antispam 0.1.7 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 636c6cfd1e3a5c84182eaa1e19966e553a2098c4f3a01a049cdbe4613165a52e
-  data.tar.gz: 8a53d23ef78da214962bd81411a97a720d5eba3a15817d3f7ccd5bfac81719ec
+  metadata.gz: f04775ef37b7cf6a564c81bb3f664dbecf7b638fdf95db9beafd5484e5ceb3e5
+  data.tar.gz: bd219f97bc7ff11bf36fe4e98377c0e4b920a93e10f27fa4cae9a170db1d2ab8
 SHA512:
-  metadata.gz: b4d6e23e0432af6b62b7cd9e469c2393a9e4f4513b13d93d282e6841062bd706d70fa44dd6bed0d79658da80ff52827ee8ba9d63baa0a84df2112a7fd313b3dd
-  data.tar.gz: 9ca4921062395565e50fa29daf9d56bd3e691b5a675fb34bc4d6ec5e1378da1f3be5b19bdc73294be7fcb55b8e3d766819c140ef45b602d8904818eccf10f187
+  metadata.gz: 18e2653f47965506ef9673c01eb4bc15f1367c253822e8de402f5d1862020b6b60729ae444d03dccb89cf40583263cdef6845bac656512dbc1fb6499596d58cb
+  data.tar.gz: 5e19607550a09cc727785ae31fd0bc4221944f2a1a14e2573a43ea4c12969124507e3514dff346d1e8658caf380f2190d0118ced16ef049a3da4c11312126707

data/README.md

@@ -5,21 +5,25 @@ databases, accessible for free.
 
 The first feature checks against an IP database of spam, allowing you
 to stop spammers who are prolific and have been detected on other websites.
-It uses the blazing fast Defendium API to quickly determine if submitted
-content is spam or not.
+It relies on the lightning-quick httpbl from Project Honey Pot.
 
 The second feature allows you to submit user-provided content to a spam
 checking service that uses machine learning and a database of content to
-determine whether the user's submitted content is spam.
+determine whether the user's submitted content is spam. It uses the blazing
+fast Defendium API I created to quickly determine if submitted content is
+spam or not. Defendium's [pricing](https://defendium.com/pricing) is free
+for up to 1,000 API calls per day, which should be sufficient for 99% of users.
+
+The two features are optional, and you can use either one without the other.
 
 ## Spam Content Checking - Usage
 
 ```
 result = Antispam::Checker.check(content: @comment.body)
 if result.is_spam?
-  @comment.save
-else
   redirect_to "/access_denied"
+else
+  @comment.save
 end
 ```
 
@@ -38,6 +42,17 @@ Codes are from the [httpbl](https://www.projecthoneypot.org/httpbl.php) at proje
 Once the filter is setup, everything else is handled for your application.
 By default the gem will run during any request that is not a GET request.
 
+When a POST/PATCH/ETC (non-GET) request comes in, the IP blacklist is checked
+to see if the poster is on a spam blacklist. If the poster is on the blacklist
+then the request is automatically blocked and redirected to a captcha page. A
+real user can then enter the captcha to bypass the block. In the future other
+captcha options may be supported, such as mechanical (hashing) captcha and
+other types of invisible captcha.
+
+Eventually configurable settings may be in place to give other options when
+a spammy IP is detected, but the current defaults are set to only block spam
+in cases where the blacklist is quite certain the IP is only doing spam.
+
 You can change the filter to run during other requests.
 
 ```

data/lib/antispam/blacklists/httpbl.rb

@@ -2,6 +2,7 @@ require 'resolv'
 module Antispam
   module Blacklists
     class Httpbl
+      # Returns a threat-level number, or 0 if no threat / no result.
       def self.check(ip, key, verbose)
         threat = 0
         begin

data/lib/antispam/checker.rb

@@ -1,20 +1,31 @@
 module Antispam
   module Checker
     # Checks content for spam
-    # check(options, spamcheck_providers)
-    # Usage: check({content: "No spam here"}, {defendium: 'MY_API_KEY'}})
-    def self.check(options = {}, spamcheck_providers = {defendium: 'YOUR_KEY'})
+    # check(options)
+    # Usage: check({content: "No spam here", providers: { defendium: 'MY_API_KEY'}})
+    def self.check(options = {})
+      # Default provider. 'YOUR_KEY' works temporarily, giving a warning but also giving results
+      # eventually add something to tell users to add their own keys
+      # or choose their preferred provider, when more provider options are added.
+      options[:providers] ||= {defendium: 'YOUR_KEY'}
       Rails.logger.info "Content was nil for spamcheck." if options[:content].nil? && options[:verbose]
       return if options[:content].nil?
-      Rails.logger.info "Spamcheckers should be a hash" if (!(options[:spamcheck_providers].is_a? Hash)) && options[:verbose]
+      Rails.logger.info "Spamcheckers should be a hash" if (!(options[:providers].is_a? Hash)) && options[:verbose]
       results = []
-      spamcheck_providers.each do |spamchecker_name, spamchecker_api_key|
-        if spamchecker_name == :defendium
-          results.append Antispam::Spamcheckers::Defendium.check(options[:content], spamchecker_api_key, options[:verbose])
-        end
+      options[:providers].each do |spamchecker_name, spamchecker_api_key|
+        results.append spamchecker(spamchecker_name).check(options[:content], spamchecker_api_key, options[:verbose])
+        # if spamchecker_name == :defendium
+        #   results.append Antispam::Spamcheckers::Defendium.check(options[:content], spamchecker_api_key, options[:verbose])
+        # end
       end
       result = Antispam::SpamcheckResult.new(results)
       return result
     end
+    def self.spamchecker(provider)
+      class_name = provider.to_s.camelize
+      raise Antispam::NoSuchSpamcheckerError unless Antispam::Spamcheckers.const_defined? class_name
+      Antispam::Spamcheckers.const_get class_name
+    end
   end
+  class NoSuchSpamcheckerError < StandardError; end
 end

data/lib/antispam/results.rb

@@ -7,4 +7,12 @@ module Antispam
       @results.select{|x| x > 0}.present?
     end
   end
+  class BlacklistResult
+    def initialize(results)
+      @results = results
+    end
+    def is_bad?
+      @results.select{|x| x > 30}.present?
+    end
+  end
 end

data/lib/antispam/spamcheckers/defendium.rb

@@ -2,6 +2,7 @@
 module Antispam
   module Spamcheckers
     class Defendium
+      # Returns a boolean, 1 for spam, 0 for not spam.
       def self.check(content, key, verbose)
         # nethttp2.rb
         require 'uri'

data/lib/antispam/tools.rb

@@ -31,19 +31,17 @@ module Antispam
     end
     # Checks the specific blacklists
     def check_ip_against_blacklists(ip, lists, verbose)
+      results = []
       lists.each do |provider_name, provider_api_key|
         Rails.logger.info "Checking provider: #{provider_name}" if verbose
-        if provider_name == :httpbl
-          result = Antispam::Blacklists::Httpbl.check(ip, provider_api_key, verbose)
-          Rails.logger.info(result) if verbose
-          if (result > 30)
-            Block.create(ip: ip, provider: provider_name, threat: result)
-            redirect_to '/antispam/validate'
-          end
-        end
+        results.append blacklist(provider_name).check(ip, provider_api_key, verbose)
+      end
+      result = Antispam::BlacklistResult.new(results)
+      if result.is_bad?
+        Block.create(ip: ip, provider: lists.keys.first, threat: result)
+        redirect_to '/antispam/validate'
       end
     end
-
     def skip_if_user_whitelisted
       if respond_to? :current_user
         if current_user && current_user.respond_to?(:antispam_whitelisted?)
@@ -51,7 +49,11 @@ module Antispam
         end
       end
     end
-
-
+    def blacklist(provider)
+      class_name = provider.to_s.camelize
+      raise Antispam::NoSuchBlacklistError unless Antispam::Blacklists.const_defined? class_name
+      Antispam::Blacklists.const_get class_name
+    end
   end
+  class NoSuchBlacklistError < StandardError; end
 end

data/lib/antispam/version.rb

@@ -1,3 +1,3 @@
 module Antispam
-  VERSION = '0.1.7'
+  VERSION = '0.2.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: antispam
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.2.0
 platform: ruby
 authors:
 - Ryan Kopf