diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-02-03 04:26:30 +0300 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2016-02-03 04:26:30 +0300 |
| commit | 8a85906a74aff295074c79619d491bea9c947e05 (patch) | |
| tree | fc4aa22c44ce08a4bf6b823090e5c499b11ecc4a /lib | |
| parent | fcfafffef5535295e310407a7e3bb4a20ff2fd55 (diff) | |
| parent | dffacbb12c0abd4edf677aed2d9e201b41fd2dae (diff) | |
Merge branch 'support-akismet' into 'master'
Support Akismet spam checking for creation of issues via API
Currently any spam detected by Akismet for non-members via API will
be logged in a separate table in the admin page.
Closes #5612
See merge request !2266
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/issues.rb | 23 | ||||
| -rw-r--r-- | lib/gitlab/akismet_helper.rb | 39 | ||||
| -rw-r--r-- | lib/gitlab/current_settings.rb | 3 |
3 files changed, 63 insertions, 2 deletions
diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 6e7a7672070..252744515da 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -3,6 +3,8 @@ module API class Issues < Grape::API before { authenticate! } + helpers ::Gitlab::AkismetHelper + helpers do def filter_issues_state(issues, state) case state @@ -19,6 +21,17 @@ module API def filter_issues_milestone(issues, milestone) issues.includes(:milestone).where('milestones.title' => milestone) end + + def create_spam_log(project, current_user, attrs) + params = attrs.merge({ + source_ip: env['REMOTE_ADDR'], + user_agent: env['HTTP_USER_AGENT'], + noteable_type: 'Issue', + via_api: true + }) + + ::CreateSpamLogService.new(project, current_user, params).execute + end end resource :issues do @@ -114,7 +127,15 @@ module API render_api_error!({ labels: errors }, 400) end - issue = ::Issues::CreateService.new(user_project, current_user, attrs).execute + project = user_project + text = [attrs[:title], attrs[:description]].reject(&:blank?).join("\n") + + if check_for_spam?(project, current_user) && is_spam?(env, current_user, text) + create_spam_log(project, current_user, attrs) + render_api_error!({ error: 'Spam detected' }, 400) + end + + issue = ::Issues::CreateService.new(project, current_user, attrs).execute if issue.valid? # Find or create labels and attach to issue. Labels are valid because diff --git a/lib/gitlab/akismet_helper.rb b/lib/gitlab/akismet_helper.rb new file mode 100644 index 00000000000..b366c89889e --- /dev/null +++ b/lib/gitlab/akismet_helper.rb @@ -0,0 +1,39 @@ +module Gitlab + module AkismetHelper + def akismet_enabled? + current_application_settings.akismet_enabled + end + + def akismet_client + @akismet_client ||= ::Akismet::Client.new(current_application_settings.akismet_api_key, + Gitlab.config.gitlab.url) + end + + def check_for_spam?(project, user) + akismet_enabled? && !project.team.member?(user) + end + + def is_spam?(environment, user, text) + client = akismet_client + ip_address = environment['REMOTE_ADDR'] + user_agent = environment['HTTP_USER_AGENT'] + + params = { + type: 'comment', + text: text, + created_at: DateTime.now, + author: user.name, + author_email: user.email, + referrer: environment['HTTP_REFERER'], + } + + begin + is_spam, is_blatant = client.check(ip_address, user_agent, params) + is_spam || is_blatant + rescue => e + Rails.logger.error("Unable to connect to Akismet: #{e}, skipping check") + false + end + end + end +end diff --git a/lib/gitlab/current_settings.rb b/lib/gitlab/current_settings.rb index a6b2f14521c..8531c7e87e1 100644 --- a/lib/gitlab/current_settings.rb +++ b/lib/gitlab/current_settings.rb @@ -34,7 +34,8 @@ module Gitlab shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'], max_artifacts_size: Settings.artifacts['max_size'], require_two_factor_authentication: false, - two_factor_grace_period: 48 + two_factor_grace_period: 48, + akismet_enabled: false ) end |