jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dmails: add dmail sending rate limits.

Browse Source 
Don't allow regular users to send dmails to more than 10 different
users in one hour. This is an anti-spam measure.
This commit is contained in:
evazion
2020-08-28 12:36:42 -05:00
parent 5baeb3eecc
commit 7bc7001b12
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/models/dmail.rb
View File

@@ -1,6 +1,7 @@
require 'digest/sha1'
class Dmail < ApplicationRecord
validate :validate_sender_is_not_limited, on: :create
validates_presence_of :title, :body, on: :create
belongs_to :owner, :class_name => "User"
@@ -153,6 +154,14 @@ class Dmail < ApplicationRecord
owner == to
end
def validate_sender_is_not_limited
return if from.is_gold?
if from.dmails.where("created_at > ?", 1.hour.ago).group(:to).reorder(nil).count.size >= 10
errors[:base] << "You can't send dmails to more than 10 users per hour"
end
end
def autoreport_spam
if is_recipient? && SpamDetector.new(self).spam?
self.is_deleted = true

17
test/unit/dmail_test.rb
View File

@@ -69,7 +69,7 @@ class DmailTest < ActiveSupport::TestCase
should "create a copy for each user" do
@new_user = FactoryBot.create(:user)
assert_difference("Dmail.count", 2) do
Dmail.create_split(from: CurrentUser.user, creator_ip_addr: "127.0.0.1", to_id: @new_user.id, title: "foo", body: "foo")
Dmail.create_split(from: CurrentUser.user, creator_ip_addr: "127.0.0.1", to: @new_user, title: "foo", body: "foo")
end
end
@@ -104,6 +104,21 @@ class DmailTest < ActiveSupport::TestCase
end
end
context "sending a dmail" do
should "fail if the user has sent too many dmails recently" do
10.times do
Dmail.create_split(from: @user, to: create(:user), title: "blah", body: "blah", creator_ip_addr: "127.0.0.1")
end
assert_no_difference("Dmail.count") do
@dmail = Dmail.create_split(from: @user, to: create(:user), title: "blah", body: "blah", creator_ip_addr: "127.0.0.1")
assert_equal(false, @dmail.valid?)
assert_equal(["You can't send dmails to more than 10 users per hour"], @dmail.errors[:base])
end
end
end
context "destroying a dmail" do
setup do
@recipient = create(:user)