Warn recipient in DMs about possible scams

pkg/config/enum.go

@@ -1,5 +1,7 @@
 package config
 
+import "regexp"
+
 // Various hard-coded enums such as choice of gender, sexuality, relationship status etc.
 var (
 	MaritalStatus = []string{
@@ -105,6 +107,12 @@ var (
 		"Photo Boards",
 		"Anything Goes",
 	}
+
+	// Keywords that appear in a DM that make it likely spam.
+	DirectMessageSpamKeywords = []*regexp.Regexp{
+		regexp.MustCompile(`\b(telegram|whats\s*app|signal|kik|session)\b`),
+		regexp.MustCompile(`https?://(t.me|join.skype.com|zoom.us|whereby.com|meet.jit.si|wa.me)`),
+	}
 )
 
 // ContactUs choices for the subject drop-down.

pkg/models/message.go

@@ -3,6 +3,8 @@ package models
 import (
 	"strings"
 	"time"
+
+	"code.nonshy.com/nonshy/website/pkg/config"
 )
 
 // Message table.
@@ -227,6 +229,19 @@ func SendMessage(sourceUserID, targetUserID uint64, message string) (*Message, e
 	return m, result.Error
 }
 
+// IsLikelySpam checks if a DM message is likely to be spam so that the front-end can warn the recipient.
+//
+// This happens e.g. when the sender asks to switch to Telegram or WhatsApp.
+func (m *Message) IsLikelySpam() bool {
+	body := strings.ToLower(m.Message)
+	for _, re := range config.DirectMessageSpamKeywords {
+		if idx := re.FindStringIndex(body); len(idx) > 0 {
+			return true
+		}
+	}
+	return false
+}
+
 // Save message.
 func (m *Message) Save() error {
 	result := DB.Save(m)

web/templates/inbox/inbox.html

@@ -118,6 +118,38 @@
 
                         <div class="block content">
                             {{ToMarkdown .Message}}
+
+                            <!-- Warn the recipient (only) if this message looks like spam. -->
+                            {{if and (ne .SourceUserID $Root.CurrentUser.ID) .IsLikelySpam}}
+                            <div class="notification is-warning is-light p-3 content">
+                                <p class="has-text-danger">
+                                    <i class="fa fa-exclamation-triangle mr-1"></i>
+                                    <strong>Be careful about possible scams!</strong>
+                                </p>
+
+                                <p>
+                                    It is a well-known tactic for con artists to move your conversation away to another
+                                    platform as soon as possible, in order to evade detection from the website.
+                                    If <strong>@{{$Root.ReplyTo.Username}}</strong> is asking to take you to a messenger
+                                    app within the first couple of messages, be wary!
+                                </p>
+
+                                <p>
+                                    Though the certification requirement for {{PrettyTitle}} does well to keep the
+                                    lowest effort scammers off the site, no system is completely full proof; we once
+                                    saw a fully authentic certification photo (likely taken under duress of somebody
+                                    who was a victim themselves) get a scammer into our website before.
+                                </p>
+
+                                <p>
+                                    Please
+                                    <a href="/contact?intent=report&subject=report.message&id={{$Root.MessageID}}">report this message</a>
+                                    if you think it may be a scam, especially if they are asking you to take this
+                                    conversation off-site within the first couple of messages, and let your website
+                                    administrator take a closer look at this person's pattern of behavior.
+                                </p>
+                            </div>
+                            {{end}}
                         </div>
                         <div class="block">
                             <em>Sent <abbr title="{{.CreatedAt.Format "2006-01-02 15:04:05"}}">