diff --git a/pkg/config/enum.go b/pkg/config/enum.go index da2d8ff..78ff73a 100644 --- a/pkg/config/enum.go +++ b/pkg/config/enum.go @@ -1,5 +1,7 @@ package config +import "regexp" + // Various hard-coded enums such as choice of gender, sexuality, relationship status etc. var ( MaritalStatus = []string{ @@ -105,6 +107,12 @@ var ( "Photo Boards", "Anything Goes", } + + // Keywords that appear in a DM that make it likely spam. + DirectMessageSpamKeywords = []*regexp.Regexp{ + regexp.MustCompile(`\b(telegram|whats\s*app|signal|kik|session)\b`), + regexp.MustCompile(`https?://(t.me|join.skype.com|zoom.us|whereby.com|meet.jit.si|wa.me)`), + } ) // ContactUs choices for the subject drop-down. diff --git a/pkg/models/message.go b/pkg/models/message.go index c409ea6..19624e8 100644 --- a/pkg/models/message.go +++ b/pkg/models/message.go @@ -3,6 +3,8 @@ package models import ( "strings" "time" + + "code.nonshy.com/nonshy/website/pkg/config" ) // Message table. @@ -227,6 +229,19 @@ func SendMessage(sourceUserID, targetUserID uint64, message string) (*Message, e return m, result.Error } +// IsLikelySpam checks if a DM message is likely to be spam so that the front-end can warn the recipient. +// +// This happens e.g. when the sender asks to switch to Telegram or WhatsApp. +func (m *Message) IsLikelySpam() bool { + body := strings.ToLower(m.Message) + for _, re := range config.DirectMessageSpamKeywords { + if idx := re.FindStringIndex(body); len(idx) > 0 { + return true + } + } + return false +} + // Save message. func (m *Message) Save() error { result := DB.Save(m) diff --git a/web/templates/inbox/inbox.html b/web/templates/inbox/inbox.html index 85b9223..416e689 100644 --- a/web/templates/inbox/inbox.html +++ b/web/templates/inbox/inbox.html @@ -118,6 +118,38 @@
+ + Be careful about possible scams! +
+ ++ It is a well-known tactic for con artists to move your conversation away to another + platform as soon as possible, in order to evade detection from the website. + If @{{$Root.ReplyTo.Username}} is asking to take you to a messenger + app within the first couple of messages, be wary! +
+ ++ Though the certification requirement for {{PrettyTitle}} does well to keep the + lowest effort scammers off the site, no system is completely full proof; we once + saw a fully authentic certification photo (likely taken under duress of somebody + who was a victim themselves) get a scammer into our website before. +
+ ++ Please + report this message + if you think it may be a scam, especially if they are asking you to take this + conversation off-site within the first couple of messages, and let your website + administrator take a closer look at this person's pattern of behavior. +
+