dmails: add dmail sending rate limits.

Don't allow regular users to send dmails to more than 10 different users in one hour. This is an anti-spam measure.
2020-08-28 12:36:42 -05:00
parent 5baeb3eecc
commit 7bc7001b12
2 changed files with 25 additions and 1 deletions
--- a/app/models/dmail.rb
+++ b/app/models/dmail.rb
@@ -1,6 +1,7 @@
 require 'digest/sha1'

 class Dmail < ApplicationRecord
+  validate :validate_sender_is_not_limited, on: :create
  validates_presence_of :title, :body, on: :create

  belongs_to :owner, :class_name => "User"
@@ -153,6 +154,14 @@ class Dmail < ApplicationRecord
    owner == to
  end

+  def validate_sender_is_not_limited
+    return if from.is_gold?
+
+    if from.dmails.where("created_at > ?", 1.hour.ago).group(:to).reorder(nil).count.size >= 10
+      errors[:base] << "You can't send dmails to more than 10 users per hour"
+    end
+  end
+
  def autoreport_spam
    if is_recipient? && SpamDetector.new(self).spam?
      self.is_deleted = true