diff options
Diffstat (limited to 'app/models/abuse_report.rb')
-rw-r--r-- | app/models/abuse_report.rb | 135 |
1 files changed, 119 insertions, 16 deletions
diff --git a/app/models/abuse_report.rb b/app/models/abuse_report.rb index dbcdfa5e946..55b1aff51da 100644 --- a/app/models/abuse_report.rb +++ b/app/models/abuse_report.rb @@ -3,14 +3,20 @@ class AbuseReport < ApplicationRecord include CacheMarkdownField include Sortable + include Gitlab::FileTypeDetection + include WithUploads + include Gitlab::Utils::StrongMemoize MAX_CHAR_LIMIT_URL = 512 + MAX_FILE_SIZE = 1.megabyte cache_markdown_field :message, pipeline: :single_line belongs_to :reporter, class_name: 'User' belongs_to :user + has_many :events, class_name: 'ResourceEvents::AbuseReportEvent', inverse_of: :abuse_report + validates :reporter, presence: true validates :user, presence: true validates :message, presence: true @@ -24,25 +30,31 @@ class AbuseReport < ApplicationRecord } validates :reported_from_url, - allow_blank: true, - length: { maximum: MAX_CHAR_LIMIT_URL }, - addressable_url: { - dns_rebind_protection: true, - blocked_message: 'is an invalid URL. You can try reporting the abuse again, ' \ - 'or contact a GitLab administrator for help.' - } + allow_blank: true, + length: { maximum: MAX_CHAR_LIMIT_URL }, + addressable_url: { + dns_rebind_protection: true, + blocked_message: 'is an invalid URL. You can try reporting the abuse again, ' \ + 'or contact a GitLab administrator for help.' + } validates :links_to_spam, - allow_blank: true, - length: { - maximum: 20, - message: N_("exceeds the limit of %{count} links") - } + allow_blank: true, + length: { + maximum: 20, + message: N_("exceeds the limit of %{count} links") + } before_validation :filter_empty_strings_from_links_to_spam validate :links_to_spam_contains_valid_urls - scope :by_user, ->(user) { where(user_id: user) } + mount_uploader :screenshot, AttachmentUploader + validates :screenshot, file_size: { maximum: MAX_FILE_SIZE } + validate :validate_screenshot_is_image + + scope :by_user_id, ->(id) { where(user_id: id) } + scope :by_reporter_id, ->(id) { where(reporter_id: id) } + scope :by_category, ->(category) { where(category: category) } scope :with_users, -> { includes(:reporter, :user) } enum category: { @@ -56,6 +68,11 @@ class AbuseReport < ApplicationRecord other: 8 } + enum status: { + open: 1, + closed: 2 + } + # For CacheMarkdownField alias_method :author, :reporter @@ -63,6 +80,12 @@ class AbuseReport < ApplicationRecord reported_from_url: "Reported from" }.freeze + CONTROLLER_TO_REPORT_TYPE = { + 'users' => :profile, + 'projects/issues' => :issue, + 'projects/merge_requests' => :merge_request + }.freeze + def self.human_attribute_name(attr, options = {}) HUMANIZED_ATTRIBUTES[attr.to_sym] || super end @@ -77,8 +100,66 @@ class AbuseReport < ApplicationRecord AbuseReportMailer.notify(id).deliver_later end + def screenshot_path + return unless screenshot + return screenshot.url unless screenshot.upload + + asset_host = ActionController::Base.asset_host || Gitlab.config.gitlab.base_url + local_path = Gitlab::Routing.url_helpers.abuse_report_upload_path( + filename: screenshot.filename, + id: screenshot.upload.model_id, + model: 'abuse_report', + mounted_as: 'screenshot') + + Gitlab::Utils.append_path(asset_host, local_path) + end + + def report_type + type = CONTROLLER_TO_REPORT_TYPE[route_hash[:controller]] + type = :comment if type.in?([:issue, :merge_request]) && note_id_from_url.present? + + type + end + + def reported_content + case report_type + when :issue + project.issues.iid_in(route_hash[:id]).pick(:description_html) + when :merge_request + project.merge_requests.iid_in(route_hash[:id]).pick(:description_html) + when :comment + project.notes.id_in(note_id_from_url).pick(:note_html) + end + end + + def other_reports_for_user + user.abuse_reports.id_not_in(id) + end + private + def project + Project.find_by_full_path(route_hash.values_at(:namespace_id, :project_id).join('/')) + end + + def route_hash + match = Rails.application.routes.recognize_path(reported_from_url) + return {} if match[:unmatched_route].present? + + match + rescue ActionController::RoutingError + {} + end + strong_memoize_attr :route_hash + + def note_id_from_url + fragment = URI(reported_from_url).fragment + Gitlab::UntrustedRegexp.new('^note_(\d+)$').match(fragment).to_a.second if fragment + rescue URI::InvalidURIError + nil + end + strong_memoize_attr :note_id_from_url + def filter_empty_strings_from_links_to_spam return if links_to_spam.blank? @@ -91,9 +172,9 @@ class AbuseReport < ApplicationRecord links_to_spam.each do |link| Gitlab::UrlBlocker.validate!( link, - schemes: %w[http https], - allow_localhost: true, - dns_rebind_protection: true + schemes: %w[http https], + allow_localhost: true, + dns_rebind_protection: true ) next unless link.length > MAX_CHAR_LIMIT_URL @@ -106,4 +187,26 @@ class AbuseReport < ApplicationRecord rescue ::Gitlab::UrlBlocker::BlockedUrlError errors.add(:links_to_spam, _('only supports valid HTTP(S) URLs')) end + + def filename + screenshot&.filename + end + + def valid_image_extensions + Gitlab::FileTypeDetection::SAFE_IMAGE_EXT + end + + def validate_screenshot_is_image + return if screenshot.blank? + return if image? + + errors.add( + :screenshot, + format( + _('must match one of the following file types: %{extension_list}'), + extension_list: valid_image_extensions.to_sentence(last_word_connector: ' or ')) + ) + end end + +AbuseReport.prepend_mod |