antispam 0.1.5 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 278c21161c08ebd08f8376df6ddb57fcda33d20d7ae9e9d804a7b3785c23cbae
-  data.tar.gz: dab176fb46e3d5ecaa6d2c304262adfc4bf612f413b392270e3b44ef03de7147
+  metadata.gz: f04775ef37b7cf6a564c81bb3f664dbecf7b638fdf95db9beafd5484e5ceb3e5
+  data.tar.gz: bd219f97bc7ff11bf36fe4e98377c0e4b920a93e10f27fa4cae9a170db1d2ab8
 SHA512:
-  metadata.gz: 3491eb8c49c91b0cc468440cde3b965ac359d6e3d561e8893a5e48079da0441a2128dd9cb118d30b79e147b8ad79d87ce2df78fcd074217880b1c6f9c4e60748
-  data.tar.gz: b1d49d286f4bc2d6885e40e7f20b0bd9cdec2f57c608dd443b9c060a8a49ca7799e69f05a0e3e5f422071f385a34fcd39e442a2ee5b5a89f0dfd56425574da5c
+  metadata.gz: 18e2653f47965506ef9673c01eb4bc15f1367c253822e8de402f5d1862020b6b60729ae444d03dccb89cf40583263cdef6845bac656512dbc1fb6499596d58cb
+  data.tar.gz: 5e19607550a09cc727785ae31fd0bc4221944f2a1a14e2573a43ea4c12969124507e3514dff346d1e8658caf380f2190d0118ced16ef049a3da4c11312126707

data/README.md

@@ -1,9 +1,33 @@
 # Antispam
 The antispam gem helps prevent spam in your Rails applications by
-checking against various antispam blacklists on the web.
-You can configure which spam blacklists are checked in your application configuration.
+providing tools that check spam against powerful spam-prevention
+databases, accessible for free.
 
-## Usage
+The first feature checks against an IP database of spam, allowing you
+to stop spammers who are prolific and have been detected on other websites.
+It relies on the lightning-quick httpbl from Project Honey Pot.
+
+The second feature allows you to submit user-provided content to a spam
+checking service that uses machine learning and a database of content to
+determine whether the user's submitted content is spam. It uses the blazing
+fast Defendium API I created to quickly determine if submitted content is
+spam or not. Defendium's [pricing](https://defendium.com/pricing) is free
+for up to 1,000 API calls per day, which should be sufficient for 99% of users.
+
+The two features are optional, and you can use either one without the other.
+
+## Spam Content Checking - Usage
+
+```
+result = Antispam::Checker.check(content: @comment.body)
+if result.is_spam?
+  redirect_to "/access_denied"
+else
+  @comment.save
+end
+```
+
+## Bad IP Checking - Usage
 
 The gem is used by adding this to your ApplicationController.rb
 
@@ -13,8 +37,29 @@ before_action do
 end
 ```
 
+Codes are from the [httpbl](https://www.projecthoneypot.org/httpbl.php) at projecthoneypot.org
+
 Once the filter is setup, everything else is handled for your application.
-The gem will run during any request that is not a GET request.
+By default the gem will run during any request that is not a GET request.
+
+When a POST/PATCH/ETC (non-GET) request comes in, the IP blacklist is checked
+to see if the poster is on a spam blacklist. If the poster is on the blacklist
+then the request is automatically blocked and redirected to a captcha page. A
+real user can then enter the captcha to bypass the block. In the future other
+captcha options may be supported, such as mechanical (hashing) captcha and
+other types of invisible captcha.
+
+Eventually configurable settings may be in place to give other options when
+a spammy IP is detected, but the current defaults are set to only block spam
+in cases where the blacklist is quite certain the IP is only doing spam.
+
+You can change the filter to run during other requests.
+
+```
+before_action do
+  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, methods: [:get,:post,:put,:patch,:delete])
+end
+```
 
 Blacklist database lookups are cached for 24 hours, and cached results won't need
 to slowdown your app by additional http requests on the backend.
@@ -27,7 +72,7 @@ You need to add this to your routes.rb
   mount Antispam::Engine => "/antispam"
 ```
 You can see what IP addresses have been blocked by going to /antispam/blocks
-but your applicationcontroller must respond to ```is_admin?``` function.
+but your ApplicationController.rb must respond to ```is_admin?``` function.
 
 
 ## Installation
@@ -70,3 +115,14 @@ The gem is available as open source under the terms of the [MIT License](https:/
 ## Code of Conduct
 
 Everyone interacting in the Antispam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ryankopf/antispam/blob/master/CODE_OF_CONDUCT.md).
+
+## NO WARRANTY
+
+THE SUBJECT SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND,
+EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO,
+ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL CONFORM TO SPECIFICATIONS,
+ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+OR FREEDOM FROM INFRINGEMENT, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL BE
+ERROR FREE, OR ANY WARRANTY THAT DOCUMENTATION, IF PROVIDED, WILL CONFORM TO
+THE SUBJECT SOFTWARE. THIS SOFTWARE IS PROVIDED "AS IS." IF YOUR JURISDICTION
+DOES NOT ALLOW THESE LIMITATIONS THEN YOU MAY NOT USE THE SOFTWARE.

data/app/controllers/antispam/challenges_controller.rb

@@ -17,6 +17,7 @@ module Antispam
     # GET /challenges/new
     def new
       # use in the future for changing code
+      head :ok
     end
 
     # PATCH/PUT /challenges/1

data/app/views/antispam/blocks/index.html.erb

@@ -34,6 +34,6 @@
     </table>
   </div>
   <div class="cx">
-    <%= render template: '/antispam/clears/index.html' %>
+    <%= render template: '/antispam/clears/index', formats: :html %>
   </div>
 </div>

data/lib/antispam/blacklists/httpbl.rb

@@ -2,6 +2,7 @@ require 'resolv'
 module Antispam
   module Blacklists
     class Httpbl
+      # Returns a threat-level number, or 0 if no threat / no result.
       def self.check(ip, key, verbose)
         threat = 0
         begin
@@ -15,19 +16,20 @@ module Antispam
           address = Resolv::getaddress(host)
           z,days,threat,iptype = address.split('.')
           Rails.logger.info "Spam located: #{iptype} type at #{threat} threat. (#{ip} - #{address})" if verbose
+          threat = threat.to_i
           # Create or update
-          if (threat.to_i > 30)
-            Rails.logger.info "Spamcheck: Very high, over 30!"
+          if (threat > 30)
+            Rails.logger.info "Spamcheck: Very high, over 30!" if verbose
           end
         rescue Exception => e
           case e
           when Resolv::ResolvError #Not spam! This blacklist gives an error when there's no spam threat.
-            Rails.logger.info "Spamcheck: OK! Resolve error means the httpbl does not consider this spam."
+            Rails.logger.info "Spamcheck: OK! Resolve error means the httpbl does not consider this spam." if verbose
           when Interrupt #Something broke while trying to check blacklist.
-            Rails.logger.info "Spamcheck: Interrupt when trying to resolve http blacklist. Possible timeout?"
+            Rails.logger.info "Spamcheck: Interrupt when trying to resolve http blacklist. Possible timeout?" if verbose
           else # Time Out
-            Rails.logger.info "Spamcheck: There was an error, possibly a time out, when checking this IP."
-            Rails.logger.info e.to_s
+            Rails.logger.info "Spamcheck: There was an error, possibly a time out, when checking this IP." if verbose
+            Rails.logger.info e.to_s if verbose
           end
         end
         update_old_result(ip, threat)

data/lib/antispam/checker.rb

@@ -0,0 +1,31 @@
+module Antispam
+  module Checker
+    # Checks content for spam
+    # check(options)
+    # Usage: check({content: "No spam here", providers: { defendium: 'MY_API_KEY'}})
+    def self.check(options = {})
+      # Default provider. 'YOUR_KEY' works temporarily, giving a warning but also giving results
+      # eventually add something to tell users to add their own keys
+      # or choose their preferred provider, when more provider options are added.
+      options[:providers] ||= {defendium: 'YOUR_KEY'}
+      Rails.logger.info "Content was nil for spamcheck." if options[:content].nil? && options[:verbose]
+      return if options[:content].nil?
+      Rails.logger.info "Spamcheckers should be a hash" if (!(options[:providers].is_a? Hash)) && options[:verbose]
+      results = []
+      options[:providers].each do |spamchecker_name, spamchecker_api_key|
+        results.append spamchecker(spamchecker_name).check(options[:content], spamchecker_api_key, options[:verbose])
+        # if spamchecker_name == :defendium
+        #   results.append Antispam::Spamcheckers::Defendium.check(options[:content], spamchecker_api_key, options[:verbose])
+        # end
+      end
+      result = Antispam::SpamcheckResult.new(results)
+      return result
+    end
+    def self.spamchecker(provider)
+      class_name = provider.to_s.camelize
+      raise Antispam::NoSuchSpamcheckerError unless Antispam::Spamcheckers.const_defined? class_name
+      Antispam::Spamcheckers.const_get class_name
+    end
+  end
+  class NoSuchSpamcheckerError < StandardError; end
+end

data/lib/antispam/results.rb

@@ -0,0 +1,18 @@
+module Antispam
+  class SpamcheckResult
+    def initialize(results)
+      @results = results
+    end
+    def is_spam?
+      @results.select{|x| x > 0}.present?
+    end
+  end
+  class BlacklistResult
+    def initialize(results)
+      @results = results
+    end
+    def is_bad?
+      @results.select{|x| x > 30}.present?
+    end
+  end
+end

data/lib/antispam/spamcheckers/defendium.rb

@@ -0,0 +1,30 @@
+#require 'resolv'
+module Antispam
+  module Spamcheckers
+    class Defendium
+      # Returns a boolean, 1 for spam, 0 for not spam.
+      def self.check(content, key, verbose)
+        # nethttp2.rb
+        require 'uri'
+        require 'net/http'
+
+        uri = URI('https://api.defendium.com/check')
+        params = { secret_key: key, content: content }
+        uri.query = URI.encode_www_form(params)
+
+        res = Net::HTTP.get_response(uri)
+        if res.is_a?(Net::HTTPSuccess)
+          result = res.body.to_json
+          if result["warnings"]
+            Rails.logger.info result["warnings"]
+          end
+          if result["result"]
+            return 1
+          else
+            return 0
+          end
+        end
+      end
+    end
+  end
+end

data/lib/antispam/tools.rb

@@ -1,6 +1,7 @@
 module Antispam
   module Tools
-    # before_action :check_ip_against_database
+    # Checks spam against an IP database of spammers.
+    # Usage: before_action :check_ip_against_database
     def check_ip_against_database(options = {ip_blacklists: {default: ''}})
       if (options[:methods])
         return if request.get? unless options[:methods].include?(:get)
@@ -28,20 +29,19 @@ module Antispam
       end
       Rails.logger.info "Completed IP database check. #{ip}" if options[:verbose]
     end
+    # Checks the specific blacklists
     def check_ip_against_blacklists(ip, lists, verbose)
+      results = []
       lists.each do |provider_name, provider_api_key|
-        puts "Checking provider: #{provider_name}" if verbose
-        if provider_name == :httpbl
-          result = Antispam::Blacklists::Httpbl.check(ip, provider_api_key, verbose)
-          Rails.logger.info(result) if verbose
-          if (result > 30)
-            Block.create(ip: ip, provider: provider_name, threat: result)
-            redirect_to '/antispam/validate'
-          end
-        end
+        Rails.logger.info "Checking provider: #{provider_name}" if verbose
+        results.append blacklist(provider_name).check(ip, provider_api_key, verbose)
+      end
+      result = Antispam::BlacklistResult.new(results)
+      if result.is_bad?
+        Block.create(ip: ip, provider: lists.keys.first, threat: result)
+        redirect_to '/antispam/validate'
       end
     end
-
     def skip_if_user_whitelisted
       if respond_to? :current_user
         if current_user && current_user.respond_to?(:antispam_whitelisted?)
@@ -49,7 +49,11 @@ module Antispam
         end
       end
     end
-
-
+    def blacklist(provider)
+      class_name = provider.to_s.camelize
+      raise Antispam::NoSuchBlacklistError unless Antispam::Blacklists.const_defined? class_name
+      Antispam::Blacklists.const_get class_name
+    end
   end
+  class NoSuchBlacklistError < StandardError; end
 end

data/lib/antispam/version.rb

@@ -1,3 +1,3 @@
 module Antispam
-  VERSION = '0.1.5'
+  VERSION = '0.2.0'
 end

data/lib/antispam.rb

@@ -1,7 +1,10 @@
 require "antispam/version"
 require "antispam/engine"
 require "antispam/tools"
+require "antispam/checker"
 require "antispam/blacklists/httpbl"
+require "antispam/spamcheckers/defendium"
+require "antispam/results"
 
 module Antispam
   ActiveSupport.on_load(:action_controller) do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: antispam
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.2.0
 platform: ruby
 authors:
 - Ryan Kopf
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-26 00:00:00.000000000 Z
+date: 2023-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 6.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 6.1.0
 - !ruby/object:Gem::Dependency
   name: image_processing
   requirement: !ruby/object:Gem::Requirement
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: net-http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Antispam checks DNS blacklists and helps prevent spam on your site.
 email:
 - antispam@ryankopf.com
@@ -102,7 +116,10 @@ files:
 - db/migrate/20210131165122_add_threat_to_antispam_blocks.rb
 - lib/antispam.rb
 - lib/antispam/blacklists/httpbl.rb
+- lib/antispam/checker.rb
 - lib/antispam/engine.rb
+- lib/antispam/results.rb
+- lib/antispam/spamcheckers/defendium.rb
 - lib/antispam/tools.rb
 - lib/antispam/version.rb
 - lib/tasks/antispam_tasks.rake
@@ -129,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.4.4
 signing_key: 
 specification_version: 4
 summary: A spam prevention gem.