diff --git a/pkg/controller/account/settings.go b/pkg/controller/account/settings.go index da882a3..da20479 100644 --- a/pkg/controller/account/settings.go +++ b/pkg/controller/account/settings.go @@ -17,6 +17,7 @@ import ( "code.nonshy.com/nonshy/website/pkg/models" "code.nonshy.com/nonshy/website/pkg/redis" "code.nonshy.com/nonshy/website/pkg/session" + "code.nonshy.com/nonshy/website/pkg/spam" "code.nonshy.com/nonshy/website/pkg/templates" "code.nonshy.com/nonshy/website/pkg/utility" "code.nonshy.com/nonshy/website/pkg/worker" @@ -114,7 +115,15 @@ func Settings() http.HandlerFunc { // Set profile attributes. for _, attr := range config.ProfileFields { - user.SetProfileField(attr, r.PostFormValue(attr)) + var value = strings.TrimSpace(r.PostFormValue(attr)) + + // Look for spammy links to restricted video sites or things. + if err := spam.DetectSpamMessage(value); err != nil { + session.FlashError(w, r, "On field '%s': %s", attr, err.Error()) + continue + } + + user.SetProfileField(attr, value) } // "Looking For" checkbox list. diff --git a/pkg/controller/forum/new_post.go b/pkg/controller/forum/new_post.go index a42c42f..9eab5d1 100644 --- a/pkg/controller/forum/new_post.go +++ b/pkg/controller/forum/new_post.go @@ -15,6 +15,7 @@ import ( "code.nonshy.com/nonshy/website/pkg/models" "code.nonshy.com/nonshy/website/pkg/photo" "code.nonshy.com/nonshy/website/pkg/session" + "code.nonshy.com/nonshy/website/pkg/spam" "code.nonshy.com/nonshy/website/pkg/templates" ) @@ -183,6 +184,19 @@ func NewPost() http.HandlerFunc { // Submitting the form. if r.Method == http.MethodPost { + // Look for spammy links to video sites or things. + if err := spam.DetectSpamMessage(title + message); err != nil { + session.FlashError(w, r, err.Error()) + if thread != nil { + templates.Redirect(w, fmt.Sprintf("/forum/thread/%d", thread.ID)) + } else if forum != nil { + templates.Redirect(w, fmt.Sprintf("/f/%s", forum.Fragment)) + } else { + templates.Redirect(w, "/forum") + } + return + } + // Polls: parse form parameters into a neat list of answers. pollExpires, _ = strconv.Atoi(r.FormValue("poll_expires")) var distinctPollChoices = map[string]interface{}{} diff --git a/pkg/spam/spam.go b/pkg/spam/spam.go new file mode 100644 index 0000000..3ac48a2 --- /dev/null +++ b/pkg/spam/spam.go @@ -0,0 +1,32 @@ +package spam + +import ( + "errors" + "strings" +) + +// SpamWebsites to third-party video hosting apps: we already have our own chat room, and third-party links shared in +// public places can pose a risk to user privacy/safety. +var SpamWebsites = []string{ + "join.skype.com", + "zoom.us", + "whereby.com", + "meet.jit.si", + "https://t.me", +} + +// DetectSpamMessage searches a message (such as a comment, forum post, etc.) for spammy contents such as Skype invite links +// and returns an error if found. +func DetectSpamMessage(message string) error { + for _, link := range SpamWebsites { + if strings.Contains(message, link) { + return errors.New( + "Your message could not be posted because it contains a link to a third-party video chat website. " + + "In the interest of protecting our community, we do not allow linking to third-party video conferencing apps where user " + + "privacy and security may not hold up to our standards, or where the content may run against our terms of service.", + ) + } + } + + return nil +} diff --git a/web/templates/account/dashboard.html b/web/templates/account/dashboard.html index 603f32f..7d10f0e 100644 --- a/web/templates/account/dashboard.html +++ b/web/templates/account/dashboard.html @@ -648,6 +648,7 @@ {{if HasSuffix $Body.Photo.Filename ".mp4"}}