Browse Source

Add patch for hCaptcha support

master
root 3 months ago
parent
commit
f3fea85182
3 changed files with 289 additions and 25 deletions
  1. +218
    -0
      deploy/3.1.3_1-hcaptcha-registrations.patch
  2. +2
    -25
      generate-patch.sh
  3. +69
    -0
      libqueerpatchy.sh

+ 218
- 0
deploy/3.1.3_1-hcaptcha-registrations.patch View File

@@ -0,0 +1,218 @@
--- untainted/.env.production.sample
+++ tainted/.env.production.sample
@@ -260,3 +260,10 @@
# Only allow federation with whitelisted domains, see
# https://docs.joinmastodon.org/admin/config/#whitelist_mode
# WHITELIST_MODE=true
+
+# Optional hCaptcha verification on user signup
+# If the feature is enabled and no keys are specified here, dummy keys will be used and no actual verification will be taking place.
+# HCAPTCHA_ENABLED=
+# HCAPTCHA_SITE_KEY=
+# HCAPTCHA_SECRET_KEY=
+
--- untainted/Gemfile
+++ tainted/Gemfile
@@ -100,6 +100,8 @@
gem 'webpacker', '~> 4.2'
gem 'webpush'
+gem 'hcaptcha', git: 'https://github.com/firstmoversadvantage/hcaptcha', ref: 'e65246bea49374566a9dbaead59fdb35b46b086d', require: 'hcaptcha/rails'
+
gem 'json-ld'
gem 'json-ld-preloaded', '~> 3.1'
gem 'rdf-normalize', '~> 0.4'
--- untainted/Gemfile.lock
+++ tainted/Gemfile.lock
@@ -28,6 +28,13 @@
specs:
nilsimsa (1.1.2)
+GIT
+ remote: https://github.com/firstmoversadvantage/hcaptcha
+ revision: e65246bea49374566a9dbaead59fdb35b46b086d
+ ref: e65246bea49374566a9dbaead59fdb35b46b086d
+ specs:
+ hcaptcha (6.0.1)
+
GEM
remote: https://rubygems.org/
specs:
@@ -703,6 +710,7 @@
fuubar (~> 2.5)
goldfinger (~> 2.1)
hamlit-rails (~> 0.2)
+ hcaptcha
health_check!
hiredis (~> 0.6)
htmlentities (~> 4.3)
--- untainted/app/controllers/admin/dashboard_controller.rb
+++ tainted/app/controllers/admin/dashboard_controller.rb
@@ -36,6 +36,7 @@
@timeline_preview = Setting.timeline_preview
@spam_check_enabled = Setting.spam_check_enabled
@trends_enabled = Setting.trends
+ @hcaptcha_enabled = ENV['HCAPTCHA_ENABLED'] == 'true'
end
private
--- untainted/app/controllers/api/v1/accounts_controller.rb
+++ tainted/app/controllers/api/v1/accounts_controller.rb
@@ -21,13 +21,14 @@
end
def create
- token = AppSignUpService.new.call(doorkeeper_token.application, account_params)
- response = Doorkeeper::OAuth::TokenResponse.new(token)
+ not_found
+ #token = AppSignUpService.new.call(doorkeeper_token.application, account_params)
+ #response = Doorkeeper::OAuth::TokenResponse.new(token)
- headers.merge!(response.headers)
+ #headers.merge!(response.headers)
- self.response_body = Oj.dump(response.body)
- self.status = response.status
+ #self.response_body = Oj.dump(response.body)
+ #self.status = response.status
end
def follow
--- untainted/app/controllers/auth/registrations_controller.rb
+++ tainted/app/controllers/auth/registrations_controller.rb
@@ -11,6 +11,7 @@
before_action :set_body_classes, only: [:new, :create, :edit, :update]
before_action :require_not_suspended!, only: [:update]
before_action :set_cache_headers, only: [:edit, :update]
+ before_action :check_captcha, only: [:create]
skip_before_action :require_functional!, only: [:edit, :update]
@@ -91,6 +92,15 @@
end
private
+
+ def check_captcha
+ if ENV['HCAPTCHA_ENABLED'] == 'true' && !verify_hcaptcha
+ self.resource = resource_class.new sign_up_params
+ resource.validate
+ flash[:alert] = Hcaptcha::Helpers.to_error_message(:verification_failed)
+ respond_with_navigational(resource) { render :new }
+ end
+ end
def set_instance_presenter
@instance_presenter = InstancePresenter.new
--- untainted/app/javascript/styles/mastodon/forms.scss
+++ tainted/app/javascript/styles/mastodon/forms.scss
@@ -239,6 +239,9 @@
.input:last-child {
margin-bottom: 0;
}
+ .h-captcha {
+ text-align: center;
+ }
}
.fields-row {
--- untainted/app/views/about/_registration.html.haml
+++ tainted/app/views/about/_registration.html.haml
@@ -18,6 +18,10 @@
.fields-group
= f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', rules_path: about_more_path, terms_path: terms_path), disabled: closed_registrations?
+ if ENV['HCAPTCHA_ENABLED'] == 'true':
+ .fields-group
+ = hcaptcha_tags
+
.actions
= f.button :button, sign_up_message, type: :submit, class: 'button button-primary', disabled: closed_registrations?
--- untainted/app/views/admin/dashboard/index.html.haml
+++ tainted/app/views/admin/dashboard/index.html.haml
@@ -121,6 +121,8 @@
%li
= feature_hint('PAM', @pam_enabled)
%li
+ = feature_hint(t('admin.dashboard.feature_hcaptcha'), @hcaptcha_enabled)
+ %li
= feature_hint(t('admin.dashboard.hidden_service'), @hidden_service)
.dashboard__widgets__trends
--- untainted/app/views/auth/registrations/new.html.haml
+++ tainted/app/views/auth/registrations/new.html.haml
@@ -35,6 +35,10 @@
.fields-group
= f.input :agreement, as: :boolean, wrapper: :with_label, label: whitelist_mode? ? t('auth.checkbox_agreement_without_rules_html', terms_path: terms_path) : t('auth.checkbox_agreement_html', rules_path: about_more_path, terms_path: terms_path)
+ - if ENV['HCAPTCHA_ENABLED'] == 'true'
+ .fields-group
+ = hcaptcha_tags
+
.actions
= f.button :button, @invite.present? ? t('auth.register') : sign_up_message, type: :submit
--- untainted/config/initializers/content_security_policy.rb
+++ tainted/config/initializers/content_security_policy.rb
@@ -16,27 +16,29 @@
media_host ||= host_to_url(ENV['S3_HOSTNAME']) if ENV['S3_ENABLED'] == 'true'
media_host ||= assets_host
+hcaptcha_hosts = ["https://hcaptcha.com", "https://*.hcaptcha.com"]
+
Rails.application.config.content_security_policy do |p|
p.base_uri :none
p.default_src :none
p.frame_ancestors :none
p.font_src :self, assets_host
p.img_src :self, :https, :data, :blob, assets_host
- p.style_src :self, :unsafe_inline, assets_host
+ p.style_src :self, :unsafe_inline, assets_host, *hcaptcha_hosts
p.media_src :self, :https, :data, assets_host
- p.frame_src :self, :https
+ p.frame_src :self, :https, *hcaptcha_hosts
p.manifest_src :self, assets_host
if Rails.env.development?
webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" }
p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls
- p.script_src :self, :unsafe_inline, :unsafe_eval, assets_host
+ p.script_src :self, :unsafe_inline, :unsafe_eval, assets_host, *hcaptcha_hosts
p.child_src :self, :blob, assets_host
p.worker_src :self, :blob, assets_host
else
p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url
- p.script_src :self, assets_host
+ p.script_src :self, assets_host, *hcaptcha_hosts
p.child_src :self, :blob, assets_host
p.worker_src :self, :blob, assets_host
end
--- /dev/null
+++ tainted/config/initializers/hcaptcha.rb
@@ -0,0 +1,5 @@
+Hcaptcha.configure do |config|
+ config.site_key = ENV.fetch('HCAPTCHA_SITE_KEY') { '10000000-ffff-ffff-ffff-000000000001' }
+ config.secret_key = ENV.fetch('HCAPTCHA_SECRET_KEY') { '0x0000000000000000000000000000000000000000' }
+end
+
--- untainted/config/locales/en.yml
+++ tainted/config/locales/en.yml
@@ -324,6 +324,7 @@
backlog: backlogged jobs
config: Configuration
feature_deletions: Account deletions
+ feature_hcaptcha: hCaptcha
feature_invites: Invite links
feature_profile_directory: Profile directory
feature_registrations: Registrations
@@ -535,6 +536,8 @@
deletion:
desc_html: Allow anyone to delete their account
title: Open account deletion
+ errors:
+ captcha_fail: Captcha verification failed
min_invite_role:
disabled: No one
title: Allow invitations by

+ 2
- 25
generate-patch.sh View File

@@ -1,25 +1,2 @@
#!/bin/sh
if [ "x$1" != "x" ]; then MASTODON_VERSION=$1; fi
if [ "x$MASTODON_VERSION" == "x" ]; then
echo "Please specify a version as the first argument or via env. var. MASTODON_VERSION">/dev/stderr
exit 1
fi
git clone https://git.maff.scot/mirrors/mastodon untainted
cd untainted
git fetch --all --tags
git checkout tags/v$MASTODON_VERSION
cd ..
cp -pr untainted tainted
mkdir modifications
git clone https://github.com/meemudotorg/theemu modifications/theemu
rsync -av --files-from modifications/theemu/meemu-theme.txt modifications/theemu tainted
cp -pr untainted/app/javascript/mastodon/locales/en.json tainted/app/javascript/mastodon/locales/en.json
cp -pr untainted/config/locales/en.yml tainted/config/locales/en.yml
cp -pr assets/themes.yml tainted/config/themes.yml
cp -pr assets/source.rb tainted/config/initializers/source.rb
mv tainted/app/javascript/fonts/pressstart2p deploy/
diff -ruN untainted tainted > deploy/queer.party.patch
rm -rf untainted tainted modifications
docker build --build-arg MASTODON_VERSION=$MASTODON_VERSION -t maffsie/qp-mastodon:latest -t maffsie/qp-mastodon:v$MASTODON_VERSION deploy/
rm -rf deploy/queer.party.patch deploy/pressstart2p
if [ "x$NOPUSH" == "x" -a -f ~/.docker/config.json ]; then docker push maffsie/qp-mastodon:v$MASTODON_VERSION;docker push maffsie/qp-mastodon:latest; fi
. ./libqueerpatchy.sh
main $@

+ 69
- 0
libqueerpatchy.sh View File

@@ -0,0 +1,69 @@
#!/bin/sh
if [ "x$1" != "x" ]; then MASTODON_VERSION=$1; fi
if [ "x$MASTODON_VERSION" == "x" ]; then
echo "Please specify a version as the first argument or via env. var. MASTODON_VERSION">/dev/stderr
exit 1
fi
prep_untainted() {
git clone https://git.maff.scot/mirrors/mastodon untainted
cd untainted
git fetch --all --tags
git checkout tags/v$MASTODON_VERSION
cd ..
}
prep_tainted() {
cp -pr untainted tainted
mkdir modifications
git clone https://github.com/meemudotorg/theemu modifications/theemu
}
build_assets() {
rsync -av --files-from modifications/theemu/meemu-theme.txt modifications/theemu tainted
cp -pr untainted/app/javascript/mastodon/locales/en.json tainted/app/javascript/mastodon/locales/en.json
cp -pr untainted/config/locales/en.yml tainted/config/locales/en.yml
cp -pr assets/themes.yml tainted/config/themes.yml
cp -pr assets/source.rb tainted/config/initializers/source.rb
mv tainted/app/javascript/fonts/pressstart2p deploy/
}
build_patch() {
diff -ruN untainted tainted > deploy/queer.party.patch
}
cleanup_prebuild() {
rm -rf untainted tainted modifications
}
build_image() {
docker build --build-arg MASTODON_VERSION=$MASTODON_VERSION -t maffsie/qp-mastodon:latest -t maffsie/qp-mastodon:v$MASTODON_VERSION deploy/
if [ "x$NOPUSH" == "x" -a -f ~/.docker/config.json ]; then docker push maffsie/qp-mastodon:v$MASTODON_VERSION;docker push maffsie/qp-mastodon:latest; fi
}
cleanup_postbuild() {
rm -rf deploy/queer.party.patch deploy/pressstart2p
}
prep() {
case "$1" in
untainted) prep_untainted;;
tainted) prep_tainted;;
esac
}
build() {
case "$1" in
assets) build_assets;;
patch) build_patch;;
image) build_image;;
esac
}
cleanup() {
case "$1" in
prebuild) cleanup_prebuild;;
postbuild) cleanup_postbuild;;
esac
}
main() {
prep untainted
prep tainted
build assets
build patch
cleanup prebuild
build image
cleanup postbuild
}



Loading…
Cancel
Save