antispam 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d0436bc2335d973b63d2ffb1e34a7a497ff9f86e2cf98d87c38fb2c5797f2fff
+  data.tar.gz: a8cfe2b31913ba9c7a4ad9f0153b5f59c9b140c36cdcca20086ea7db94a8a8ba
+SHA512:
+  metadata.gz: 9755957fce4a89628c1e2b587ee046da5fccaf4692a5f0a596fa2dc5afea282a68d05d04a8ad82689f5e9d30c3660bad5fcbf75184141648b8e17ab0d693dfef
+  data.tar.gz: 769deceafe70aafc9b5f98e1b1d995876ad98542a8c75a1633c75f6ea226331d5ce55270fce438f322927947fca539f59d60e6ea5e48603095c1e5656f906e96

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2021 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,72 @@
+# Antispam
+The antispam gem helps prevent spam in your Rails applications by
+checking against various antispam blacklists on the web.
+You can configure which spam blacklists are checked in your application configuration.
+
+## Usage
+
+The gem is used by adding this to your ApplicationController.rb
+
+```
+before_action do
+  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, verbose: true)
+end
+```
+
+Once the filter is setup, everything else is handled for your application.
+The gem will run during any request that is not a GET request.
+
+Blacklist database lookups are cached for 24 hours, and cached results won't need
+to slowdown your app by additional http requests on the backend.
+
+The gem needs to create some database tables to function; these store the cached
+blacklist database lookups, and any actions caused by the gem.
+
+You need to add this to your routes.rb
+```
+  mount Antispam::Engine => "/antispam"
+```
+You can see what IP addresses have been blocked by going to /antispam/blocks
+but your applicationcontroller must have a user_has_role?("admin") function.
+
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'antispam'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install antispam
+$ rails antispam:install:migrations
+$ rails db:migrate SCOPE=antispam
+```
+The gem depends on image_processing, which depends on vips. We are using vips to
+generate captcha images.
+```
+sudo apt install libvips-tools
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ryankopf/antispam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/antispam/blob/master/CODE_OF_CONDUCT.md).
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Antispam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ryankopf/antispam/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,18 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"
+
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/antispam_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/antispam .css

data/app/assets/stylesheets/antispam/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/assets/stylesheets/antispam/blocks.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/antispam/challenges.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/antispam/clears.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/scaffold.css

@@ -0,0 +1,80 @@
+body {
+  background-color: #fff;
+  color: #333;
+  margin: 33px;
+}
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a {
+  color: #000;
+}
+
+a:visited {
+  color: #666;
+}
+
+a:hover {
+  color: #fff;
+  background-color: #000;
+}
+
+th {
+  padding-bottom: 5px;
+}
+
+td {
+  padding: 0 5px 7px;
+}
+
+div.field,
+div.actions {
+  margin-bottom: 10px;
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px 7px 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px -7px 0;
+  background-color: #c00;
+  color: #fff;
+}
+
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}
+
+label {
+  display: block;
+}

data/app/controllers/antispam/application_controller.rb

@@ -0,0 +1,4 @@
+module Antispam
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/antispam/blocks_controller.rb

@@ -0,0 +1,70 @@
+require_dependency "antispam/application_controller"
+
+module Antispam
+  class BlocksController < ApplicationController
+    before_action :must_be_admin
+    before_action :set_block, only: [:show, :edit, :update, :destroy]
+
+    # GET /blocks
+    def index
+      @blocks = Block.all
+    end
+
+    # GET /blocks/1
+    def show
+    end
+
+    # # GET /blocks/new
+    # def new
+    #   @block = Block.new
+    # end
+    #
+    # # GET /blocks/1/edit
+    # def edit
+    # end
+    #
+    # # POST /blocks
+    # def create
+    #   @block = Block.new(block_params)
+    #
+    #   if @block.save
+    #     redirect_to @block, notice: 'Block was successfully created.'
+    #   else
+    #     render :new
+    #   end
+    # end
+    #
+    # # PATCH/PUT /blocks/1
+    # def update
+    #   if @block.update(block_params)
+    #     redirect_to @block, notice: 'Block was successfully updated.'
+    #   else
+    #     render :edit
+    #   end
+    # end
+    #
+    # # DELETE /blocks/1
+    # def destroy
+    #   @block.destroy
+    #   redirect_to blocks_url, notice: 'Block was successfully destroyed.'
+    # end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_block
+        @block = Block.find(params[:id])
+      end
+
+      # Only allow a list of trusted parameters through.
+      def block_params
+        params.require(:block).permit(:ip, :provider, :controllername, :actionname)
+      end
+      def must_be_admin
+        begin
+          return false unless user_has_role?("admin")
+        rescue
+          return false
+        end
+      end
+  end
+end

data/app/controllers/antispam/challenges_controller.rb

@@ -0,0 +1,49 @@
+require_dependency "antispam/application_controller"
+
+module Antispam
+  class ChallengesController < ApplicationController
+    before_action :set_challenge, only: [:show, :edit, :update, :destroy]
+
+    # GET /challenges/1
+    def show
+      respond_to do |format|
+        format.jpeg do
+          image = @challenge.get_image
+          render content_type: 'image/jpeg', plain: image.jpegsave_buffer
+        end
+      end
+    end
+
+    # GET /challenges/new
+    def new
+      # use in the future for changing code
+    end
+
+    # PATCH/PUT /challenges/1
+    def update
+      if @challenge.validate?(params[:challenge][:answer])
+        a = Antispam::Ip.find_or_create_by(address: request.remote_ip, provider: 'httpbl')
+        before = a.threat
+        a.threat = [(a.threat || 0) - 25, 0].max
+        c = Clear.create(ip: request.remote_ip, answer: params[:challenge][:answer], result: 'Passed', threat_before: before, threat_after: a.threat)
+        a.expires_at = 1.hour.from_now
+        a.save
+        redirect_to '/'
+      else
+        c = Clear.create(ip: request.remote_ip, answer: params[:challenge][:answer], result: 'Failed')
+        redirect_to '/antispam/validate', notice: 'Invalid answer.'
+      end
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_challenge
+        @challenge = Challenge.find(params[:id])
+      end
+
+      # Only allow a list of trusted parameters through.
+      def challenge_params
+        params.require(:challenge).permit(:answer, :code)
+      end
+  end
+end

data/app/controllers/antispam/clears_controller.rb

@@ -0,0 +1,63 @@
+require_dependency "antispam/application_controller"
+
+module Antispam
+  class ClearsController < ApplicationController
+    before_action :must_be_admin
+    before_action :set_clear, only: [:show, :edit, :update, :destroy]
+
+    # GET /clears
+    def index
+      @clears = Clear.all
+    end
+
+    # GET /clears/1
+    def show
+    end
+    #
+    # # GET /clears/new
+    # def new
+    #   @clear = Clear.new
+    # end
+    #
+    # # GET /clears/1/edit
+    # def edit
+    # end
+    #
+    # # POST /clears
+    # def create
+    #   @clear = Clear.new(clear_params)
+    #
+    #   if @clear.save
+    #     redirect_to @clear, notice: 'Clear was successfully created.'
+    #   else
+    #     render :new
+    #   end
+    # end
+    #
+    # # PATCH/PUT /clears/1
+    # def update
+    #   if @clear.update(clear_params)
+    #     redirect_to @clear, notice: 'Clear was successfully updated.'
+    #   else
+    #     render :edit
+    #   end
+    # end
+    #
+    # # DELETE /clears/1
+    # def destroy
+    #   @clear.destroy
+    #   redirect_to clears_url, notice: 'Clear was successfully destroyed.'
+    # end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_clear
+        @clear = Clear.find(params[:id])
+      end
+
+      # Only allow a list of trusted parameters through.
+      def clear_params
+        params.require(:clear).permit(:ip, :result, :answer, :threat_before, :threat_after)
+      end
+  end
+end