fix: don't allow mention spam

add: ip banning, ip ban management page
2025-04-03 11:22:56 -04:00 · 2025-04-03 11:22:56 -04:00 · e52733b00c
commit e52733b00c
parent 131a38abb9
14 changed files with 260 additions and 15 deletions
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -33,6 +33,27 @@ pub async fn redirect_from_id(
    }
 }

+pub async fn redirect_from_ip(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(ip): Path<String>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Redirect::to("/"),
+    };
+
+    if !user.permissions.check(FinePermission::MANAGE_BANS) {
+        return Redirect::to("/");
+    }
+
+    match data.get_user_by_token(&ip).await {
+        Ok(u) => Redirect::to(&format!("/@{}", u.username)),
+        Err(_) => Redirect::to("/"),
+    }
+}
+
 /// Update the settings of the given user.
 pub async fn update_user_settings_request(
    jar: CookieJar,
--- a/crates/app/src/routes/api/v1/mod.rs
+++ b/crates/app/src/routes/api/v1/mod.rs
@ -152,6 +152,10 @@ pub fn routes() -> Router {
            "/auth/profile/find/{id}",
            get(auth::profile::redirect_from_id),
        )
+        .route(
+            "/auth/profile/find_by_ip/{ip}",
+            get(auth::profile::redirect_from_ip),
+        )
        // notifications
        .route(
            "/notifications/my",
--- a/crates/app/src/routes/pages/mod.rs
+++ b/crates/app/src/routes/pages/mod.rs
@ -28,6 +28,7 @@ pub fn routes() -> Router {
            "/mod_panel/file_report",
            get(mod_panel::file_report_request),
        )
+        .route("/mod_panel/ip_bans", get(mod_panel::ip_bans_request))
        // auth
        .route("/auth/register", get(auth::register_request))
        .route("/auth/login", get(auth::login_request))
--- a/crates/app/src/routes/pages/mod_panel.rs
+++ b/crates/app/src/routes/pages/mod_panel.rs
@ -113,3 +113,39 @@ pub async fn file_report_request(
        data.1.render("mod/file_report.html", &context).unwrap(),
    ))
 }
+
+/// `/mod_panel/ip_bans`
+pub async fn ip_bans_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Query(req): Query<PaginatedQuery>,
+) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = match get_user_from_token!(jar, data.0) {
+        Some(ua) => ua,
+        None => {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
+    };
+
+    if !user.permissions.check(FinePermission::MANAGE_BANS) {
+        return Err(Html(
+            render_error(Error::NotAllowed, &jar, &data, &None).await,
+        ));
+    }
+
+    let items = match data.0.get_ipbans(12, req.page).await {
+        Ok(p) => p,
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    let lang = get_lang!(jar, data.0);
+    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+    context.insert("items", &items);
+    context.insert("page", &req.page);
+
+    // return
+    Ok(Html(data.1.render("mod/ip_bans.html", &context).unwrap()))
+}