From 09172a56ef2702ad979d1bbb6433fd7b8f960534 Mon Sep 17 00:00:00 2001
From: Andreas Nedbal <git@pixelde.su>
Date: Thu, 30 Dec 2021 17:58:15 +0100
Subject: [PATCH] Add linkfilter action

---
 app/controllers/static_controller.rb    |  6 ++++++
 app/validators/screen_name_validator.rb |  2 +-
 app/views/static/linkfilter.haml        | 19 +++++++++++++++++++
 config/routes.rb                        |  1 +
 4 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 app/views/static/linkfilter.haml

diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index c98501a2..3d45edfa 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -31,6 +31,12 @@ class StaticController < ApplicationController
     @smiles = Smile.count + CommentSmile.count
   end
 
+  def linkfilter
+    redirect_to root_path unless params[:url]
+    
+    @link = params[:url]
+  end
+
   def faq
 
   end
diff --git a/app/validators/screen_name_validator.rb b/app/validators/screen_name_validator.rb
index ad157d48..64836e8d 100644
--- a/app/validators/screen_name_validator.rb
+++ b/app/validators/screen_name_validator.rb
@@ -2,7 +2,7 @@ class ScreenNameValidator < ActiveModel::EachValidator
   FORBIDDEN_SCREEN_NAMES = %w(justask_admin retrospring_admin admin justask retrospring about public
                               notifications inbox sign_in sign_up sidekiq moderation moderator mod administrator
                               siteadmin site_admin help retro_spring retroospring retrosprlng niisding nllsding 
-                              pixeidesu plxeldesu plxeidesu terms privacy)
+                              pixeidesu plxeldesu plxeidesu terms privacy linkfilter)
   FORBIDDEN_SCREEN_NAME_REGEXPS = [/wreciap\z/i]
 
   def validate_each(record, attribute, value)
diff --git a/app/views/static/linkfilter.haml b/app/views/static/linkfilter.haml
new file mode 100644
index 00000000..46317210
--- /dev/null
+++ b/app/views/static/linkfilter.haml
@@ -0,0 +1,19 @@
+.container.pt-3
+  .card
+    .card-body
+      %h1 
+        You're leaving
+        = APP_CONFIG['site_name']
+      %p.lead
+        The link you are visiting is not trusted by
+        = APP_CONFIG['site_name']
+      %p
+        Never enter your passwords or other private information on an untrusted website.
+        = APP_CONFIG['site_name']
+        will only ever ask for your password on a site that is on the domain
+        = APP_CONFIG['hostname']
+
+      %p.font-weight-bold.mb-0 URL:
+      %pre.bg-light.text-dark.p-3.rounded= @link
+
+      %a.btn.btn-primary{ href: @link } I understand the risk, proceed!
diff --git a/config/routes.rb b/config/routes.rb
index 35d23bee..064e6ab0 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -42,6 +42,7 @@ Rails.application.routes.draw do
   match '/help/faq', to: 'static#faq', via: 'get', as: :help_faq
   match '/privacy', to: 'static#privacy_policy', via: 'get', as: :privacy_policy
   match '/terms', to: 'static#terms', via: 'get', as: :terms
+  match '/linkfilter', to: 'static#linkfilter', via: 'get', as: :linkfilter
 
   # Devise routes
   devise_for :users, path: 'user', skip: [:sessions, :registrations]