Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0

No captchas for trusted users or admins, closes #330

Cette révision appartient à :
sfan5 2017-05-12 11:58:22 +02:00
Parent e2a15c185c
révision 6b341c7b03
8 fichiers modifiés avec 59 ajouts et 35 suppressions

Voir le fichier

@ -69,6 +69,7 @@ var FuncMap = template.FuncMap{
"CurrentOrAdmin": userPermission.CurrentOrAdmin, "CurrentOrAdmin": userPermission.CurrentOrAdmin,
"CurrentUserIdentical": userPermission.CurrentUserIdentical, "CurrentUserIdentical": userPermission.CurrentUserIdentical,
"HasAdmin": userPermission.HasAdmin, "HasAdmin": userPermission.HasAdmin,
"NeedsCaptcha": userPermission.NeedsCaptcha,
"GetRole": userPermission.GetRole, "GetRole": userPermission.GetRole,
"IsFollower": userPermission.IsFollower, "IsFollower": userPermission.IsFollower,
"NoEncode": func(str string) template.HTML { "NoEncode": func(str string) template.HTML {

Voir le fichier

@ -6,7 +6,6 @@ import (
"github.com/ewhal/nyaa/common" "github.com/ewhal/nyaa/common"
"github.com/ewhal/nyaa/model" "github.com/ewhal/nyaa/model"
"github.com/ewhal/nyaa/service/captcha"
"github.com/ewhal/nyaa/service/user" "github.com/ewhal/nyaa/service/user"
userForms "github.com/ewhal/nyaa/service/user/form" userForms "github.com/ewhal/nyaa/service/user/form"
"github.com/gorilla/mux" "github.com/gorilla/mux"
@ -36,7 +35,7 @@ type NotFoundTemplateVariables struct {
type ViewTemplateVariables struct { type ViewTemplateVariables struct {
Torrent model.TorrentJSON Torrent model.TorrentJSON
Captcha captcha.Captcha CaptchaID string
Search SearchForm Search SearchForm
Navigation Navigation Navigation Navigation
User *model.User User *model.User

Voir le fichier

@ -17,7 +17,6 @@ import (
"github.com/ewhal/nyaa/cache" "github.com/ewhal/nyaa/cache"
"github.com/ewhal/nyaa/config" "github.com/ewhal/nyaa/config"
"github.com/ewhal/nyaa/service/captcha"
"github.com/ewhal/nyaa/service/upload" "github.com/ewhal/nyaa/service/upload"
"github.com/ewhal/nyaa/util" "github.com/ewhal/nyaa/util"
"github.com/ewhal/nyaa/util/metainfo" "github.com/ewhal/nyaa/util/metainfo"
@ -33,7 +32,7 @@ type UploadForm struct {
Remake bool Remake bool
Description string Description string
Status int Status int
captcha.Captcha CaptchaID string
Infohash string Infohash string
CategoryID int CategoryID int
@ -84,12 +83,6 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
f.Status, _ = strconv.Atoi(r.FormValue(UploadFormStatus)) f.Status, _ = strconv.Atoi(r.FormValue(UploadFormStatus))
f.Magnet = r.FormValue(UploadFormMagnet) f.Magnet = r.FormValue(UploadFormMagnet)
f.Remake = r.FormValue(UploadFormRemake) == "on" f.Remake = r.FormValue(UploadFormRemake) == "on"
f.Captcha = captcha.Extract(r)
if !captcha.Authenticate(f.Captcha) {
// TODO: Prettier passing of mistyped Captcha errors
return errors.New(captcha.ErrInvalidCaptcha.Error())
}
// trim whitespace // trim whitespace
f.Name = util.TrimWhitespaces(f.Name) f.Name = util.TrimWhitespaces(f.Name)

Voir le fichier

@ -10,7 +10,7 @@ import (
"github.com/ewhal/nyaa/db" "github.com/ewhal/nyaa/db"
"github.com/ewhal/nyaa/model" "github.com/ewhal/nyaa/model"
"github.com/ewhal/nyaa/service/captcha" "github.com/ewhal/nyaa/service/captcha"
"github.com/ewhal/nyaa/service/user" "github.com/ewhal/nyaa/service/user/permission"
"github.com/ewhal/nyaa/util/languages" "github.com/ewhal/nyaa/util/languages"
"github.com/gorilla/mux" "github.com/gorilla/mux"
) )
@ -23,26 +23,32 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
var uploadForm UploadForm var uploadForm UploadForm
if r.Method == "POST" { if r.Method == "POST" {
defer r.Body.Close() defer r.Body.Close()
user := GetUser(r)
if userPermission.NeedsCaptcha(user) {
userCaptcha := captcha.Extract(r)
if !captcha.Authenticate(userCaptcha) {
http.Error(w, captcha.ErrInvalidCaptcha.Error(), http.StatusInternalServerError)
return
}
}
// validation is done in ExtractInfo() // validation is done in ExtractInfo()
err := uploadForm.ExtractInfo(r) err := uploadForm.ExtractInfo(r)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
return return
} }
user, _, err := userService.RetrieveCurrentUser(r)
if err != nil {
fmt.Printf("error %+v\n", err)
}
status := 1 // normal status := 1 // normal
if uploadForm.Remake { // overrides trusted if uploadForm.Remake { // overrides trusted
status = 2 status = 2
} else if user.Status == 1 { } else if user.Status == 1 {
status = 3 // mark as trusted if user is trusted status = 3 // mark as trusted if user is trusted
} }
var sameTorrents int
db.ORM.Model(&model.Torrent{}).Where("torrent_hash = ?", uploadForm.Infohash).Count(&sameTorrents) var sameTorrents int
if (sameTorrents == 0) { db.ORM.Model(&model.Torrent{}).Where("torrent_hash = ?", uploadForm.Infohash).Count(&sameTorrents)
//add to db and redirect depending on result if (sameTorrents == 0) {
// add to db and redirect
torrent := model.Torrent{ torrent := model.Torrent{
Name: uploadForm.Name, Name: uploadForm.Name,
Category: uploadForm.CategoryID, Category: uploadForm.CategoryID,
@ -54,7 +60,6 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
Description: uploadForm.Description, Description: uploadForm.Description,
UploaderID: user.ID} UploaderID: user.ID}
db.ORM.Create(&torrent) db.ORM.Create(&torrent)
fmt.Printf("%+v\n", torrent)
url, err := Router.Get("view_torrent").URL("id", strconv.FormatUint(uint64(torrent.ID), 10)) url, err := Router.Get("view_torrent").URL("id", strconv.FormatUint(uint64(torrent.ID), 10))
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
@ -66,7 +71,14 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
} else if r.Method == "GET" { } else if r.Method == "GET" {
uploadForm.CaptchaID = captcha.GetID() user := GetUser(r)
if userPermission.NeedsCaptcha(user) {
uploadForm.CaptchaID = captcha.GetID()
} else {
uploadForm.CaptchaID = ""
}
htv := UploadTemplateVariables{uploadForm, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)} htv := UploadTemplateVariables{uploadForm, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
languages.SetTranslationFromRequest(uploadTemplate, r, "en-us") languages.SetTranslationFromRequest(uploadTemplate, r, "en-us")
err := uploadTemplate.ExecuteTemplate(w, "index.html", htv) err := uploadTemplate.ExecuteTemplate(w, "index.html", htv)

Voir le fichier

@ -10,6 +10,7 @@ import (
"github.com/ewhal/nyaa/model" "github.com/ewhal/nyaa/model"
"github.com/ewhal/nyaa/service/captcha" "github.com/ewhal/nyaa/service/captcha"
"github.com/ewhal/nyaa/service/torrent" "github.com/ewhal/nyaa/service/torrent"
"github.com/ewhal/nyaa/service/user/permission"
"github.com/ewhal/nyaa/util" "github.com/ewhal/nyaa/util"
"github.com/ewhal/nyaa/util/languages" "github.com/ewhal/nyaa/util/languages"
"github.com/ewhal/nyaa/util/log" "github.com/ewhal/nyaa/util/log"
@ -26,7 +27,12 @@ func ViewHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
b := torrent.ToJSON() b := torrent.ToJSON()
htv := ViewTemplateVariables{b, captcha.Captcha{CaptchaID: captcha.GetID()}, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)} captchaID := ""
user := GetUser(r)
if userPermission.NeedsCaptcha(user) {
captchaID = captcha.GetID()
}
htv := ViewTemplateVariables{b, captchaID, NewSearchForm(), Navigation{}, user, r.URL, mux.CurrentRoute(r)}
languages.SetTranslationFromRequest(viewTemplate, r, "en-us") languages.SetTranslationFromRequest(viewTemplate, r, "en-us")
err = viewTemplate.ExecuteTemplate(w, "index.html", htv) err = viewTemplate.ExecuteTemplate(w, "index.html", htv)
@ -39,12 +45,14 @@ func PostCommentHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
id := vars["id"] id := vars["id"]
userCaptcha := captcha.Extract(r)
if !captcha.Authenticate(userCaptcha) {
http.Error(w, "bad captcha", 403)
return
}
currentUser := GetUser(r) currentUser := GetUser(r)
if userPermission.NeedsCaptcha(currentUser) {
userCaptcha := captcha.Extract(r)
if !captcha.Authenticate(userCaptcha) {
http.Error(w, "bad captcha", 403)
return
}
}
content := p.Sanitize(r.FormValue("comment")) content := p.Sanitize(r.FormValue("comment"))
if strings.TrimSpace(content) == "" { if strings.TrimSpace(content) == "" {
@ -75,12 +83,14 @@ func ReportTorrentHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
id := vars["id"] id := vars["id"]
userCaptcha := captcha.Extract(r)
if !captcha.Authenticate(userCaptcha) {
http.Error(w, "bad captcha", 403)
return
}
currentUser := GetUser(r) currentUser := GetUser(r)
if userPermission.NeedsCaptcha(currentUser) {
userCaptcha := captcha.Extract(r)
if !captcha.Authenticate(userCaptcha) {
http.Error(w, "bad captcha", 403)
return
}
}
idNum, err := strconv.Atoi(id) idNum, err := strconv.Atoi(id)
userID := currentUser.ID userID := currentUser.ID

Voir le fichier

@ -6,6 +6,7 @@ import (
"github.com/ewhal/nyaa/util/log" "github.com/ewhal/nyaa/util/log"
) )
// HasAdmin checks that user has an admin permission. // HasAdmin checks that user has an admin permission.
func HasAdmin(user *model.User) bool { func HasAdmin(user *model.User) bool {
return user.Status == 2 return user.Status == 2
@ -18,11 +19,16 @@ func CurrentOrAdmin(user *model.User, userID uint) bool {
} }
// CurrentUserIdentical check that userID is same as current user's ID. // CurrentUserIdentical check that userID is same as current user's ID.
// TODO: Inline this // TODO: Inline this (won't go do this for us?)
func CurrentUserIdentical(user *model.User, userID uint) bool { func CurrentUserIdentical(user *model.User, userID uint) bool {
return user.ID == userID return user.ID == userID
} }
func NeedsCaptcha(user *model.User) bool {
// Trusted members & Moderators don't
return !(user.Status == 1 || user.Status == 2)
}
func GetRole(user *model.User) string { func GetRole(user *model.User) string {
switch user.Status { switch user.Status {
case -1: case -1:

Voir le fichier

@ -1,8 +1,11 @@
{{define "captcha"}} {{define "captcha"}}
{{/* unset if user doesn't need captcha */}}
{{if ne .CaptchaID ""}}
<div class="form-group captcha-container"> <div class="form-group captcha-container">
<label for="solution">Captcha</label> <label for="solution">Captcha</label>
<input type="text" name="captchaID" value="{{.CaptchaID}}" hidden> <input type="text" name="captchaID" value="{{.CaptchaID}}" hidden>
<img src="/captcha/{{.CaptchaID}}.png"> <img src="/captcha/{{.CaptchaID}}.png">
<input type="text" name="solution" class="form-control" placeholder="Captcha" autocomplete="off" required> <input type="text" name="solution" class="form-control" placeholder="Captcha" autocomplete="off" required>
</div> </div>
{{end}}
{{end}} {{end}}

Voir le fichier

@ -116,7 +116,7 @@
<label for="comment">{{ if gt .User.ID 0}} {{T "submit_a_comment_as_username" .User.Username}} {{else}} {{T "submit_a_comment_as_anonymous"}} {{end}}</label> <label for="comment">{{ if gt .User.ID 0}} {{T "submit_a_comment_as_username" .User.Username}} {{else}} {{T "submit_a_comment_as_anonymous"}} {{end}}</label>
<textarea name="comment" class="form-control" rows="5"></textarea> <textarea name="comment" class="form-control" rows="5"></textarea>
</div> </div>
{{with .Captcha}} {{block "captcha" .}}{{end}} {{end}} {{block "captcha" .}}{{end}}
<button type="submit" class="btn btn-success">{{T " submit "}}</button> <button type="submit" class="btn btn-success">{{T " submit "}}</button>
</form> </form>
</div> </div>
@ -137,7 +137,7 @@
<input type="radio" name="report_type" value="illegal"> Illegal content <br/> <input type="radio" name="report_type" value="illegal"> Illegal content <br/>
<input type="radio" name="report_type" value="spam"> Spam / garbage <input type="radio" name="report_type" value="spam"> Spam / garbage
{{end}} {{end}}
{{with .Captcha}} {{block "captcha" .}}{{end}} {{end}} {{block "captcha" .}}{{end}}
<button type="submit" class="btn btn-default">Report!</button> <button type="submit" class="btn btn-default">Report!</button>
</form> <br /> </form> <br />
</div> </div>