:silenced,
|
||||
:suspended,
|
||||
:spam,
|
||||
:username,
|
||||
:display_name,
|
||||
:email,
|
||||
|
@ -24,7 +24,7 @@ class Api::V1::Timelines::HomeController < Api::BaseController
|
||||
end
|
||||
|
||||
def home_statuses
|
||||
theLimit = params[:max_id].nil? ? 10 : limit_param(DEFAULT_STATUSES_LIMIT)
|
||||
theLimit = params[:max_id].nil? ? 20 : limit_param(DEFAULT_STATUSES_LIMIT)
|
||||
account_home_feed.get(
|
||||
theLimit,
|
||||
params[:max_id],
|
||||
|
@ -3,26 +3,22 @@
|
||||
class Auth::RegistrationsController < Devise::RegistrationsController
|
||||
layout :determine_layout
|
||||
|
||||
before_action :set_challenge, only: [:new]
|
||||
before_action :check_enabled_registrations, only: [:new, :create]
|
||||
before_action :configure_sign_up_params, only: [:create]
|
||||
before_action :set_sessions, only: [:edit, :update]
|
||||
before_action :set_instance_presenter, only: [:new, :create, :update]
|
||||
before_action :set_body_classes, only: [:new, :create, :edit, :update]
|
||||
before_action :set_cache_headers, only: [:edit, :update]
|
||||
prepend_before_action :check_captcha, only: [:create]
|
||||
|
||||
def new
|
||||
set_challenge_buster
|
||||
super
|
||||
end
|
||||
|
||||
def create
|
||||
if session[:challenge_answer].to_s == params[:user][:challenge].to_s.strip
|
||||
# Reset after, may be errors to return and this ensures its still visible
|
||||
set_challenge
|
||||
super
|
||||
else
|
||||
return false
|
||||
end
|
||||
set_challenge_buster
|
||||
super
|
||||
end
|
||||
|
||||
def destroy
|
||||
@ -66,6 +62,18 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
||||
|
||||
private
|
||||
|
||||
def check_captcha
|
||||
unless passed_challenge?(params["gab-captcha-st"], params[:user])
|
||||
self.resource = resource_class.new configure_sign_up_params
|
||||
resource.validate # Look for any other validation errors besides reCAPTCHA
|
||||
flash[:captcha_error] = "Incorrect text. Please try again."
|
||||
set_challenge_buster
|
||||
respond_with_navigational(resource) {
|
||||
redirect_to new_user_registration_path
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
def set_instance_presenter
|
||||
@instance_presenter = InstancePresenter.new
|
||||
end
|
||||
@ -74,10 +82,37 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
||||
@body_classes = %w(edit update).include?(action_name) ? 'admin' : ''
|
||||
end
|
||||
|
||||
def set_challenge
|
||||
@challenge_add_1 = rand(0...9)
|
||||
@challenge_add_2 = rand(0...9)
|
||||
session[:challenge_answer] = @challenge_add_1 + @challenge_add_2
|
||||
def set_challenge_buster
|
||||
@challenge_buster = SecureRandom.hex
|
||||
end
|
||||
|
||||
def passed_challenge?(serverToken, userParams)
|
||||
# Log if captcha keys not present in ENV
|
||||
if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
|
||||
Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_CLIENT_KEY is undefined"
|
||||
end
|
||||
|
||||
# Log and return false is captcha key is not present. This will disallow anyone from signing up
|
||||
if ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').nil?
|
||||
Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_SECRET_KEY is undefined"
|
||||
return false
|
||||
end
|
||||
|
||||
typedChallenge = userParams[:challenge]
|
||||
username = userParams[:account_attributes][:username]
|
||||
|
||||
return false if serverToken.nil? || serverToken.empty? || typedChallenge.nil? || typedChallenge.empty?
|
||||
|
||||
Request.new(:post, "https://captcha.gab.com/captcha/#{serverToken}/verify", form: {
|
||||
"serverKey" => ENV.fetch('GAB_CAPTCHA_SECRET_KEY', ''),
|
||||
"value" => typedChallenge,
|
||||
"username" => username,
|
||||
"ip" => request.headers['CF-Real-IP']
|
||||
}).perform do |res|
|
||||
body = JSON.parse(res.body_with_limit)
|
||||
result = !!body["success"]
|
||||
return result
|
||||
end
|
||||
end
|
||||
|
||||
def determine_layout
|
||||
|
@ -1,7 +1,7 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Admin::FilterHelper
|
||||
ACCOUNT_FILTERS = %i(local remote by_domain active pending silenced suspended username display_name email ip note staff).freeze
|
||||
ACCOUNT_FILTERS = %i(local remote by_domain active pending silenced suspended username display_name email ip note staff spam).freeze
|
||||
REPORT_FILTERS = %i(resolved account_id target_account_id).freeze
|
||||
INVITE_FILTER = %i(available expired).freeze
|
||||
CUSTOM_EMOJI_FILTERS = %i(local remote by_domain shortcode).freeze
|
||||
|
@ -289,7 +289,7 @@ class StatusOptionsPopover extends ImmutablePureComponent {
|
||||
})
|
||||
menu.push({
|
||||
title: intl.formatMessage(messages.admin_status),
|
||||
href: `/admin/accounts/${status.getIn(['account', 'id'])}/statuses/${status.get('id')}`
|
||||
href: `/admin/accounts/${status.getIn(['account', 'id'])}/account_statuses/${status.get('id')}`
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -50,6 +50,9 @@ class SortingQueryBuilder < BaseService
|
||||
select q.* from (
|
||||
select s.*
|
||||
from statuses s
|
||||
join accounts a
|
||||
on s.account_id = a.id
|
||||
and a.is_flagged_as_spam is false
|
||||
join group_accounts ga
|
||||
on s.group_id = ga.group_id
|
||||
and ga.account_id = #{account_id} "
|
||||
@ -91,6 +94,8 @@ class SortingQueryBuilder < BaseService
|
||||
query = Status.without_replies.without_reblogs
|
||||
query = query.with_public_visibility if group.nil?
|
||||
query = query.where('statuses.created_at > ?', date_limit)
|
||||
query = query.joins(:account)
|
||||
query = query.where('accounts.is_flagged_as_spam is false')
|
||||
if source == "explore"
|
||||
query = query.where(group: nil)
|
||||
else
|
||||
@ -106,6 +111,8 @@ class SortingQueryBuilder < BaseService
|
||||
query = query.where('status_stats.replies_count > ?', min_replies) unless sort_type == 'recent'
|
||||
query = query.where('status_stats.reblogs_count > ?', min_reblogs) unless sort_type == 'recent'
|
||||
query = query.where('status_stats.favourites_count > ?', min_likes) unless sort_type == 'recent'
|
||||
query = query.joins(:account)
|
||||
query = query.where('accounts.is_flagged_as_spam is false')
|
||||
query = query.joins(:status)
|
||||
query = query.where('statuses.reblog_of_id IS NULL')
|
||||
query = query.where('statuses.in_reply_to_id IS NULL')
|
||||
|
@ -58,6 +58,8 @@ class AccountFilter
|
||||
Account.joins(:account_stat)
|
||||
when "sign_up_date_gte"
|
||||
Account.where("created_at >= ?", value)
|
||||
when "spam"
|
||||
Account.where(is_flagged_as_spam: true)
|
||||
else
|
||||
raise "Unknown filter: #{key}"
|
||||
end
|
||||
|
@ -19,24 +19,38 @@ class HomeFeed < Feed
|
||||
pagination_max = "and s.id < #{max_id}" unless max_id.nil?
|
||||
pagination_min = "and s.id > #{min_id}" unless min_id.nil?
|
||||
Status.find_by_sql "
|
||||
select s.*
|
||||
from statuses s
|
||||
left join statuses r
|
||||
on s.reblog_of_id = r.id
|
||||
with cte as
|
||||
(
|
||||
select
|
||||
row_number() over (partition by sid.reblog_of_id order by sid.id desc) as rn_dupe,
|
||||
sid.*
|
||||
FROM
|
||||
(select
|
||||
s.id,
|
||||
s.reblog_of_id
|
||||
from statuses s
|
||||
left join statuses r
|
||||
on s.reblog_of_id = r.id
|
||||
where
|
||||
s.created_at > NOW() - INTERVAL '7 days'
|
||||
and s.reply is false
|
||||
and (exists(select ff.target_account_id from follows ff where ff.account_id = #{@id} and ff.target_account_id = s.account_id)
|
||||
or s.account_id = #{@id})
|
||||
and not exists(select mm.target_account_id from mutes mm where mm.account_id = #{@id} and mm.target_account_id in (s.account_id, r.account_id))
|
||||
and not exists(select bb.target_account_id from blocks bb where bb.account_id = #{@id} and bb.target_account_id in (s.account_id, r.account_id))
|
||||
#{pagination_max}
|
||||
#{pagination_min}
|
||||
order by s.created_at desc
|
||||
limit #{limit}
|
||||
) sid
|
||||
inner join statuses s on sid.id = s.id
|
||||
)
|
||||
select
|
||||
s.*
|
||||
from cte
|
||||
inner join statuses s on cte.id = s.id
|
||||
where
|
||||
s.created_at > NOW() - INTERVAL '7 days'
|
||||
and s.reply is false
|
||||
and (
|
||||
exists(select ff.target_account_id from follows ff
|
||||
where ff.account_id = #{@id} and ff.target_account_id = s.account_id)
|
||||
or s.account_id = #{@id})
|
||||
and not exists(select mm.target_account_id from mutes mm
|
||||
where mm.account_id = #{@id} and mm.target_account_id in (s.account_id, r.account_id))
|
||||
and not exists(select bb.target_account_id from blocks bb
|
||||
where bb.account_id = #{@id} and bb.target_account_id in (s.account_id, r.account_id))
|
||||
#{pagination_max}
|
||||
#{pagination_min}
|
||||
order by s.created_at desc limit #{limit}
|
||||
(cte.rn_dupe = 1 or cte.reblog_of_id is null)
|
||||
"
|
||||
end
|
||||
end
|
||||
|
@ -11,7 +11,7 @@
|
||||
|
||||
%hr.spacer/
|
||||
|
||||
= form_for(@form, url: admin_account_statuses_path(@account.id)) do |f|
|
||||
= form_for(@form, url: admin_account_account_statuses_path(@account.id)) do |f|
|
||||
= hidden_field_tag :page, params[:page]
|
||||
= hidden_field_tag :media, params[:media]
|
||||
|
||||
|
@ -8,6 +8,13 @@
|
||||
%li= filter_link_to t('admin.accounts.moderation.active'), silenced: nil, suspended: nil, pending: nil
|
||||
%li= filter_link_to t('admin.accounts.moderation.silenced'), silenced: '1', suspended: nil, pending: nil
|
||||
%li= filter_link_to t('admin.accounts.moderation.suspended'), suspended: '1', silenced: nil, pending: nil
|
||||
|
||||
.filter-subset
|
||||
%strong Permissions
|
||||
%ul
|
||||
%li= filter_link_to "All", spam: nil
|
||||
%li= filter_link_to "Spam", spam: '1'
|
||||
|
||||
.filter-subset
|
||||
%strong= t('admin.accounts.role')
|
||||
%ul
|
||||
|
@ -142,6 +142,9 @@
|
||||
%span YES
|
||||
- else
|
||||
%span no
|
||||
- if @account.is_flagged_as_spam?
|
||||
%td= table_link_to 'ban', 'Reset', reset_spam_admin_account_path(@account.id), method: :post
|
||||
|
||||
|
||||
%tr
|
||||
%th= t('admin.accounts.most_recent_ip')
|
||||
|
@ -5,7 +5,8 @@
|
||||
= render partial: 'shared/og'
|
||||
|
||||
= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
|
||||
%h2.form-title Sign up for Gab
|
||||
%div{style: "display:flex;flex-direction:row;height:36px;width:100%;align-items:center;margin-bottom:15px;"}
|
||||
%h2.form-title{style: "padding:0;margin:0 auto;"} Sign up for Gab
|
||||
|
||||
= render 'shared/error_messages', object: resource
|
||||
|
||||
@ -22,8 +23,11 @@
|
||||
.fields-group
|
||||
= f.input :password_confirmation, wrapper: :with_label, label: t('simple_form.labels.defaults.confirm_password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password'), :autocomplete => 'off' }
|
||||
|
||||
.fields-group
|
||||
= f.input :challenge, wrapper: :with_label, label: "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2} = ", required: true, input_html: { 'aria-label' => "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2}", :autocomplete => 'off' }
|
||||
.fields-group{style: "flex-direction:column;"}
|
||||
= f.input :challenge, wrapper: :with_label, label: "Are you a human? Enter the text below.", required: true, input_html: { 'aria-label' => "Are you a human? Enter the text below.", :autocomplete => 'off' }
|
||||
%span{style: "margin-top:5px;font-size:12px;color:red;"}= flash[:captcha_error]
|
||||
%div#gab-captcha{style: "display:block;position:relative;width:240px;height:100px;margin-top:10px;border-radius:6px;overflow:hidden;border:1px solid #ccc;"}
|
||||
%span{style:"display:block;position:absolute;line-height:100px;width:240px;height:100px;top:0;left:0;right:0;bottom:0;text-align:center;color:#ccc;"} • • •
|
||||
|
||||
.fields-group-agreement
|
||||
= f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', about_tos_path: about_tos_path)
|
||||
@ -32,3 +36,6 @@
|
||||
= f.button :button, t('auth.register'), type: :submit
|
||||
|
||||
.form-footer= render 'auth/shared/links'
|
||||
|
||||
|
||||
%script{src: "https://captcha.gab.com/captcha/#{ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '')}/challenge.js?b=#{@challenge_buster}", type: "application/javascript" }
|
||||
|
@ -15,6 +15,7 @@ class IntroduceAccountProWorker
|
||||
private
|
||||
|
||||
def deliver_email(date_range)
|
||||
return if @acct.nil? or @acct.user.nil?
|
||||
UserMailer.introduce_pro(@acct.user, date_range).deliver_now!
|
||||
@acct.user.touch(:last_emailed_at)
|
||||
end
|
||||
|
@ -4,13 +4,10 @@ class LocalNotificationWorker
|
||||
include Sidekiq::Worker
|
||||
|
||||
def perform(receiver_account_id, activity_id = nil, activity_class_name = nil)
|
||||
if activity_id.nil? && activity_class_name.nil?
|
||||
activity = Mention.find(receiver_account_id)
|
||||
receiver = activity.account
|
||||
else
|
||||
receiver = Account.find(receiver_account_id)
|
||||
activity = activity_class_name.constantize.find(activity_id)
|
||||
end
|
||||
return true if activity_id.nil? or activity_class_name.nil?
|
||||
|
||||
receiver = Account.find(receiver_account_id)
|
||||
activity = activity_class_name.constantize.find(activity_id)
|
||||
|
||||
NotifyService.new.call(receiver, activity)
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
|
@ -140,6 +140,7 @@ Rails.application.routes.draw do
|
||||
post :remove_donor_badge
|
||||
post :add_investor_badge
|
||||
post :remove_investor_badge
|
||||
post :reset_spam
|
||||
get :edit_pro
|
||||
put :save_pro
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user