No captchas for trusted users or admins, closes #330

2017-05-12 11:58:22 +02:00 · 2017-05-12 11:58:22 +02:00 · 6b341c7b03
Parent e2a15c185c
--- a/router/templateFunctions.go
+++ b/router/templateFunctions.go
@ -69,6 +69,7 @@ var FuncMap = template.FuncMap{
 	"CurrentOrAdmin":       userPermission.CurrentOrAdmin,
 	"CurrentUserIdentical": userPermission.CurrentUserIdentical,
 	"HasAdmin":             userPermission.HasAdmin,
+	"NeedsCaptcha":         userPermission.NeedsCaptcha,
 	"GetRole":              userPermission.GetRole,
 	"IsFollower":           userPermission.IsFollower,
 	"NoEncode": func(str string) template.HTML {
--- a/router/templateVariables.go
+++ b/router/templateVariables.go
@ -6,7 +6,6 @@ import (

 	"github.com/ewhal/nyaa/common"
 	"github.com/ewhal/nyaa/model"
-	"github.com/ewhal/nyaa/service/captcha"
 	"github.com/ewhal/nyaa/service/user"
 	userForms "github.com/ewhal/nyaa/service/user/form"
 	"github.com/gorilla/mux"
@ -36,7 +35,7 @@ type NotFoundTemplateVariables struct {

 type ViewTemplateVariables struct {
 	Torrent    model.TorrentJSON
-	Captcha    captcha.Captcha
+	CaptchaID  string
 	Search     SearchForm
 	Navigation Navigation
 	User       *model.User
--- a/router/upload.go
+++ b/router/upload.go
@ -17,7 +17,6 @@ import (

 	"github.com/ewhal/nyaa/cache"
 	"github.com/ewhal/nyaa/config"
-	"github.com/ewhal/nyaa/service/captcha"
 	"github.com/ewhal/nyaa/service/upload"
 	"github.com/ewhal/nyaa/util"
 	"github.com/ewhal/nyaa/util/metainfo"
@ -33,7 +32,7 @@ type UploadForm struct {
 	Remake      bool
 	Description string
 	Status      int
-	captcha.Captcha
+	CaptchaID   string

 	Infohash      string
 	CategoryID    int
@ -84,12 +83,6 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
 	f.Status, _ = strconv.Atoi(r.FormValue(UploadFormStatus))
 	f.Magnet = r.FormValue(UploadFormMagnet)
 	f.Remake = r.FormValue(UploadFormRemake) == "on"
-	f.Captcha = captcha.Extract(r)
-
-	if !captcha.Authenticate(f.Captcha) {
-		// TODO: Prettier passing of mistyped Captcha errors
-		return errors.New(captcha.ErrInvalidCaptcha.Error())
-	}

 	// trim whitespace
 	f.Name = util.TrimWhitespaces(f.Name)
--- a/router/uploadHandler.go
+++ b/router/uploadHandler.go
@ -10,7 +10,7 @@ import (
 	"github.com/ewhal/nyaa/db"
 	"github.com/ewhal/nyaa/model"
 	"github.com/ewhal/nyaa/service/captcha"
-	"github.com/ewhal/nyaa/service/user"
+	"github.com/ewhal/nyaa/service/user/permission"
 	"github.com/ewhal/nyaa/util/languages"
 	"github.com/gorilla/mux"
 )
@ -23,26 +23,32 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
 	var uploadForm UploadForm
 	if r.Method == "POST" {
 		defer r.Body.Close()
+		user := GetUser(r)
+		if userPermission.NeedsCaptcha(user) {
+			userCaptcha := captcha.Extract(r)
+			if !captcha.Authenticate(userCaptcha) {
+				http.Error(w, captcha.ErrInvalidCaptcha.Error(), http.StatusInternalServerError)
+				return
+			}
+		}
+
 		// validation is done in ExtractInfo()
 		err := uploadForm.ExtractInfo(r)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		user, _, err := userService.RetrieveCurrentUser(r)
-		if err != nil {
-			fmt.Printf("error %+v\n", err)
-		}
 		status := 1 // normal
 		if uploadForm.Remake { // overrides trusted
 			status = 2
 		} else if user.Status == 1 {
 			status = 3 // mark as trusted if user is trusted
 		}
-			var sameTorrents int
-			db.ORM.Model(&model.Torrent{}).Where("torrent_hash = ?", uploadForm.Infohash).Count(&sameTorrents)
-			if (sameTorrents == 0) {
-			//add to db and redirect depending on result
+
+		var sameTorrents int
+		db.ORM.Model(&model.Torrent{}).Where("torrent_hash = ?", uploadForm.Infohash).Count(&sameTorrents)
+		if (sameTorrents == 0) {
+			// add to db and redirect
 			torrent := model.Torrent{
 				Name:        uploadForm.Name,
 				Category:    uploadForm.CategoryID,
@ -54,7 +60,6 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
 				Description: uploadForm.Description,
 				UploaderID:  user.ID}
 			db.ORM.Create(&torrent)
-			fmt.Printf("%+v\n", torrent)
 			url, err := Router.Get("view_torrent").URL("id", strconv.FormatUint(uint64(torrent.ID), 10))
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
@ -66,7 +71,14 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	} else if r.Method == "GET" {
-		uploadForm.CaptchaID = captcha.GetID()
+		user := GetUser(r)
+		if userPermission.NeedsCaptcha(user) {
+			uploadForm.CaptchaID = captcha.GetID()
+		} else {
+			uploadForm.CaptchaID = ""
+		}
+
+
 		htv := UploadTemplateVariables{uploadForm, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
 		languages.SetTranslationFromRequest(uploadTemplate, r, "en-us")
 		err := uploadTemplate.ExecuteTemplate(w, "index.html", htv)
--- a/router/viewTorrentHandler.go
+++ b/router/viewTorrentHandler.go
@ -10,6 +10,7 @@ import (
 	"github.com/ewhal/nyaa/model"
 	"github.com/ewhal/nyaa/service/captcha"
 	"github.com/ewhal/nyaa/service/torrent"
+	"github.com/ewhal/nyaa/service/user/permission"
 	"github.com/ewhal/nyaa/util"
 	"github.com/ewhal/nyaa/util/languages"
 	"github.com/ewhal/nyaa/util/log"
@ -26,7 +27,12 @@ func ViewHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	b := torrent.ToJSON()
-	htv := ViewTemplateVariables{b, captcha.Captcha{CaptchaID: captcha.GetID()}, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
+	captchaID := ""
+	user := GetUser(r)
+	if userPermission.NeedsCaptcha(user) {
+		captchaID = captcha.GetID()
+	}
+	htv := ViewTemplateVariables{b, captchaID, NewSearchForm(), Navigation{}, user, r.URL, mux.CurrentRoute(r)}

 	languages.SetTranslationFromRequest(viewTemplate, r, "en-us")
 	err = viewTemplate.ExecuteTemplate(w, "index.html", htv)
@ -39,12 +45,14 @@ func PostCommentHandler(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	id := vars["id"]

-	userCaptcha := captcha.Extract(r)
-	if !captcha.Authenticate(userCaptcha) {
-		http.Error(w, "bad captcha", 403)
-		return
-	}
 	currentUser := GetUser(r)
+	if userPermission.NeedsCaptcha(currentUser) {
+		userCaptcha := captcha.Extract(r)
+		if !captcha.Authenticate(userCaptcha) {
+			http.Error(w, "bad captcha", 403)
+			return
+		}
+	}
 	content := p.Sanitize(r.FormValue("comment"))

 	if strings.TrimSpace(content) == "" {
@ -75,12 +83,14 @@ func ReportTorrentHandler(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	id := vars["id"]

-	userCaptcha := captcha.Extract(r)
-	if !captcha.Authenticate(userCaptcha) {
-		http.Error(w, "bad captcha", 403)
-		return
-	}
 	currentUser := GetUser(r)
+	if userPermission.NeedsCaptcha(currentUser) {
+		userCaptcha := captcha.Extract(r)
+		if !captcha.Authenticate(userCaptcha) {
+			http.Error(w, "bad captcha", 403)
+			return
+		}
+	}

 	idNum, err := strconv.Atoi(id)
 	userID := currentUser.ID
--- a/service/user/permission/permission.go
+++ b/service/user/permission/permission.go
@ -6,6 +6,7 @@ import (
 	"github.com/ewhal/nyaa/util/log"
 )

+
 // HasAdmin checks that user has an admin permission.
 func HasAdmin(user *model.User) bool {
 	return user.Status == 2
@ -18,11 +19,16 @@ func CurrentOrAdmin(user *model.User, userID uint) bool {
 }

 // CurrentUserIdentical check that userID is same as current user's ID.
-// TODO: Inline this
+// TODO: Inline this (won't go do this for us?)
 func CurrentUserIdentical(user *model.User, userID uint) bool {
 	return user.ID == userID
 }

+func NeedsCaptcha(user *model.User) bool {
+	// Trusted members & Moderators don't
+	return !(user.Status == 1 || user.Status == 2)
+}
+
 func GetRole(user *model.User) string {
 	switch user.Status {
 	case -1:
--- a/templates/_captcha.html
+++ b/templates/_captcha.html
@ -1,8 +1,11 @@
 {{define "captcha"}}
+	{{/* unset if user doesn't need captcha */}}
+	{{if ne .CaptchaID ""}}
 	<div class="form-group captcha-container">
 		<label for="solution">Captcha</label>
 		<input type="text" name="captchaID" value="{{.CaptchaID}}" hidden>
 		<img src="/captcha/{{.CaptchaID}}.png">
 		<input type="text" name="solution" class="form-control" placeholder="Captcha" autocomplete="off" required>
 	</div>
+	{{end}}
 {{end}}
--- a/templates/view.html
+++ b/templates/view.html
@ -116,7 +116,7 @@
                    <label for="comment">{{ if gt .User.ID 0}} {{T "submit_a_comment_as_username" .User.Username}} {{else}} {{T "submit_a_comment_as_anonymous"}} {{end}}</label>
                    <textarea name="comment" class="form-control" rows="5"></textarea>
                </div>
-                {{with .Captcha}} {{block "captcha" .}}{{end}} {{end}}
+                {{block "captcha" .}}{{end}}
                <button type="submit" class="btn btn-success">{{T " submit "}}</button>
            </form>
        </div>
@ -137,7 +137,7 @@
                    <input type="radio" name="report_type" value="illegal"> Illegal content <br/>
                    <input type="radio" name="report_type" value="spam"> Spam / garbage
                    {{end}}
-                    {{with .Captcha}} {{block "captcha" .}}{{end}} {{end}}
+                    {{block "captcha" .}}{{end}}
                    <button type="submit" class="btn btn-default">Report!</button>
                </form> <br />
            </div>