No captchas for trusted users or admins, closes #330
Cette révision appartient à :
Parent
e2a15c185c
révision
6b341c7b03
8 fichiers modifiés avec 59 ajouts et 35 suppressions
|
@ -69,6 +69,7 @@ var FuncMap = template.FuncMap{
|
||||||
"CurrentOrAdmin": userPermission.CurrentOrAdmin,
|
"CurrentOrAdmin": userPermission.CurrentOrAdmin,
|
||||||
"CurrentUserIdentical": userPermission.CurrentUserIdentical,
|
"CurrentUserIdentical": userPermission.CurrentUserIdentical,
|
||||||
"HasAdmin": userPermission.HasAdmin,
|
"HasAdmin": userPermission.HasAdmin,
|
||||||
|
"NeedsCaptcha": userPermission.NeedsCaptcha,
|
||||||
"GetRole": userPermission.GetRole,
|
"GetRole": userPermission.GetRole,
|
||||||
"IsFollower": userPermission.IsFollower,
|
"IsFollower": userPermission.IsFollower,
|
||||||
"NoEncode": func(str string) template.HTML {
|
"NoEncode": func(str string) template.HTML {
|
||||||
|
|
|
@ -6,7 +6,6 @@ import (
|
||||||
|
|
||||||
"github.com/ewhal/nyaa/common"
|
"github.com/ewhal/nyaa/common"
|
||||||
"github.com/ewhal/nyaa/model"
|
"github.com/ewhal/nyaa/model"
|
||||||
"github.com/ewhal/nyaa/service/captcha"
|
|
||||||
"github.com/ewhal/nyaa/service/user"
|
"github.com/ewhal/nyaa/service/user"
|
||||||
userForms "github.com/ewhal/nyaa/service/user/form"
|
userForms "github.com/ewhal/nyaa/service/user/form"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
|
@ -36,7 +35,7 @@ type NotFoundTemplateVariables struct {
|
||||||
|
|
||||||
type ViewTemplateVariables struct {
|
type ViewTemplateVariables struct {
|
||||||
Torrent model.TorrentJSON
|
Torrent model.TorrentJSON
|
||||||
Captcha captcha.Captcha
|
CaptchaID string
|
||||||
Search SearchForm
|
Search SearchForm
|
||||||
Navigation Navigation
|
Navigation Navigation
|
||||||
User *model.User
|
User *model.User
|
||||||
|
|
|
@ -17,7 +17,6 @@ import (
|
||||||
|
|
||||||
"github.com/ewhal/nyaa/cache"
|
"github.com/ewhal/nyaa/cache"
|
||||||
"github.com/ewhal/nyaa/config"
|
"github.com/ewhal/nyaa/config"
|
||||||
"github.com/ewhal/nyaa/service/captcha"
|
|
||||||
"github.com/ewhal/nyaa/service/upload"
|
"github.com/ewhal/nyaa/service/upload"
|
||||||
"github.com/ewhal/nyaa/util"
|
"github.com/ewhal/nyaa/util"
|
||||||
"github.com/ewhal/nyaa/util/metainfo"
|
"github.com/ewhal/nyaa/util/metainfo"
|
||||||
|
@ -33,7 +32,7 @@ type UploadForm struct {
|
||||||
Remake bool
|
Remake bool
|
||||||
Description string
|
Description string
|
||||||
Status int
|
Status int
|
||||||
captcha.Captcha
|
CaptchaID string
|
||||||
|
|
||||||
Infohash string
|
Infohash string
|
||||||
CategoryID int
|
CategoryID int
|
||||||
|
@ -84,12 +83,6 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
|
||||||
f.Status, _ = strconv.Atoi(r.FormValue(UploadFormStatus))
|
f.Status, _ = strconv.Atoi(r.FormValue(UploadFormStatus))
|
||||||
f.Magnet = r.FormValue(UploadFormMagnet)
|
f.Magnet = r.FormValue(UploadFormMagnet)
|
||||||
f.Remake = r.FormValue(UploadFormRemake) == "on"
|
f.Remake = r.FormValue(UploadFormRemake) == "on"
|
||||||
f.Captcha = captcha.Extract(r)
|
|
||||||
|
|
||||||
if !captcha.Authenticate(f.Captcha) {
|
|
||||||
// TODO: Prettier passing of mistyped Captcha errors
|
|
||||||
return errors.New(captcha.ErrInvalidCaptcha.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
// trim whitespace
|
// trim whitespace
|
||||||
f.Name = util.TrimWhitespaces(f.Name)
|
f.Name = util.TrimWhitespaces(f.Name)
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"github.com/ewhal/nyaa/db"
|
"github.com/ewhal/nyaa/db"
|
||||||
"github.com/ewhal/nyaa/model"
|
"github.com/ewhal/nyaa/model"
|
||||||
"github.com/ewhal/nyaa/service/captcha"
|
"github.com/ewhal/nyaa/service/captcha"
|
||||||
"github.com/ewhal/nyaa/service/user"
|
"github.com/ewhal/nyaa/service/user/permission"
|
||||||
"github.com/ewhal/nyaa/util/languages"
|
"github.com/ewhal/nyaa/util/languages"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
)
|
)
|
||||||
|
@ -23,26 +23,32 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
var uploadForm UploadForm
|
var uploadForm UploadForm
|
||||||
if r.Method == "POST" {
|
if r.Method == "POST" {
|
||||||
defer r.Body.Close()
|
defer r.Body.Close()
|
||||||
|
user := GetUser(r)
|
||||||
|
if userPermission.NeedsCaptcha(user) {
|
||||||
|
userCaptcha := captcha.Extract(r)
|
||||||
|
if !captcha.Authenticate(userCaptcha) {
|
||||||
|
http.Error(w, captcha.ErrInvalidCaptcha.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// validation is done in ExtractInfo()
|
// validation is done in ExtractInfo()
|
||||||
err := uploadForm.ExtractInfo(r)
|
err := uploadForm.ExtractInfo(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user, _, err := userService.RetrieveCurrentUser(r)
|
|
||||||
if err != nil {
|
|
||||||
fmt.Printf("error %+v\n", err)
|
|
||||||
}
|
|
||||||
status := 1 // normal
|
status := 1 // normal
|
||||||
if uploadForm.Remake { // overrides trusted
|
if uploadForm.Remake { // overrides trusted
|
||||||
status = 2
|
status = 2
|
||||||
} else if user.Status == 1 {
|
} else if user.Status == 1 {
|
||||||
status = 3 // mark as trusted if user is trusted
|
status = 3 // mark as trusted if user is trusted
|
||||||
}
|
}
|
||||||
var sameTorrents int
|
|
||||||
db.ORM.Model(&model.Torrent{}).Where("torrent_hash = ?", uploadForm.Infohash).Count(&sameTorrents)
|
var sameTorrents int
|
||||||
if (sameTorrents == 0) {
|
db.ORM.Model(&model.Torrent{}).Where("torrent_hash = ?", uploadForm.Infohash).Count(&sameTorrents)
|
||||||
//add to db and redirect depending on result
|
if (sameTorrents == 0) {
|
||||||
|
// add to db and redirect
|
||||||
torrent := model.Torrent{
|
torrent := model.Torrent{
|
||||||
Name: uploadForm.Name,
|
Name: uploadForm.Name,
|
||||||
Category: uploadForm.CategoryID,
|
Category: uploadForm.CategoryID,
|
||||||
|
@ -54,7 +60,6 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
Description: uploadForm.Description,
|
Description: uploadForm.Description,
|
||||||
UploaderID: user.ID}
|
UploaderID: user.ID}
|
||||||
db.ORM.Create(&torrent)
|
db.ORM.Create(&torrent)
|
||||||
fmt.Printf("%+v\n", torrent)
|
|
||||||
url, err := Router.Get("view_torrent").URL("id", strconv.FormatUint(uint64(torrent.ID), 10))
|
url, err := Router.Get("view_torrent").URL("id", strconv.FormatUint(uint64(torrent.ID), 10))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
@ -66,7 +71,14 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
} else if r.Method == "GET" {
|
} else if r.Method == "GET" {
|
||||||
uploadForm.CaptchaID = captcha.GetID()
|
user := GetUser(r)
|
||||||
|
if userPermission.NeedsCaptcha(user) {
|
||||||
|
uploadForm.CaptchaID = captcha.GetID()
|
||||||
|
} else {
|
||||||
|
uploadForm.CaptchaID = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
htv := UploadTemplateVariables{uploadForm, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
|
htv := UploadTemplateVariables{uploadForm, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
|
||||||
languages.SetTranslationFromRequest(uploadTemplate, r, "en-us")
|
languages.SetTranslationFromRequest(uploadTemplate, r, "en-us")
|
||||||
err := uploadTemplate.ExecuteTemplate(w, "index.html", htv)
|
err := uploadTemplate.ExecuteTemplate(w, "index.html", htv)
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/ewhal/nyaa/model"
|
"github.com/ewhal/nyaa/model"
|
||||||
"github.com/ewhal/nyaa/service/captcha"
|
"github.com/ewhal/nyaa/service/captcha"
|
||||||
"github.com/ewhal/nyaa/service/torrent"
|
"github.com/ewhal/nyaa/service/torrent"
|
||||||
|
"github.com/ewhal/nyaa/service/user/permission"
|
||||||
"github.com/ewhal/nyaa/util"
|
"github.com/ewhal/nyaa/util"
|
||||||
"github.com/ewhal/nyaa/util/languages"
|
"github.com/ewhal/nyaa/util/languages"
|
||||||
"github.com/ewhal/nyaa/util/log"
|
"github.com/ewhal/nyaa/util/log"
|
||||||
|
@ -26,7 +27,12 @@ func ViewHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
b := torrent.ToJSON()
|
b := torrent.ToJSON()
|
||||||
htv := ViewTemplateVariables{b, captcha.Captcha{CaptchaID: captcha.GetID()}, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
|
captchaID := ""
|
||||||
|
user := GetUser(r)
|
||||||
|
if userPermission.NeedsCaptcha(user) {
|
||||||
|
captchaID = captcha.GetID()
|
||||||
|
}
|
||||||
|
htv := ViewTemplateVariables{b, captchaID, NewSearchForm(), Navigation{}, user, r.URL, mux.CurrentRoute(r)}
|
||||||
|
|
||||||
languages.SetTranslationFromRequest(viewTemplate, r, "en-us")
|
languages.SetTranslationFromRequest(viewTemplate, r, "en-us")
|
||||||
err = viewTemplate.ExecuteTemplate(w, "index.html", htv)
|
err = viewTemplate.ExecuteTemplate(w, "index.html", htv)
|
||||||
|
@ -39,12 +45,14 @@ func PostCommentHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
vars := mux.Vars(r)
|
vars := mux.Vars(r)
|
||||||
id := vars["id"]
|
id := vars["id"]
|
||||||
|
|
||||||
userCaptcha := captcha.Extract(r)
|
|
||||||
if !captcha.Authenticate(userCaptcha) {
|
|
||||||
http.Error(w, "bad captcha", 403)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
currentUser := GetUser(r)
|
currentUser := GetUser(r)
|
||||||
|
if userPermission.NeedsCaptcha(currentUser) {
|
||||||
|
userCaptcha := captcha.Extract(r)
|
||||||
|
if !captcha.Authenticate(userCaptcha) {
|
||||||
|
http.Error(w, "bad captcha", 403)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
content := p.Sanitize(r.FormValue("comment"))
|
content := p.Sanitize(r.FormValue("comment"))
|
||||||
|
|
||||||
if strings.TrimSpace(content) == "" {
|
if strings.TrimSpace(content) == "" {
|
||||||
|
@ -75,12 +83,14 @@ func ReportTorrentHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
vars := mux.Vars(r)
|
vars := mux.Vars(r)
|
||||||
id := vars["id"]
|
id := vars["id"]
|
||||||
|
|
||||||
userCaptcha := captcha.Extract(r)
|
|
||||||
if !captcha.Authenticate(userCaptcha) {
|
|
||||||
http.Error(w, "bad captcha", 403)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
currentUser := GetUser(r)
|
currentUser := GetUser(r)
|
||||||
|
if userPermission.NeedsCaptcha(currentUser) {
|
||||||
|
userCaptcha := captcha.Extract(r)
|
||||||
|
if !captcha.Authenticate(userCaptcha) {
|
||||||
|
http.Error(w, "bad captcha", 403)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
idNum, err := strconv.Atoi(id)
|
idNum, err := strconv.Atoi(id)
|
||||||
userID := currentUser.ID
|
userID := currentUser.ID
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"github.com/ewhal/nyaa/util/log"
|
"github.com/ewhal/nyaa/util/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
// HasAdmin checks that user has an admin permission.
|
// HasAdmin checks that user has an admin permission.
|
||||||
func HasAdmin(user *model.User) bool {
|
func HasAdmin(user *model.User) bool {
|
||||||
return user.Status == 2
|
return user.Status == 2
|
||||||
|
@ -18,11 +19,16 @@ func CurrentOrAdmin(user *model.User, userID uint) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// CurrentUserIdentical check that userID is same as current user's ID.
|
// CurrentUserIdentical check that userID is same as current user's ID.
|
||||||
// TODO: Inline this
|
// TODO: Inline this (won't go do this for us?)
|
||||||
func CurrentUserIdentical(user *model.User, userID uint) bool {
|
func CurrentUserIdentical(user *model.User, userID uint) bool {
|
||||||
return user.ID == userID
|
return user.ID == userID
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NeedsCaptcha(user *model.User) bool {
|
||||||
|
// Trusted members & Moderators don't
|
||||||
|
return !(user.Status == 1 || user.Status == 2)
|
||||||
|
}
|
||||||
|
|
||||||
func GetRole(user *model.User) string {
|
func GetRole(user *model.User) string {
|
||||||
switch user.Status {
|
switch user.Status {
|
||||||
case -1:
|
case -1:
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
{{define "captcha"}}
|
{{define "captcha"}}
|
||||||
|
{{/* unset if user doesn't need captcha */}}
|
||||||
|
{{if ne .CaptchaID ""}}
|
||||||
<div class="form-group captcha-container">
|
<div class="form-group captcha-container">
|
||||||
<label for="solution">Captcha</label>
|
<label for="solution">Captcha</label>
|
||||||
<input type="text" name="captchaID" value="{{.CaptchaID}}" hidden>
|
<input type="text" name="captchaID" value="{{.CaptchaID}}" hidden>
|
||||||
<img src="/captcha/{{.CaptchaID}}.png">
|
<img src="/captcha/{{.CaptchaID}}.png">
|
||||||
<input type="text" name="solution" class="form-control" placeholder="Captcha" autocomplete="off" required>
|
<input type="text" name="solution" class="form-control" placeholder="Captcha" autocomplete="off" required>
|
||||||
</div>
|
</div>
|
||||||
|
{{end}}
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
|
@ -116,7 +116,7 @@
|
||||||
<label for="comment">{{ if gt .User.ID 0}} {{T "submit_a_comment_as_username" .User.Username}} {{else}} {{T "submit_a_comment_as_anonymous"}} {{end}}</label>
|
<label for="comment">{{ if gt .User.ID 0}} {{T "submit_a_comment_as_username" .User.Username}} {{else}} {{T "submit_a_comment_as_anonymous"}} {{end}}</label>
|
||||||
<textarea name="comment" class="form-control" rows="5"></textarea>
|
<textarea name="comment" class="form-control" rows="5"></textarea>
|
||||||
</div>
|
</div>
|
||||||
{{with .Captcha}} {{block "captcha" .}}{{end}} {{end}}
|
{{block "captcha" .}}{{end}}
|
||||||
<button type="submit" class="btn btn-success">{{T " submit "}}</button>
|
<button type="submit" class="btn btn-success">{{T " submit "}}</button>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
@ -137,7 +137,7 @@
|
||||||
<input type="radio" name="report_type" value="illegal"> Illegal content <br/>
|
<input type="radio" name="report_type" value="illegal"> Illegal content <br/>
|
||||||
<input type="radio" name="report_type" value="spam"> Spam / garbage
|
<input type="radio" name="report_type" value="spam"> Spam / garbage
|
||||||
{{end}}
|
{{end}}
|
||||||
{{with .Captcha}} {{block "captcha" .}}{{end}} {{end}}
|
{{block "captcha" .}}{{end}}
|
||||||
<button type="submit" class="btn btn-default">Report!</button>
|
<button type="submit" class="btn btn-default">Report!</button>
|
||||||
</form> <br />
|
</form> <br />
|
||||||
</div>
|
</div>
|
||||||
|
|
Référencer dans un nouveau ticket