From 2edb167a00cda7c9f8d005a9db4df2124275f21f Mon Sep 17 00:00:00 2001 From: Andrea Date: Sat, 18 Dec 2021 22:37:26 +0100 Subject: [PATCH] [profiles][ban] save profile snapshots for reports and bans --- migrations/044-ban-snapshots.sql | 7 +++++++ server/routes/admin.js | 4 +++- server/routes/profile.js | 10 +++++++--- server/routes/user.js | 2 +- 4 files changed, 18 insertions(+), 5 deletions(-) create mode 100644 migrations/044-ban-snapshots.sql diff --git a/migrations/044-ban-snapshots.sql b/migrations/044-ban-snapshots.sql new file mode 100644 index 00000000..aa16def1 --- /dev/null +++ b/migrations/044-ban-snapshots.sql @@ -0,0 +1,7 @@ +-- Up + +ALTER TABLE users ADD COLUMN banSnapshot TEXT NULL; +ALTER TABLE reports ADD COLUMN snapshot TEXT NULL; + +-- Down + diff --git a/server/routes/admin.js b/server/routes/admin.js index faed12db..a98edad4 100644 --- a/server/routes/admin.js +++ b/server/routes/admin.js @@ -7,6 +7,7 @@ import {calculateStats, statsFile} from '../../src/stats'; import fs from 'fs'; import { caches } from "../../src/cache"; import mailer from "../../src/mailer"; +import {profilesSnapshot} from "./profile"; const router = Router(); @@ -155,7 +156,8 @@ router.post('/admin/ban/:username', handleErrorAsync(async (req, res) => { UPDATE users SET bannedReason = ${req.body.reason}, bannedTerms = ${req.body.terms.join(',')}, - bannedBy = ${req.user.id} + bannedBy = ${req.user.id}, + banSnapshot = ${await profilesSnapshot(req.db, normalise(req.params.username))} WHERE id = ${user.id} `); mailer(user.email, 'ban', {reason: req.body.reason}); diff --git a/server/routes/profile.js b/server/routes/profile.js index f1d32d08..4fbd9688 100644 --- a/server/routes/profile.js +++ b/server/routes/profile.js @@ -43,7 +43,7 @@ const verifyLinks = (links, authenticators) => { return verifiedLinks; } -const fetchProfiles = async (db, username, self, isAdmin) => { +const fetchProfiles = async (db, username, self) => { const profiles = await db.all(SQL` SELECT profiles.* FROM profiles @@ -88,6 +88,10 @@ const fetchProfiles = async (db, username, self, isAdmin) => { return p; }; +export const profilesSnapshot = async (db, username) => { + return JSON.stringify(await fetchProfiles(db, username, true), null, 4); +} + const susRegexes = fs.readFileSync(__dirname + '/../../sus.txt').toString('utf-8').split('\n').filter(x => !!x); function* isSuspicious(profile) { @@ -288,8 +292,8 @@ router.post('/profile/report/:username', handleErrorAsync(async (req, res) => { } await req.db.get(SQL` - INSERT INTO reports (id, userId, reporterId, isAutomatic, comment, isHandled) - VALUES (${ulid()}, ${user.id}, ${req.user.id}, 0, ${req.body.comment}, 0); + INSERT INTO reports (id, userId, reporterId, isAutomatic, comment, isHandled, snapshot) + VALUES (${ulid()}, ${user.id}, ${req.user.id}, 0, ${req.body.comment}, 0, ${await profilesSnapshot(req.db, normalise(req.params.username))}); `); return res.json('OK'); diff --git a/server/routes/user.js b/server/routes/user.js index 21b22a25..c0f58375 100644 --- a/server/routes/user.js +++ b/server/routes/user.js @@ -21,7 +21,7 @@ const normalise = s => s.trim().toLowerCase(); const isSpam = (email) => { const noDots = email.replace(/\./g, ''); return noDots === 'javierfranciscotmp@gmailcom' - || noDots === 'leahmarykathryntmp@gmail.com' + || noDots === 'leahmarykathryntmp@gmailcom' || email.includes('dogazu') || email.includes('narodowcy.net') || email.length > 128;