No captchas for trusted users or admins, closes #330
Cette révision appartient à :
Parent
e2a15c185c
révision
6b341c7b03
8 fichiers modifiés avec 59 ajouts et 35 suppressions
|
@ -69,6 +69,7 @@ var FuncMap = template.FuncMap{
|
|||
"CurrentOrAdmin": userPermission.CurrentOrAdmin,
|
||||
"CurrentUserIdentical": userPermission.CurrentUserIdentical,
|
||||
"HasAdmin": userPermission.HasAdmin,
|
||||
"NeedsCaptcha": userPermission.NeedsCaptcha,
|
||||
"GetRole": userPermission.GetRole,
|
||||
"IsFollower": userPermission.IsFollower,
|
||||
"NoEncode": func(str string) template.HTML {
|
||||
|
|
|
@ -6,7 +6,6 @@ import (
|
|||
|
||||
"github.com/ewhal/nyaa/common"
|
||||
"github.com/ewhal/nyaa/model"
|
||||
"github.com/ewhal/nyaa/service/captcha"
|
||||
"github.com/ewhal/nyaa/service/user"
|
||||
userForms "github.com/ewhal/nyaa/service/user/form"
|
||||
"github.com/gorilla/mux"
|
||||
|
@ -36,7 +35,7 @@ type NotFoundTemplateVariables struct {
|
|||
|
||||
type ViewTemplateVariables struct {
|
||||
Torrent model.TorrentJSON
|
||||
Captcha captcha.Captcha
|
||||
CaptchaID string
|
||||
Search SearchForm
|
||||
Navigation Navigation
|
||||
User *model.User
|
||||
|
|
|
@ -17,7 +17,6 @@ import (
|
|||
|
||||
"github.com/ewhal/nyaa/cache"
|
||||
"github.com/ewhal/nyaa/config"
|
||||
"github.com/ewhal/nyaa/service/captcha"
|
||||
"github.com/ewhal/nyaa/service/upload"
|
||||
"github.com/ewhal/nyaa/util"
|
||||
"github.com/ewhal/nyaa/util/metainfo"
|
||||
|
@ -33,7 +32,7 @@ type UploadForm struct {
|
|||
Remake bool
|
||||
Description string
|
||||
Status int
|
||||
captcha.Captcha
|
||||
CaptchaID string
|
||||
|
||||
Infohash string
|
||||
CategoryID int
|
||||
|
@ -84,12 +83,6 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
|
|||
f.Status, _ = strconv.Atoi(r.FormValue(UploadFormStatus))
|
||||
f.Magnet = r.FormValue(UploadFormMagnet)
|
||||
f.Remake = r.FormValue(UploadFormRemake) == "on"
|
||||
f.Captcha = captcha.Extract(r)
|
||||
|
||||
if !captcha.Authenticate(f.Captcha) {
|
||||
// TODO: Prettier passing of mistyped Captcha errors
|
||||
return errors.New(captcha.ErrInvalidCaptcha.Error())
|
||||
}
|
||||
|
||||
// trim whitespace
|
||||
f.Name = util.TrimWhitespaces(f.Name)
|
||||
|
|
|
@ -10,7 +10,7 @@ import (
|
|||
"github.com/ewhal/nyaa/db"
|
||||
"github.com/ewhal/nyaa/model"
|
||||
"github.com/ewhal/nyaa/service/captcha"
|
||||
"github.com/ewhal/nyaa/service/user"
|
||||
"github.com/ewhal/nyaa/service/user/permission"
|
||||
"github.com/ewhal/nyaa/util/languages"
|
||||
"github.com/gorilla/mux"
|
||||
)
|
||||
|
@ -23,26 +23,32 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
|
|||
var uploadForm UploadForm
|
||||
if r.Method == "POST" {
|
||||
defer r.Body.Close()
|
||||
user := GetUser(r)
|
||||
if userPermission.NeedsCaptcha(user) {
|
||||
userCaptcha := captcha.Extract(r)
|
||||
if !captcha.Authenticate(userCaptcha) {
|
||||
http.Error(w, captcha.ErrInvalidCaptcha.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// validation is done in ExtractInfo()
|
||||
err := uploadForm.ExtractInfo(r)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
user, _, err := userService.RetrieveCurrentUser(r)
|
||||
if err != nil {
|
||||
fmt.Printf("error %+v\n", err)
|
||||
}
|
||||
status := 1 // normal
|
||||
if uploadForm.Remake { // overrides trusted
|
||||
status = 2
|
||||
} else if user.Status == 1 {
|
||||
status = 3 // mark as trusted if user is trusted
|
||||
}
|
||||
|
||||
var sameTorrents int
|
||||
db.ORM.Model(&model.Torrent{}).Where("torrent_hash = ?", uploadForm.Infohash).Count(&sameTorrents)
|
||||
if (sameTorrents == 0) {
|
||||
//add to db and redirect depending on result
|
||||
// add to db and redirect
|
||||
torrent := model.Torrent{
|
||||
Name: uploadForm.Name,
|
||||
Category: uploadForm.CategoryID,
|
||||
|
@ -54,7 +60,6 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
|
|||
Description: uploadForm.Description,
|
||||
UploaderID: user.ID}
|
||||
db.ORM.Create(&torrent)
|
||||
fmt.Printf("%+v\n", torrent)
|
||||
url, err := Router.Get("view_torrent").URL("id", strconv.FormatUint(uint64(torrent.ID), 10))
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
|
@ -66,7 +71,14 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
} else if r.Method == "GET" {
|
||||
user := GetUser(r)
|
||||
if userPermission.NeedsCaptcha(user) {
|
||||
uploadForm.CaptchaID = captcha.GetID()
|
||||
} else {
|
||||
uploadForm.CaptchaID = ""
|
||||
}
|
||||
|
||||
|
||||
htv := UploadTemplateVariables{uploadForm, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
|
||||
languages.SetTranslationFromRequest(uploadTemplate, r, "en-us")
|
||||
err := uploadTemplate.ExecuteTemplate(w, "index.html", htv)
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
"github.com/ewhal/nyaa/model"
|
||||
"github.com/ewhal/nyaa/service/captcha"
|
||||
"github.com/ewhal/nyaa/service/torrent"
|
||||
"github.com/ewhal/nyaa/service/user/permission"
|
||||
"github.com/ewhal/nyaa/util"
|
||||
"github.com/ewhal/nyaa/util/languages"
|
||||
"github.com/ewhal/nyaa/util/log"
|
||||
|
@ -26,7 +27,12 @@ func ViewHandler(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
b := torrent.ToJSON()
|
||||
htv := ViewTemplateVariables{b, captcha.Captcha{CaptchaID: captcha.GetID()}, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
|
||||
captchaID := ""
|
||||
user := GetUser(r)
|
||||
if userPermission.NeedsCaptcha(user) {
|
||||
captchaID = captcha.GetID()
|
||||
}
|
||||
htv := ViewTemplateVariables{b, captchaID, NewSearchForm(), Navigation{}, user, r.URL, mux.CurrentRoute(r)}
|
||||
|
||||
languages.SetTranslationFromRequest(viewTemplate, r, "en-us")
|
||||
err = viewTemplate.ExecuteTemplate(w, "index.html", htv)
|
||||
|
@ -39,12 +45,14 @@ func PostCommentHandler(w http.ResponseWriter, r *http.Request) {
|
|||
vars := mux.Vars(r)
|
||||
id := vars["id"]
|
||||
|
||||
currentUser := GetUser(r)
|
||||
if userPermission.NeedsCaptcha(currentUser) {
|
||||
userCaptcha := captcha.Extract(r)
|
||||
if !captcha.Authenticate(userCaptcha) {
|
||||
http.Error(w, "bad captcha", 403)
|
||||
return
|
||||
}
|
||||
currentUser := GetUser(r)
|
||||
}
|
||||
content := p.Sanitize(r.FormValue("comment"))
|
||||
|
||||
if strings.TrimSpace(content) == "" {
|
||||
|
@ -75,12 +83,14 @@ func ReportTorrentHandler(w http.ResponseWriter, r *http.Request) {
|
|||
vars := mux.Vars(r)
|
||||
id := vars["id"]
|
||||
|
||||
currentUser := GetUser(r)
|
||||
if userPermission.NeedsCaptcha(currentUser) {
|
||||
userCaptcha := captcha.Extract(r)
|
||||
if !captcha.Authenticate(userCaptcha) {
|
||||
http.Error(w, "bad captcha", 403)
|
||||
return
|
||||
}
|
||||
currentUser := GetUser(r)
|
||||
}
|
||||
|
||||
idNum, err := strconv.Atoi(id)
|
||||
userID := currentUser.ID
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"github.com/ewhal/nyaa/util/log"
|
||||
)
|
||||
|
||||
|
||||
// HasAdmin checks that user has an admin permission.
|
||||
func HasAdmin(user *model.User) bool {
|
||||
return user.Status == 2
|
||||
|
@ -18,11 +19,16 @@ func CurrentOrAdmin(user *model.User, userID uint) bool {
|
|||
}
|
||||
|
||||
// CurrentUserIdentical check that userID is same as current user's ID.
|
||||
// TODO: Inline this
|
||||
// TODO: Inline this (won't go do this for us?)
|
||||
func CurrentUserIdentical(user *model.User, userID uint) bool {
|
||||
return user.ID == userID
|
||||
}
|
||||
|
||||
func NeedsCaptcha(user *model.User) bool {
|
||||
// Trusted members & Moderators don't
|
||||
return !(user.Status == 1 || user.Status == 2)
|
||||
}
|
||||
|
||||
func GetRole(user *model.User) string {
|
||||
switch user.Status {
|
||||
case -1:
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
{{define "captcha"}}
|
||||
{{/* unset if user doesn't need captcha */}}
|
||||
{{if ne .CaptchaID ""}}
|
||||
<div class="form-group captcha-container">
|
||||
<label for="solution">Captcha</label>
|
||||
<input type="text" name="captchaID" value="{{.CaptchaID}}" hidden>
|
||||
<img src="/captcha/{{.CaptchaID}}.png">
|
||||
<input type="text" name="solution" class="form-control" placeholder="Captcha" autocomplete="off" required>
|
||||
</div>
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
|
|
@ -116,7 +116,7 @@
|
|||
<label for="comment">{{ if gt .User.ID 0}} {{T "submit_a_comment_as_username" .User.Username}} {{else}} {{T "submit_a_comment_as_anonymous"}} {{end}}</label>
|
||||
<textarea name="comment" class="form-control" rows="5"></textarea>
|
||||
</div>
|
||||
{{with .Captcha}} {{block "captcha" .}}{{end}} {{end}}
|
||||
{{block "captcha" .}}{{end}}
|
||||
<button type="submit" class="btn btn-success">{{T " submit "}}</button>
|
||||
</form>
|
||||
</div>
|
||||
|
@ -137,7 +137,7 @@
|
|||
<input type="radio" name="report_type" value="illegal"> Illegal content <br/>
|
||||
<input type="radio" name="report_type" value="spam"> Spam / garbage
|
||||
{{end}}
|
||||
{{with .Captcha}} {{block "captcha" .}}{{end}} {{end}}
|
||||
{{block "captcha" .}}{{end}}
|
||||
<button type="submit" class="btn btn-default">Report!</button>
|
||||
</form> <br />
|
||||
</div>
|
||||
|
|
Référencer dans un nouveau ticket