antispam 0.1.7 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 636c6cfd1e3a5c84182eaa1e19966e553a2098c4f3a01a049cdbe4613165a52e
-  data.tar.gz: 8a53d23ef78da214962bd81411a97a720d5eba3a15817d3f7ccd5bfac81719ec
+  metadata.gz: 926be70eedd3e1ed1cd3d2de620fb76f600b9c0fc1dd9655616fec74dd266a1b
+  data.tar.gz: eb9f451155c5b396b65b4cb83ce8d712acf1505f3d324efa97f0066a13dcb995
 SHA512:
-  metadata.gz: b4d6e23e0432af6b62b7cd9e469c2393a9e4f4513b13d93d282e6841062bd706d70fa44dd6bed0d79658da80ff52827ee8ba9d63baa0a84df2112a7fd313b3dd
-  data.tar.gz: 9ca4921062395565e50fa29daf9d56bd3e691b5a675fb34bc4d6ec5e1378da1f3be5b19bdc73294be7fcb55b8e3d766819c140ef45b602d8904818eccf10f187
+  metadata.gz: 51acf3def424da9283b592a5384a771c3270e1ad87a22620e81f1a7b42201b92f687c4ded7640e44e08e1acd7b42af8808a08c3ea935e79bbe2091446286be05
+  data.tar.gz: 257836862a2566429f0baf6d606fe8c492fefedf3702651c44bf7987de51b285c99fd4a5efdc7fa37b1d100236800a682feb6c934ae30573d2a1ab5eda7363a9

data/MIT-LICENSE

@@ -1,20 +1,20 @@
-Copyright 2021 
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+Copyright 2021 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,113 +1,129 @@
-# Antispam
-The antispam gem helps prevent spam in your Rails applications by
-providing tools that check spam against powerful spam-prevention
-databases, accessible for free.
-
-The first feature checks against an IP database of spam, allowing you
-to stop spammers who are prolific and have been detected on other websites.
-It uses the blazing fast Defendium API to quickly determine if submitted
-content is spam or not.
-
-The second feature allows you to submit user-provided content to a spam
-checking service that uses machine learning and a database of content to
-determine whether the user's submitted content is spam.
-
-## Spam Content Checking - Usage
-
-```
-result = Antispam::Checker.check(content: @comment.body)
-if result.is_spam?
-  @comment.save
-else
-  redirect_to "/access_denied"
-end
-```
-
-## Bad IP Checking - Usage
-
-The gem is used by adding this to your ApplicationController.rb
-
-```
-before_action do
-  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, verbose: true)
-end
-```
-
-Codes are from the [httpbl](https://www.projecthoneypot.org/httpbl.php) at projecthoneypot.org
-
-Once the filter is setup, everything else is handled for your application.
-By default the gem will run during any request that is not a GET request.
-
-You can change the filter to run during other requests.
-
-```
-before_action do
-  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, methods: [:get,:post,:put,:patch,:delete])
-end
-```
-
-Blacklist database lookups are cached for 24 hours, and cached results won't need
-to slowdown your app by additional http requests on the backend.
-
-The gem needs to create some database tables to function; these store the cached
-blacklist database lookups, and any actions caused by the gem.
-
-You need to add this to your routes.rb
-```
-  mount Antispam::Engine => "/antispam"
-```
-You can see what IP addresses have been blocked by going to /antispam/blocks
-but your ApplicationController.rb must respond to ```is_admin?``` function.
-
-
-## Installation
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'antispam'
-```
-
-And then execute:
-```bash
-$ bundle
-```
-
-Or install it yourself as:
-```bash
-$ gem install antispam
-$ rails antispam:install:migrations
-$ rails db:migrate SCOPE=antispam
-```
-The gem depends on image_processing, which depends on vips. We are using vips to
-generate captcha images.
-```
-sudo apt install libvips-tools
-```
-
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
-
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at https://github.com/ryankopf/antispam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/antispam/blob/master/CODE_OF_CONDUCT.md).
-
-## License
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
-
-## Code of Conduct
-
-Everyone interacting in the Antispam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ryankopf/antispam/blob/master/CODE_OF_CONDUCT.md).
-
-## NO WARRANTY
-
-THE SUBJECT SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND,
-EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO,
-ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL CONFORM TO SPECIFICATIONS,
-ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
-OR FREEDOM FROM INFRINGEMENT, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL BE
-ERROR FREE, OR ANY WARRANTY THAT DOCUMENTATION, IF PROVIDED, WILL CONFORM TO
-THE SUBJECT SOFTWARE. THIS SOFTWARE IS PROVIDED "AS IS." IF YOUR JURISDICTION
-DOES NOT ALLOW THESE LIMITATIONS THEN YOU MAY NOT USE THE SOFTWARE.
+# Antispam
+The antispam gem helps prevent spam in your Rails applications by
+providing tools that check spam against powerful spam-prevention
+databases, accessible for free.
+
+The first feature checks against an IP database of spam, allowing you
+to stop spammers who are prolific and have been detected on other websites.
+It relies on the lightning-quick httpbl from Project Honey Pot.
+
+The second feature allows you to submit user-provided content to a spam
+checking service that uses machine learning and a database of content to
+determine whether the user's submitted content is spam. It uses the blazing
+fast Defendium API I created to quickly determine if submitted content is
+spam or not. Defendium's [pricing](https://defendium.com/pricing) is free
+for up to 1,000 API calls per day, which should be sufficient for 99% of users.
+
+The two features are optional, and you can use either one without the other.
+
+## Spam Content Checking - Usage
+
+```
+result = Antispam::Checker.check(content: @comment.body)
+if result.is_spam?
+  redirect_to "/access_denied"
+else
+  @comment.save
+end
+```
+
+## Bad IP Checking - Usage
+
+The gem is used by adding this to your ApplicationController.rb
+
+```
+before_action do
+  check_ip_against_database(ip_blacklists: {default: 'your_api_key_here'}, verbose: true)
+end
+```
+
+API Keys can be obtained by visiting the [httpbl](https://www.projecthoneypot.org/httpbl.php)
+at projecthoneypot.org
+
+Once the filter is setup, everything else is handled for your application.
+By default the gem will run during any request that is not a GET request.
+
+When a POST/PATCH/ETC (non-GET) request comes in, the IP blacklist is checked
+to see if the poster is on a spam blacklist. If the poster is on the blacklist
+then the request is automatically blocked and redirected to a captcha page. A
+real user can then enter the captcha to bypass the block. In the future other
+captcha options may be supported, such as mechanical (hashing) captcha and
+other types of invisible captcha.
+
+Eventually configurable settings may be in place to give other options when
+a spammy IP is detected, but the current defaults are set to only block spam
+in cases where the blacklist is quite certain the IP is only doing spam.
+
+You can change the filter to run during other requests.
+
+```
+before_action do
+  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, methods: [:get,:post,:put,:patch,:delete])
+end
+```
+
+Blacklist database lookups are cached for 24 hours, and cached results won't need
+to slowdown your app by additional http requests on the backend.
+
+The gem needs to create some database tables to function; these store the cached
+blacklist database lookups, and any actions caused by the gem.
+
+You need to add this to your routes.rb
+```
+  mount Antispam::Engine => "/antispam"
+```
+You can see what IP addresses have been blocked by going to /antispam/blocks
+but your ApplicationController.rb must respond to ```is_admin?``` function.
+
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'antispam'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install antispam
+$ rails antispam:install:migrations
+$ rails db:migrate SCOPE=antispam
+```
+The gem depends on image_processing, which depends on vips. We are using vips to
+generate captcha images.
+```
+sudo apt install libvips-tools
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ryankopf/antispam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/antispam/blob/master/CODE_OF_CONDUCT.md).
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Antispam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ryankopf/antispam/blob/master/CODE_OF_CONDUCT.md).
+
+## NO WARRANTY
+
+THE SUBJECT SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND,
+EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO,
+ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL CONFORM TO SPECIFICATIONS,
+ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+OR FREEDOM FROM INFRINGEMENT, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL BE
+ERROR FREE, OR ANY WARRANTY THAT DOCUMENTATION, IF PROVIDED, WILL CONFORM TO
+THE SUBJECT SOFTWARE. THIS SOFTWARE IS PROVIDED "AS IS." IF YOUR JURISDICTION
+DOES NOT ALLOW THESE LIMITATIONS THEN YOU MAY NOT USE THE SOFTWARE.

data/Rakefile

@@ -1,18 +1,18 @@
-require "bundler/setup"
-
-APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
-load "rails/tasks/engine.rake"
-
-load "rails/tasks/statistics.rake"
-
-require "bundler/gem_tasks"
-
-require "rake/testtask"
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = false
-end
-
-task default: :test
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"
+
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/antispam_manifest.js

@@ -1 +1 @@
-//= link_directory ../stylesheets/antispam .css
+//= link_directory ../stylesheets/antispam .css

data/app/assets/stylesheets/antispam/application.css

@@ -1,15 +1,15 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
- */
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/assets/stylesheets/antispam/blocks.css

@@ -1,4 +1,4 @@
-/*
-  Place all the styles related to the matching controller here.
-  They will automatically be included in application.css.
-*/
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/antispam/challenges.css

@@ -1,4 +1,4 @@
-/*
-  Place all the styles related to the matching controller here.
-  They will automatically be included in application.css.
-*/
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/antispam/clears.css

@@ -1,4 +1,4 @@
-/*
-  Place all the styles related to the matching controller here.
-  They will automatically be included in application.css.
-*/
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/scaffold.css

@@ -1,80 +1,80 @@
-body {
-  background-color: #fff;
-  color: #333;
-  margin: 33px;
-}
-
-body, p, ol, ul, td {
-  font-family: verdana, arial, helvetica, sans-serif;
-  font-size: 13px;
-  line-height: 18px;
-}
-
-pre {
-  background-color: #eee;
-  padding: 10px;
-  font-size: 11px;
-}
-
-a {
-  color: #000;
-}
-
-a:visited {
-  color: #666;
-}
-
-a:hover {
-  color: #fff;
-  background-color: #000;
-}
-
-th {
-  padding-bottom: 5px;
-}
-
-td {
-  padding: 0 5px 7px;
-}
-
-div.field,
-div.actions {
-  margin-bottom: 10px;
-}
-
-#notice {
-  color: green;
-}
-
-.field_with_errors {
-  padding: 2px;
-  background-color: red;
-  display: table;
-}
-
-#error_explanation {
-  width: 450px;
-  border: 2px solid red;
-  padding: 7px 7px 0;
-  margin-bottom: 20px;
-  background-color: #f0f0f0;
-}
-
-#error_explanation h2 {
-  text-align: left;
-  font-weight: bold;
-  padding: 5px 5px 5px 15px;
-  font-size: 12px;
-  margin: -7px -7px 0;
-  background-color: #c00;
-  color: #fff;
-}
-
-#error_explanation ul li {
-  font-size: 12px;
-  list-style: square;
-}
-
-label {
-  display: block;
-}
+body {
+  background-color: #fff;
+  color: #333;
+  margin: 33px;
+}
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a {
+  color: #000;
+}
+
+a:visited {
+  color: #666;
+}
+
+a:hover {
+  color: #fff;
+  background-color: #000;
+}
+
+th {
+  padding-bottom: 5px;
+}
+
+td {
+  padding: 0 5px 7px;
+}
+
+div.field,
+div.actions {
+  margin-bottom: 10px;
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px 7px 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px -7px 0;
+  background-color: #c00;
+  color: #fff;
+}
+
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}
+
+label {
+  display: block;
+}

data/app/controllers/antispam/application_controller.rb

@@ -1,11 +1,11 @@
-module Antispam
-  class ApplicationController < ::ApplicationController
-    def must_be_admin
-      begin
-        render plain: 'Not available.' unless is_admin?
-      rescue
-        render plain: 'Not available.'
-      end
-    end
-  end
-end
+module Antispam
+  class ApplicationController < ::ApplicationController
+    def must_be_admin
+      begin
+        render plain: 'Not available.' unless is_admin?
+      rescue
+        render plain: 'Not available.'
+      end
+    end
+  end
+end

data/app/controllers/antispam/blocks_controller.rb

@@ -1,28 +1,28 @@
-require_dependency "antispam/application_controller"
-
-module Antispam
-  class BlocksController < ApplicationController
-    before_action :must_be_admin
-    before_action :set_block, only: [:show]
-
-    # GET /blocks
-    def index
-      @blocks = Block.all
-    end
-
-    # GET /blocks/1
-    def show
-    end
-
-    private
-      # Use callbacks to share common setup or constraints between actions.
-      def set_block
-        @block = Block.find(params[:id])
-      end
-
-      # Only allow a list of trusted parameters through.
-      def block_params
-        params.require(:block).permit(:ip, :provider, :controllername, :actionname)
-      end
-  end
-end
+require_dependency "antispam/application_controller"
+
+module Antispam
+  class BlocksController < ApplicationController
+    before_action :must_be_admin
+    before_action :set_block, only: [:show]
+
+    # GET /blocks
+    def index
+      @blocks = Block.all
+    end
+
+    # GET /blocks/1
+    def show
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_block
+        @block = Block.find(params[:id])
+      end
+
+      # Only allow a list of trusted parameters through.
+      def block_params
+        params.require(:block).permit(:ip, :provider, :controllername, :actionname)
+      end
+  end
+end