UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-11-29 17:53:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update ProfileController, require login to view spam accounts, and disable profile embeds for spam accounts

Browse source
This commit is contained in:
Daniel Supernault 2023-05-19 03:41:01 -06:00
parent c167af43a4
commit dd2f5bb96a
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
1 changed files with 44 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
app/Http/Controllers/ProfileController.php
View file

@ -7,6 +7,7 @@ use Auth;
use Cache; use Cache;
use DB; use DB;
use View; use View;
use App\AccountInterstitial;
use App\Follower; use App\Follower;
use App\FollowRequest; use App\FollowRequest;
use App\Profile; use App\Profile;
@ -42,9 +43,22 @@ class ProfileController extends Controller
->whereUsername($username) ->whereUsername($username)
->firstOrFail(); ->firstOrFail();
if($request->wantsJson() && config_cache('federation.activitypub.enabled')) { if($request->wantsJson() && config_cache('federation.activitypub.enabled')) {
return $this->showActivityPub($request, $user); return $this->showActivityPub($request, $user);
} }
$aiCheck = Cache::remember('profile:ai-check:spam-login:' . $user->id, 86400, function() use($user) {
$exists = AccountInterstitial::whereUserId($user->user_id)->where('is_spam', 1)->count();
if($exists) {
return true;
}
return false;
});
if($aiCheck) {
return redirect('/login');
}
return $this->buildProfile($request, $user); return $this->buildProfile($request, $user);
} }
@ -207,7 +221,22 @@ class ProfileController extends Controller
abort_if(!$profile || $profile['locked'] || !$profile['local'], 404); abort_if(!$profile || $profile['locked'] || !$profile['local'], 404);
$data = Cache::remember('pf:atom:user-feed:by-id:' . $profile['id'], 43200, function() use($pid, $profile) { $aiCheck = Cache::remember('profile:ai-check:spam-login:' . $profile['id'], 86400, function() use($profile) {
$uid = User::whereProfileId($profile['id'])->first();
if(!$uid) {
return true;
}
$exists = AccountInterstitial::whereUserId($uid->id)->where('is_spam', 1)->count();
if($exists) {
return true;
}
return false;
});
abort_if($aiCheck, 404);
$data = Cache::remember('pf:atom:user-feed:by-id:' . $profile['id'], 900, function() use($pid, $profile) {
$items = DB::table('statuses') $items = DB::table('statuses')
->whereProfileId($pid) ->whereProfileId($pid)
->whereVisibility('public') ->whereVisibility('public')
@ -234,7 +263,7 @@ class ProfileController extends Controller
return compact('items', 'permalink', 'headers'); return compact('items', 'permalink', 'headers');
}); });
abort_if(!$data, 404); abort_if(!$data || !isset($data['items']) || !isset($data['permalink']), 404);
return response() return response()
->view('atom.user', ->view('atom.user',
[ [
@ -274,6 +303,19 @@ class ProfileController extends Controller
return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']); return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
} }
$aiCheck = Cache::remember('profile:ai-check:spam-login:' . $profile->id, 86400, function() use($profile) {
$exists = AccountInterstitial::whereUserId($profile->user_id)->where('is_spam', 1)->count();
if($exists) {
return true;
}
return false;
});
if($aiCheck) {
return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
}
if(AccountService::canEmbed($profile->user_id) == false) { if(AccountService::canEmbed($profile->user_id) == false) {
return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']); return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
} }