t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: don't allow mention spam

Browse source 
add: ip banning, ip ban management page
This commit is contained in:
trisua 2025-04-03 11:22:56 -04:00
parent 131a38abb9
commit e52733b00c
14 changed files with 260 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crates/app/src/assets.rs
View file

@ -57,6 +57,7 @@ pub const TIMELINES_POPULAR: &str = include_str!("./public/html/timelines/popula
pub const MOD_AUDIT_LOG: &str = include_str!("./public/html/mod/audit_log.html");
pub const MOD_REPORTS: &str = include_str!("./public/html/mod/reports.html");
pub const MOD_FILE_REPORT: &str = include_str!("./public/html/mod/file_report.html");
pub const MOD_IP_BANS: &str = include_str!("./public/html/mod/ip_bans.html");
// langs
pub const LANG_EN_US: &str = include_str!("./langs/en-US.toml");
@ -180,6 +181,7 @@ pub(crate) async fn write_assets(config: &Config) -> PathBufD {
write_template!(html_path->"mod/audit_log.html"(crate::assets::MOD_AUDIT_LOG) -d "mod" --config=config);
write_template!(html_path->"mod/reports.html"(crate::assets::MOD_REPORTS) --config=config);
write_template!(html_path->"mod/file_report.html"(crate::assets::MOD_FILE_REPORT) --config=config);
write_template!(html_path->"mod/ip_bans.html"(crate::assets::MOD_IP_BANS) --config=config);
html_path
}

1
crates/app/src/langs/en-US.toml
View file

@ -11,6 +11,7 @@ version = "1.0.0"
"general:link.reference" = "Reference"
"general:link.audit_log" = "Audit log"
"general:link.reports" = "Reports"
"general:link.ip_bans" = "IP bans"
"general:action.save" = "Save"
"general:action.delete" = "Delete"
"general:action.back" = "Back"

5
crates/app/src/public/html/macros.html
View file

@ -87,6 +87,11 @@ show_lhs=true) -%}
{{ icon "flag" }}
<span>{{ text "general:link.reports" }}</span>
</a>
<a href="/mod_panel/ip_bans">
{{ icon "ban" }}
<span>{{ text "general:link.ip_bans" }}</span>
</a>
{% endif %}
<b class="title">{{ config.name }}</b>

70
crates/app/src/public/html/mod/ip_bans.html Normal file
View file

@ -0,0 +1,70 @@
{% import "macros.html" as macros %} {% extends "root.html" %} {% block head %}
<title>IP Bans - {{ config.name }}</title>
{% endblock %} {% block body %} {{ macros::nav(selected="notifications") }}
<main class="flex flex-col gap-2">
<div class="card-nest w-full">
<div class="card small flex items-center gap-2">
{{ icon "ban" }}
<span>{{ text "general:link.ip_bans" }}</span>
</div>
<div class="card flex flex-col gap-2">
<!-- prettier-ignore -->
{% for item in items %}
<div class="card-nest">
<a
class="card small flex items-center gap-2 flush"
href="/api/v1/auth/profile/find/{{ item.moderator }}"
>
<!-- prettier-ignore -->
{{ components::avatar(username=item.moderator, selector_type="id") }}
<span>{{ item.moderator }}</span>
<span class="fade date">{{ item.created }}</span>
</a>
<div class="card secondary flex flex-col gap-2">
<code>{{ item.ip }}</code>
<span>{{ item.reason|markdown|safe }}</span>
<div class="card w-full flex flex-wrap gap-2">
<button
onclick="remove_report('{{ item.ip }}')"
class="red quaternary"
>
{{ icon "trash" }}
<span>{{ text "general:action.delete" }}</span>
</button>
</div>
</div>
</div>
{% endfor %}
<!-- prettier-ignore -->
{{ components::pagination(page=page, items=items|length) }}
</div>
</div>
</main>
<script>
async function remove_ban(ip) {
if (
!(await trigger("atto::confirm", [
"Are you sure you would like to do this?",
]))
) {
return;
}
fetch(`/api/v1/bans/${id}`, {
method: "DELETE",
})
.then((res) => res.json())
.then((res) => {
trigger("atto::toast", [
res.ok ? "success" : "error",
res.message,
]);
});
}
</script>
{% endblock %}

14
crates/app/src/public/html/profile/settings.html
View file

@ -241,7 +241,19 @@
"
>{{ token[1] }}</b
>
<span class="fade">{{ token[0] }}</span>
{% if is_helper %}
<span class="flex gap-2 items-center">
<span class="fade"
><a
href="/api/v1/auth/profile/find_by_ip/{{ token[0] }}"
><code>{{ token[0] }}</code></a
></span
>
</span>
{% else %}
<span class="fade"><code>{{ token[0] }}</code></span>
{% endif %}
<span class="fade date">{{ token[2] }}</span>
</div>

2
crates/app/src/public/html/root.html
View file

@ -104,7 +104,7 @@
atto["hooks::long_text.init"]();
atto["hooks::alt"]();
atto["hooks::online_indicator"]();
// atto["hooks::ips"]();
atto["hooks::ips"]();
atto["hooks::check_reactions"]();
atto["hooks::tabs"]();
atto["hooks::partial_embeds"]();

56
crates/app/src/public/js/atto.js
View file

@ -408,6 +408,62 @@ media_theme_pref();
}
});
self.define("hooks::ips", ({ $ }) => {
for (const anchor of Array.from(document.querySelectorAll("a"))) {
try {
const href = new URL(anchor.href);
if (
href.pathname.startsWith("/api/v1/auth/profile/find_by_ip/")
) {
const ban_button = document.createElement("button");
ban_button.innerText = "Ban IP";
ban_button.className = "quaternary red small";
anchor.parentElement.parentElement.appendChild(ban_button);
ban_button.addEventListener("click", async (e) => {
e.preventDefault();
$.ban_ip(
href.pathname.replace(
"/api/v1/auth/profile/find_by_ip/",
"",
),
);
});
}
} catch {}
}
});
self.define("ban_ip", async ({ $ }, ip) => {
const reason = await $.prompt(
"Please explain your reason for banning this IP below:",
);
if (!reason) {
return;
}
fetch(`/api/v1/bans/${ip}`, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
ip,
reason,
}),
})
.then((res) => res.json())
.then((res) => {
trigger("app::toast", [
res.success ? "success" : "error",
res.message,
]);
});
});
self.define(
"hooks::attach_to_partial",
({ $ }, partial, full, attach, wrapper, page, run_on_load) => {

21
crates/app/src/routes/api/v1/auth/profile.rs
View file

@ -33,6 +33,27 @@ pub async fn redirect_from_id(
}
}
pub async fn redirect_from_ip(
jar: CookieJar,
Extension(data): Extension<State>,
Path(ip): Path<String>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Redirect::to("/"),
};
if !user.permissions.check(FinePermission::MANAGE_BANS) {
return Redirect::to("/");
}
match data.get_user_by_token(&ip).await {
Ok(u) => Redirect::to(&format!("/@{}", u.username)),
Err(_) => Redirect::to("/"),
}
}
/// Update the settings of the given user.
pub async fn update_user_settings_request(
jar: CookieJar,

4
crates/app/src/routes/api/v1/mod.rs
View file

@ -152,6 +152,10 @@ pub fn routes() -> Router {
"/auth/profile/find/{id}",
get(auth::profile::redirect_from_id),
)
.route(
"/auth/profile/find_by_ip/{ip}",
get(auth::profile::redirect_from_ip),
)
// notifications
.route(
"/notifications/my",

1
crates/app/src/routes/pages/mod.rs
View file

@ -28,6 +28,7 @@ pub fn routes() -> Router {
"/mod_panel/file_report",
get(mod_panel::file_report_request),
)
.route("/mod_panel/ip_bans", get(mod_panel::ip_bans_request))
// auth
.route("/auth/register", get(auth::register_request))
.route("/auth/login", get(auth::login_request))

36
crates/app/src/routes/pages/mod_panel.rs
View file

@ -113,3 +113,39 @@ pub async fn file_report_request(
data.1.render("mod/file_report.html", &context).unwrap(),
))
}
/// `/mod_panel/ip_bans`
pub async fn ip_bans_request(
jar: CookieJar,
Extension(data): Extension<State>,
Query(req): Query<PaginatedQuery>,
) -> impl IntoResponse {
let data = data.read().await;
let user = match get_user_from_token!(jar, data.0) {
Some(ua) => ua,
None => {
return Err(Html(
render_error(Error::NotAllowed, &jar, &data, &None).await,
));
}
};
if !user.permissions.check(FinePermission::MANAGE_BANS) {
return Err(Html(
render_error(Error::NotAllowed, &jar, &data, &None).await,
));
}
let items = match data.0.get_ipbans(12, req.page).await {
Ok(p) => p,
Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
};
let lang = get_lang!(jar, data.0);
let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
context.insert("items", &items);
context.insert("page", &req.page);
// return
Ok(Html(data.1.render("mod/ip_bans.html", &context).unwrap()))
}

29
crates/core/src/database/ipbans.rs
View file

@ -2,7 +2,7 @@ use super::*;
use crate::cache::Cache;
use crate::model::moderation::AuditLogEntry;
use crate::model::{Error, Result, auth::IpBan, auth::User, permissions::FinePermission};
use crate::{auto_method, execute, get, query_row};
use crate::{auto_method, execute, get, query_row, query_rows};
#[cfg(feature = "sqlite")]
use rusqlite::Row;
@ -26,7 +26,32 @@ impl DataManager {
auto_method!(get_ipban_by_ip(&str)@get_ipban_from_row -> "SELECT * FROM ipbans WHERE ip = $1" --name="ip ban" --returns=IpBan --cache-key-tmpl="atto.ipban:{}");
/// Create a new user block in the database.
/// Get all IP bans (paginated).
///
/// # Arguments
/// * `batch` - the limit of items in each page
/// * `page` - the page number
pub async fn get_ipbans(&self, batch: usize, page: usize) -> Result<Vec<IpBan>> {
let conn = match self.connect().await {
Ok(c) => c,
Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
};
let res = query_rows!(
&conn,
"SELECT * FROM ipbans ORDER BY created DESC LIMIT $1 OFFSET $2",
&[&(batch as isize), &((page * batch) as isize)],
|x| { Self::get_ipban_from_row(x) }
);
if res.is_err() {
return Err(Error::GeneralNotFound("ip ban".to_string()));
}
Ok(res.unwrap())
}
/// Create a new IP ban in the database.
///
/// # Arguments
/// * `data` - a mock [`IpBan`] object to insert

12
crates/core/src/database/posts.rs
View file

@ -1,3 +1,5 @@
use std::collections::HashMap;
use super::*;
use crate::cache::Cache;
use crate::model::auth::Notification;
@ -314,7 +316,12 @@ impl DataManager {
}
// send mention notifications
let mut already_notified: HashMap<String, User> = HashMap::new();
for username in User::parse_mentions(&data.content) {
let user = {
if let Some(ua) = already_notified.get(&username) {
ua.to_owned()
} else {
let user = self.get_user_by_username(&username).await?;
self.create_notification(Notification::new(
"You've been mentioned in a post!".to_string(),
@ -325,6 +332,11 @@ impl DataManager {
user.id,
))
.await?;
already_notified.insert(username.to_owned(), user.clone());
user
}
};
data.content = data.content.replace(
&format!("@{username}"),
&format!("[@{username}](/api/v1/auth/profile/find/{})", user.id),

2
crates/core/src/model/permissions.rs
View file

@ -14,7 +14,7 @@ bitflags! {
const MANAGE_POSTS = 1 << 3;
const MANAGE_POST_REPLIES = 1 << 4;
const MANAGE_USERS = 1 << 5;
const MANAGE_BANS = 1 << 6; // includes managing IP bans
const MANAGE_BANS = 1 << 6;
const MANAGE_WARNINGS = 1 << 7;
const MANAGE_NOTIFICATIONS = 1 << 8;
const VIEW_REPORTS = 1 << 9;