Welcome to mirror list, hosted at ThFree Co, Russian Federation.

spam_protection.rb « mutations « concerns « mutations « graphql « app - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/graphql/mutations/concerns/mutations/spam_protection.rb
blob: d765da23a4b2537bc3fb53e6d6f532a9d86f821e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# frozen_string_literal: true

module Mutations
  # This concern can be mixed into a mutation to provide support for spam checking,
  # and optionally support the workflow to allow clients to display and solve CAPTCHAs.
  module SpamProtection
    extend ActiveSupport::Concern
    include Spam::Concerns::HasSpamActionResponseFields

    SpamActionError = Class.new(GraphQL::ExecutionError)
    NeedsCaptchaResponseError = Class.new(SpamActionError)
    SpamDisallowedError = Class.new(SpamActionError)

    NEEDS_CAPTCHA_RESPONSE_MESSAGE = "Request denied. Solve CAPTCHA challenge and retry"
    SPAM_DISALLOWED_MESSAGE = "Request denied. Spam detected"

    private

    # additional_spam_params    -> hash
    #
    # Used from a spammable mutation's #resolve method to generate
    # the required additional spam/CAPTCHA params which must be merged into the params
    # passed to the constructor of a service, where they can then be used in the service
    # to perform spam checking via SpamActionService.
    #
    # Also accesses the #context of the mutation's Resolver superclass to obtain the request.
    #
    # Example:
    #
    # existing_args.merge!(additional_spam_params)
    def additional_spam_params
      {
        api: true,
        request: context[:request]
      }
    end

    def spam_action_response(object)
      fields = spam_action_response_fields(object)

      # If the SpamActionService detected something as spam,
      # this is non-recoverable and the needs_captcha_response
      # should not be considered
      kind = if fields[:spam]
               :spam
             elsif fields[:needs_captcha_response]
               :needs_captcha_response
             end

      [kind, fields]
    end

    def check_spam_action_response!(object)
      kind, fields = spam_action_response(object)

      case kind
      when :needs_captcha_response
        fields.delete :spam
        raise NeedsCaptchaResponseError.new(NEEDS_CAPTCHA_RESPONSE_MESSAGE, extensions: fields)
      when :spam
        raise SpamDisallowedError.new(SPAM_DISALLOWED_MESSAGE, extensions: { spam: true })
      else
        nil
      end
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 03:49:04 +0300