diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 00000000..7f44804c --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +ruby 2.6.3 diff --git a/Gemfile b/Gemfile index a45d00b0..dbac1c06 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source 'https://rubygems.org' git_source(:github) { |repo| "https://github.com/#{repo}.git" } -ruby '3.1.2' +ruby '2.6.3' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' gem 'rails', '~> 6.0' @@ -71,6 +71,9 @@ gem 'dotenv-rails' gem 'pagy' gem 'ahoy_matey' +# Paola Dev Gems +# gem 'rack-attack' + # Using Dragonfly v0.9 for files & images # Because I can never get v1.0 to work with PJ's caching solution # Also, finally had to patch gem with a bug fix from the newer version diff --git a/Gemfile.lock b/Gemfile.lock index c402d17a..430f47d5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,109 +10,110 @@ GEM remote: https://rubygems.org/ specs: CFPropertyList (2.3.6) - actioncable (6.1.7.4) - actionpack (= 6.1.7.4) - activesupport (= 6.1.7.4) + actioncable (6.1.7.7) + actionpack (= 6.1.7.7) + activesupport (= 6.1.7.7) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.4) - actionpack (= 6.1.7.4) - activejob (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + actionmailbox (6.1.7.7) + actionpack (= 6.1.7.7) + activejob (= 6.1.7.7) + activerecord (= 6.1.7.7) + activestorage (= 6.1.7.7) + activesupport (= 6.1.7.7) mail (>= 2.7.1) - actionmailer (6.1.7.4) - actionpack (= 6.1.7.4) - actionview (= 6.1.7.4) - activejob (= 6.1.7.4) - activesupport (= 6.1.7.4) + actionmailer (6.1.7.7) + actionpack (= 6.1.7.7) + actionview (= 6.1.7.7) + activejob (= 6.1.7.7) + activesupport (= 6.1.7.7) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.7.4) - actionview (= 6.1.7.4) - activesupport (= 6.1.7.4) + actionpack (6.1.7.7) + actionview (= 6.1.7.7) + activesupport (= 6.1.7.7) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.4) - actionpack (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + actiontext (6.1.7.7) + actionpack (= 6.1.7.7) + activerecord (= 6.1.7.7) + activestorage (= 6.1.7.7) + activesupport (= 6.1.7.7) nokogiri (>= 1.8.5) - actionview (6.1.7.4) - activesupport (= 6.1.7.4) + actionview (6.1.7.7) + activesupport (= 6.1.7.7) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.4) - activesupport (= 6.1.7.4) + activejob (6.1.7.7) + activesupport (= 6.1.7.7) globalid (>= 0.3.6) - activemodel (6.1.7.4) - activesupport (= 6.1.7.4) - activerecord (6.1.7.4) - activemodel (= 6.1.7.4) - activesupport (= 6.1.7.4) - activestorage (6.1.7.4) - actionpack (= 6.1.7.4) - activejob (= 6.1.7.4) - activerecord (= 6.1.7.4) - activesupport (= 6.1.7.4) + activemodel (6.1.7.7) + activesupport (= 6.1.7.7) + activerecord (6.1.7.7) + activemodel (= 6.1.7.7) + activesupport (= 6.1.7.7) + activestorage (6.1.7.7) + actionpack (= 6.1.7.7) + activejob (= 6.1.7.7) + activerecord (= 6.1.7.7) + activesupport (= 6.1.7.7) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.4) + activesupport (6.1.7.7) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.8.4) + addressable (2.8.6) public_suffix (>= 2.0.2, < 6.0) - ahoy_matey (5.0.2) - activesupport (>= 6.1) - device_detector (>= 1) - safely_block (>= 0.4) + ahoy_matey (4.2.1) + activesupport (>= 5.2) + device_detector + safely_block (>= 0.2.1) aliyun-sdk (0.8.0) nokogiri (~> 1.6) rest-client (~> 2.0) - aws-eventstream (1.2.0) - aws-partitions (1.791.0) - aws-sdk-core (3.178.0) - aws-eventstream (~> 1, >= 1.0.2) + aws-eventstream (1.3.0) + aws-partitions (1.895.0) + aws-sdk-core (3.191.3) + aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) - aws-sigv4 (~> 1.5) + aws-sigv4 (~> 1.8) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.71.0) - aws-sdk-core (~> 3, >= 3.177.0) + aws-sdk-kms (1.77.0) + aws-sdk-core (~> 3, >= 3.191.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.131.0) - aws-sdk-core (~> 3, >= 3.177.0) + aws-sdk-s3 (1.143.0) + aws-sdk-core (~> 3, >= 3.191.0) aws-sdk-kms (~> 1) - aws-sigv4 (~> 1.6) - aws-sigv4 (1.6.0) + aws-sigv4 (~> 1.8) + aws-sigv4 (1.8.0) aws-eventstream (~> 1, >= 1.0.2) - bcrypt (3.1.19) + base64 (0.2.0) + bcrypt (3.1.20) bindex (0.8.1) - bootsnap (1.16.0) + bootsnap (1.18.3) msgpack (~> 1.2) builder (3.2.4) byebug (11.1.3) - concurrent-ruby (1.2.2) + concurrent-ruby (1.2.3) connection_pool (2.4.1) crass (1.0.6) - date (3.3.3) + date (3.3.4) declarative (0.0.20) - device_detector (1.1.1) - devise (4.9.2) + device_detector (1.0.7) + devise (4.9.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) responders warden (~> 1.2.3) - devise_invitable (2.0.8) + devise_invitable (2.0.9) actionmailer (>= 5.0) devise (>= 4.6) domain_name (0.5.20190701) @@ -121,14 +122,16 @@ GEM dotenv-rails (2.8.1) dotenv (= 2.8.1) railties (>= 3.2) - dry-inflector (1.0.0) + dry-inflector (0.2.1) + errbase (0.2.2) erubi (1.12.0) - excon (0.100.0) - faraday (2.7.10) + excon (0.109.0) + faraday (2.8.1) + base64 faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - ffi (1.15.5) + ffi (1.16.3) fission (0.5.0) CFPropertyList (~> 2.2) fog (2.3.0) @@ -176,7 +179,7 @@ GEM fog-atmos (0.1.0) fog-core fog-xml - fog-aws (3.19.0) + fog-aws (3.21.0) fog-core (~> 2.1) fog-json (~> 1.1) fog-xml (~> 0.1) @@ -212,7 +215,7 @@ GEM fog-ecloud (0.3.0) fog-core fog-xml - fog-google (1.21.1) + fog-google (1.23.0) addressable (>= 2.7.0) fog-core (< 2.3) fog-json (~> 1.2) @@ -285,9 +288,9 @@ GEM fog-voxel (0.1.0) fog-core fog-xml - fog-vsphere (3.6.2) + fog-vsphere (3.5.2) fog-core - rbvmomi2 (~> 3.0) + rbvmomi (>= 1.9, < 3) fog-xenserver (1.0.0) fog-core fog-xml @@ -296,11 +299,11 @@ GEM fog-core nokogiri (>= 1.5.11, < 2.0.0) formatador (0.3.0) - globalid (1.1.0) - activesupport (>= 5.0) - google-apis-compute_v1 (0.74.0) + globalid (1.2.1) + activesupport (>= 6.1) + google-apis-compute_v1 (0.86.0) google-apis-core (>= 0.11.0, < 2.a) - google-apis-core (0.11.1) + google-apis-core (0.11.3) addressable (~> 2.5, >= 2.5.1) googleauth (>= 0.16.2, < 2.a) httpclient (>= 2.8.1, < 3.a) @@ -308,25 +311,23 @@ GEM representable (~> 3.0) retriable (>= 2.0, < 4.a) rexml - webrick - google-apis-dns_v1 (0.32.0) + google-apis-dns_v1 (0.36.0) google-apis-core (>= 0.11.0, < 2.a) google-apis-iamcredentials_v1 (0.17.0) google-apis-core (>= 0.11.0, < 2.a) - google-apis-monitoring_v3 (0.47.0) + google-apis-monitoring_v3 (0.54.0) google-apis-core (>= 0.11.0, < 2.a) - google-apis-pubsub_v1 (0.40.0) + google-apis-pubsub_v1 (0.45.0) google-apis-core (>= 0.11.0, < 2.a) - google-apis-sqladmin_v1beta4 (0.53.0) + google-apis-sqladmin_v1beta4 (0.61.0) google-apis-core (>= 0.11.0, < 2.a) - google-apis-storage_v1 (0.24.0) + google-apis-storage_v1 (0.32.0) google-apis-core (>= 0.11.0, < 2.a) google-cloud-env (1.6.0) faraday (>= 0.17.3, < 3.0) - googleauth (1.7.0) + googleauth (1.8.1) faraday (>= 0.17.3, < 3.a) jwt (>= 1.4, < 3.0) - memoist (~> 0.16) multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (>= 0.16, < 2.a) @@ -351,12 +352,13 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (2.6.3) - jwt (2.7.1) + json (2.7.1) + jwt (2.8.1) + base64 listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.21.3) + loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -364,90 +366,94 @@ GEM net-imap net-pop net-smtp - marcel (1.0.2) - memoist (0.16.2) + marcel (1.0.4) method_source (1.0.0) - mime-types (3.4.1) + mime-types (3.5.2) mime-types-data (~> 3.2015) - mime-types-data (3.2023.0218.1) + mime-types-data (3.2024.0206) mini_magick (4.12.0) - mini_mime (1.1.2) - minitest (5.18.1) + mini_mime (1.1.5) + mini_portile2 (2.8.5) + minitest (5.22.2) msgpack (1.7.2) multi_json (1.15.0) multi_xml (0.6.0) - mysql2 (0.5.5) - net-http (0.3.2) + mysql2 (0.5.6) + net-http (0.4.1) uri - net-imap (0.3.6) + net-imap (0.3.7) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.3.3) + net-smtp (0.4.0.1) net-protocol netrc (0.11.0) - nio4r (2.5.9) - nokogiri (1.15.3-arm64-darwin) + nio4r (2.7.0) + nokogiri (1.13.10) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) + nokogiri (1.13.10-arm64-darwin) racc (~> 1.4) - nokogiri (1.15.3-x86_64-linux) + nokogiri (1.13.10-x86_64-linux) racc (~> 1.4) - optimist (3.0.1) + optimist (3.1.0) orm_adapter (0.5.0) os (1.1.4) - ovirt-engine-sdk (4.4.1) + ovirt-engine-sdk (4.6.0) json (>= 1, < 3) - pagy (6.0.4) - public_suffix (5.0.3) + pagy (6.5.0) + public_suffix (5.0.4) puma (3.12.6) - racc (1.7.1) - rack (2.2.7) - rack-cache (1.14.0) + racc (1.7.3) + rack (2.2.8.1) + rack-attack (6.7.0) + rack (>= 1.0, < 4) + rack-cache (1.15.0) rack (>= 0.4) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.4) - actioncable (= 6.1.7.4) - actionmailbox (= 6.1.7.4) - actionmailer (= 6.1.7.4) - actionpack (= 6.1.7.4) - actiontext (= 6.1.7.4) - actionview (= 6.1.7.4) - activejob (= 6.1.7.4) - activemodel (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + rails (6.1.7.7) + actioncable (= 6.1.7.7) + actionmailbox (= 6.1.7.7) + actionmailer (= 6.1.7.7) + actionpack (= 6.1.7.7) + actiontext (= 6.1.7.7) + actionview (= 6.1.7.7) + activejob (= 6.1.7.7) + activemodel (= 6.1.7.7) + activerecord (= 6.1.7.7) + activestorage (= 6.1.7.7) + activesupport (= 6.1.7.7) bundler (>= 1.15.0) - railties (= 6.1.7.4) + railties (= 6.1.7.7) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.1.1) + rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) - loofah (~> 2.21) - nokogiri (~> 1.14) - railties (6.1.7.4) - actionpack (= 6.1.7.4) - activesupport (= 6.1.7.4) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + railties (6.1.7.7) + actionpack (= 6.1.7.7) + activesupport (= 6.1.7.7) method_source rake (>= 12.2) thor (~> 1.0) - rake (13.0.6) + rake (13.1.0) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rbvmomi2 (3.6.1) - builder (~> 3.2) - json (~> 2.3) - nokogiri (~> 1.12, >= 1.12.5) + rbvmomi (2.4.1) + builder (~> 3.0) + json (>= 1.8) + nokogiri (~> 1.5) optimist (~> 3.0) - redis (5.0.6) - redis-client (>= 0.9.0) - redis-client (0.14.1) + redis (5.1.0) + redis-client (>= 0.17.0) + redis-client (0.21.0) connection_pool redis-namespace (1.11.0) redis (>= 4) @@ -455,7 +461,7 @@ GEM declarative (< 0.1.0) trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) - responders (3.1.0) + responders (3.1.1) actionpack (>= 5.2) railties (>= 5.2) rest-client (2.1.0) @@ -464,53 +470,56 @@ GEM mime-types (>= 1.16, < 4.0) netrc (~> 0.8) retriable (3.1.2) - rexml (3.2.5) - ruby-vips (2.1.4) + rexml (3.2.6) + ruby-vips (2.2.1) ffi (~> 1.12) ruby2_keywords (0.0.5) - safely_block (0.4.0) - signet (0.17.0) + safely_block (0.3.0) + errbase (>= 0.1.1) + signet (0.18.0) addressable (~> 2.8) faraday (>= 0.17.5, < 3.a) jwt (>= 1.5, < 3.0) multi_json (~> 1.10) - sprockets (4.2.0) + sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) - thor (1.2.2) - timeout (0.4.0) + thor (1.3.1) + timeout (0.4.1) trailblazer-option (0.1.2) tzinfo (2.0.6) concurrent-ruby (~> 1.0) uber (0.1.0) unf (0.1.4) unf_ext - unf_ext (0.0.8.2) + unf_ext (0.0.9.1) uniquify (0.1.0) - uri (0.12.2) + uri (0.13.0) warden (1.2.9) rack (>= 2.0.9) - web-console (4.2.0) + web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) webrick (1.8.1) - websocket-driver (0.7.5) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xml-simple (1.1.9) rexml - xmlrpc (0.3.2) + xmlrpc (0.3.3) webrick - zeitwerk (2.6.8) + zeitwerk (2.6.13) PLATFORMS + -darwin-22 arm64-darwin-20 + arm64-darwin-22 arm64-darwin-23 x86_64-linux @@ -534,6 +543,7 @@ DEPENDENCIES nokogiri pagy puma (~> 3.11) + rack-attack rack-cache rails (~> 6.0) redis @@ -543,7 +553,7 @@ DEPENDENCIES web-console (>= 3.3.0) RUBY VERSION - ruby 3.1.2p20 + ruby 2.6.3p62 BUNDLED WITH 2.4.12 diff --git a/README.md b/README.md index ada18b90..4f931b38 100644 --- a/README.md +++ b/README.md @@ -122,9 +122,19 @@ The AnyKey app uses several external services: * Stripe for donation payments * Twitch for GLHF pledge badge assignment and moderation -In order to test all of the features in your development environment you will have to add additional credentials to your `.env` file. These credentials are only available to trusted collaborators and can be obtained from the repository manager. -Note that the `TWITCH_REDIRECT_URL` must be set in both the external Twitch app and the local development environment. A separate Twitch app should be created by the developer for local testing purposes. +### Notes for Twitch API + +* Make sure to run + ```shell + rake twitch_token:request + ``` +* Note that the `TWITCH_REDIRECT_URL` must be set in both the external Twitch app and the local development environment. +* A separate Twitch app should be created by the developer for local testing purposes. + +### Environment Credentials + +In order to test all of the features in your development environment you will have to add additional credentials to your `.env` file. These credentials are only available to trusted collaborators and can be obtained from the repository manager. ```shell SENDGRID_USERNAME=XXX diff --git a/app/controllers/concerns/rate_limitable.rb b/app/controllers/concerns/rate_limitable.rb new file mode 100644 index 00000000..a7756d84 --- /dev/null +++ b/app/controllers/concerns/rate_limitable.rb @@ -0,0 +1,18 @@ +module RateLimitable + private + + def limit_create_request(base_key, redirection_path, limit = 9) + client_ip = request.remote_ip + + rate_limit_key = "#{base_key}_rate_limit:#{client_ip}" + rate_limit_count = Rails.cache.read(rate_limit_key).to_i + + if rate_limit_count >= limit + flash[:alert] = "Rate limit exceeded. Please try again later." + redirect_to redirection_path + end + + Rails.cache.write(rate_limit_key, rate_limit_count + 1, expires_in: 60.seconds) + end + +end diff --git a/app/controllers/concerns_controller.rb b/app/controllers/concerns_controller.rb index cec21137..fb33540c 100644 --- a/app/controllers/concerns_controller.rb +++ b/app/controllers/concerns_controller.rb @@ -1,5 +1,5 @@ class ConcernsController < ApplicationController - + include RateLimitable layout "backstage", only: [ :index, :show ] skip_before_action :verify_authenticity_token, only: [ :watch, :unwatch ] @@ -8,7 +8,8 @@ class ConcernsController < ApplicationController before_action :ensure_staff, only: [ :index, :show, :dismiss, :undismiss, :review, :watch, :unwatch ] before_action :find_concern, only: [ :show, :dismiss, :undismiss, :review, :watch, :unwatch ] around_action :display_timezone - + before_action :apply_request_rate, only: [ :create] + def index # f is used to filter reports by scope # q is used to search for keywords @@ -132,5 +133,9 @@ def display_timezone def concern_params params.require(:concern).permit(:concerning_player_id, :concerning_player_id_type, :background, :description, :recommended_response, :concerned_email, :concerned_cert_code, screenshots: []) end + + def apply_request_rate + limit_create_request("concerns", new_concern_path) + end end diff --git a/app/controllers/pledges_controller.rb b/app/controllers/pledges_controller.rb index fb7577a1..dc887a02 100644 --- a/app/controllers/pledges_controller.rb +++ b/app/controllers/pledges_controller.rb @@ -1,11 +1,12 @@ class PledgesController < ApplicationController - + include RateLimitable layout "backstage", only: [ :index ] before_action :authenticate_user!, only: [ :index ] before_action :ensure_staff, only: [ :index ] before_action :find_pledge, only: [ :show ] before_action :handle_twitch_auth, only: [ :new ] + before_action :apply_request_rate, only: [ :create] def index # f is used to filter reports by scope @@ -218,5 +219,9 @@ def ensure_staff def pledge_params params.require(:pledge).permit(:first_name, :last_name, :email) end + + def apply_request_rate + limit_create_request("pledges", new_pledge_path) + end end diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb index 6b89f538..5bc49fb9 100644 --- a/app/controllers/reports_controller.rb +++ b/app/controllers/reports_controller.rb @@ -1,5 +1,5 @@ class ReportsController < ApplicationController - + include RateLimitable layout "backstage", only: [ :index, :show ] skip_before_action :verify_authenticity_token, only: [ :watch, :unwatch, :twitch_lookup ] @@ -7,6 +7,7 @@ class ReportsController < ApplicationController before_action :authenticate_user!, only: [ :index, :show, :dismiss, :undismiss, :watch, :unwatch ] before_action :ensure_staff, only: [ :index, :show, :dismiss, :undismiss, :watch, :unwatch ] before_action :find_report, only: [ :show, :dismiss, :undismiss, :watch, :unwatch ] + before_action :apply_request_rate, only: [ :create] around_action :display_timezone def index @@ -59,6 +60,8 @@ def create if @report.incident_stream && @report.incident_stream_twitch_id.blank? @report.incident_stream_twitch_id = lookup_twitch_id(@report.incident_stream) end + + find_report_matches() if @report.save # Email notification to staff @@ -148,6 +151,22 @@ def find_report redirect_to staff_index_path end + def find_report_matches + # Fetch reports with matching required attributes + report_matches = Report.where( + reporter_email: @report.reporter_email, + reported_twitch_id: @report.reported_twitch_id, + incident_stream_twitch_id: @report.incident_stream_twitch_id, + incident_description: @report.incident_description, + incident_occurred: @report.incident_occurred + ) + + # Check if the number of matches is greater than 5 + if report_matches.count > 5 + report_matches.update_all(spam: true) + end + end + private def ensure_staff unless current_user.is_moderator? || current_user.is_admin? @@ -163,5 +182,9 @@ def display_timezone def report_params params.require(:report).permit(:reporter_email, :reporter_twitch_name, :reporter_twitch_id, :reported_twitch_name, :reported_twitch_id, :incident_stream, :incident_stream_twitch_id, :incident_occurred, :incident_description, :recommended_response, :image,) end + + def apply_request_rate + limit_create_request("reports", new_report_path) + end end diff --git a/app/controllers/verifications_controller.rb b/app/controllers/verifications_controller.rb index 8167017b..4ac249bb 100644 --- a/app/controllers/verifications_controller.rb +++ b/app/controllers/verifications_controller.rb @@ -1,5 +1,5 @@ class VerificationsController < ApplicationController - + include RateLimitable layout "backstage", only: [ :index, :show, :verify_eligibility, :deny_eligibility, :withdraw_eligibility ] skip_before_action :verify_authenticity_token, only: [ :watch, :unwatch ] @@ -10,7 +10,9 @@ class VerificationsController < ApplicationController :verify, :deny, :ignore, :withdraw, :voucher, :resend_cert, :watch, :unwatch ] before_action :find_verification, only: [ :show, :verify_eligibility, :deny_eligibility, :withdraw_eligibility, :verify, :deny, :ignore, :withdraw, :voucher, :resend_cert, :watch, :unwatch ] + before_action :apply_request_rate, only: [ :create] around_action :display_timezone + def index # f is used to filter reports by scope @@ -214,5 +216,9 @@ def display_timezone def verification_params params.require(:verification).permit(:first_name, :last_name, :email, :birth_date, :discord_username, :player_id_type, :player_id, :player_id_and_discord, :gender, :pronouns, :photo_id, :doctors_note, :social_profile, :voice_requested, :additional_notes) end + + def apply_request_rate + limit_create_request("verification", new_verification_path) + end end diff --git a/app/models/report.rb b/app/models/report.rb index eccc9ac6..49151d70 100644 --- a/app/models/report.rb +++ b/app/models/report.rb @@ -6,7 +6,8 @@ class Report < ApplicationRecord warned: "Warned", revoked: "Revoked", watched: "Watched", - all: "All" + all: "All", + spam: "Spam" }.freeze IMAGE_STYLES = { @@ -58,6 +59,7 @@ class Report < ApplicationRecord lower(incident_stream_twitch_id) LIKE :search OR lower(incident_description) LIKE :search", search: "%#{search.downcase}%") } + scope :spam, lambda { where(spam: true) } def unresolved? diff --git a/app/views/reports/_show_spam.html.erb b/app/views/reports/_show_spam.html.erb new file mode 100644 index 00000000..c39c8d54 --- /dev/null +++ b/app/views/reports/_show_spam.html.erb @@ -0,0 +1,25 @@ +
+
Spam Badge
+
+
+ Spam <%= l(@report.spam.created_at, format: "%b. %-d, %Y ยท %-l:%M%P") %> [<%= link_to(@report.reviewer.display_name, user_path(@report.reviewer)) %>] +
+ <%= render(partial: "reports/watchable_toggle")%> +
+
+<%= render(partial: "reports/identifiers") %> +<%= render(partial: "reports/materials") %> +<%= render(partial: "reports/associated_pledge") %> +
+
+
Reason for Revocation
+
<%= @report.spam.reason%>
+
+
+
+
Spam
+ <%= link_to('Back', params[:back].present? ? params[:back] : reports_path, class: "back-button mini button") %> +
+<%= render(partial: "reports/reporter_details") %> +<%= render(partial: "reports/related_reports") %> +<%= render(partial: "reports/comments")%> diff --git a/app/views/reports/show.html.erb b/app/views/reports/show.html.erb index 44077167..ce766c6d 100644 --- a/app/views/reports/show.html.erb +++ b/app/views/reports/show.html.erb @@ -9,6 +9,8 @@ <%= render(partial: "reports/show_warned") %> <% elsif @report.revoked? %> <%= render(partial: "reports/show_revoked") %> + <% elsif @report.spam? %> + <%= render(partial: "reports/show_spam") %> <% end %> diff --git a/config/.tool-versions b/config/.tool-versions new file mode 100644 index 00000000..7f44804c --- /dev/null +++ b/config/.tool-versions @@ -0,0 +1 @@ +ruby 2.6.3 diff --git a/db/migrate/20190904053235_change_desired_outcome_to_recommended_response.rb b/db/migrate/20190904053235_change_desired_outcome_to_recommended_response.rb index 7715639f..438139ae 100644 --- a/db/migrate/20190904053235_change_desired_outcome_to_recommended_response.rb +++ b/db/migrate/20190904053235_change_desired_outcome_to_recommended_response.rb @@ -1,5 +1,5 @@ class ChangeDesiredOutcomeToRecommendedResponse < ActiveRecord::Migration[6.0] def change - rename_column :reports, :desired_outcome, :recommended_response + #rename_column :reports, :desired_outcome, :recommended_response end end diff --git a/db/migrate/20240401033626_add_spam_to_reports.rb b/db/migrate/20240401033626_add_spam_to_reports.rb new file mode 100644 index 00000000..d7894e87 --- /dev/null +++ b/db/migrate/20240401033626_add_spam_to_reports.rb @@ -0,0 +1,5 @@ +class AddSpamToReports < ActiveRecord::Migration[6.1] + def change + add_column :reports, :spam, :boolean, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 20d54e42..1897c3bc 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,9 +10,9 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2024_01_10_174212) do +ActiveRecord::Schema.define(version: 2024_04_01_033626) do - create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false t.bigint "record_id", null: false @@ -22,7 +22,7 @@ t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true end - create_table "active_storage_blobs", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "active_storage_blobs", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "key", null: false t.string "filename", null: false t.string "content_type" @@ -34,7 +34,7 @@ t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true end - create_table "active_storage_variant_records", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "active_storage_variant_records", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.bigint "blob_id", null: false t.string "variation_digest", null: false t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true @@ -57,7 +57,7 @@ t.string "mixer" end - create_table "ahoy_events", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "ahoy_events", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.bigint "visit_id" t.bigint "user_id" t.string "name" @@ -68,7 +68,7 @@ t.index ["visit_id"], name: "index_ahoy_events_on_visit_id" end - create_table "ahoy_visits", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "ahoy_visits", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "visit_token" t.string "visitor_token" t.bigint "user_id" @@ -96,7 +96,7 @@ t.index ["visitor_token", "started_at"], name: "index_ahoy_visits_on_visitor_token_and_started_at" end - create_table "badge_activations", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "badge_activations", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "twitch_username" t.integer "twitch_id" t.datetime "activated_on" @@ -105,7 +105,7 @@ t.datetime "updated_at", precision: 6, null: false end - create_table "comments", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "comments", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.integer "commenter_id" t.integer "commentable_id" t.string "commentable_type" @@ -115,7 +115,7 @@ t.datetime "updated_at", precision: 6, null: false end - create_table "concerns", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "concerns", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "concerning_player_id" t.string "concerning_player_id_type" t.text "background" @@ -190,6 +190,7 @@ t.integer "reported_twitch_id" t.integer "incident_stream_twitch_id" t.bigint "ahoy_visit_id" + t.boolean "spam", default: false t.index ["ahoy_visit_id"], name: "index_reports_on_ahoy_visit_id" t.index ["reported_twitch_id"], name: "index_reports_on_reported_twitch_id" t.index ["reporter_email"], name: "index_reports_on_reporter_email" @@ -218,7 +219,7 @@ t.datetime "published_on" end - create_table "survey_invites", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "survey_invites", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "email" t.string "survey_code" t.string "surveyable_type" @@ -229,7 +230,7 @@ t.datetime "updated_at", precision: 6, null: false end - create_table "twitch_tokens", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "twitch_tokens", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "access_token" t.integer "expires_in" t.datetime "created_at", precision: 6, null: false @@ -271,7 +272,7 @@ t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true end - create_table "verifications", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "verifications", charset: "utf8mb4", collation: "utf8mb4_unicode_520_ci", force: :cascade do |t| t.string "first_name" t.string "last_name" t.string "email"