Mastodon customisations for queer.party
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

219 lines
7.7 KiB

  1. --- untainted/.env.production.sample
  2. +++ tainted/.env.production.sample
  3. @@ -260,3 +260,10 @@
  4. # Only allow federation with whitelisted domains, see
  5. # https://docs.joinmastodon.org/admin/config/#whitelist_mode
  6. # WHITELIST_MODE=true
  7. +
  8. +# Optional hCaptcha verification on user signup
  9. +# If the feature is enabled and no keys are specified here, dummy keys will be used and no actual verification will be taking place.
  10. +# HCAPTCHA_ENABLED=
  11. +# HCAPTCHA_SITE_KEY=
  12. +# HCAPTCHA_SECRET_KEY=
  13. +
  14. --- untainted/Gemfile
  15. +++ tainted/Gemfile
  16. @@ -100,6 +100,8 @@
  17. gem 'webpacker', '~> 4.2'
  18. gem 'webpush'
  19. +gem 'hcaptcha', git: 'https://github.com/firstmoversadvantage/hcaptcha', ref: 'e65246bea49374566a9dbaead59fdb35b46b086d', require: 'hcaptcha/rails'
  20. +
  21. gem 'json-ld'
  22. gem 'json-ld-preloaded', '~> 3.1'
  23. gem 'rdf-normalize', '~> 0.4'
  24. --- untainted/Gemfile.lock
  25. +++ tainted/Gemfile.lock
  26. @@ -28,6 +28,13 @@
  27. specs:
  28. nilsimsa (1.1.2)
  29. +GIT
  30. + remote: https://github.com/firstmoversadvantage/hcaptcha
  31. + revision: e65246bea49374566a9dbaead59fdb35b46b086d
  32. + ref: e65246bea49374566a9dbaead59fdb35b46b086d
  33. + specs:
  34. + hcaptcha (6.0.1)
  35. +
  36. GEM
  37. remote: https://rubygems.org/
  38. specs:
  39. @@ -703,6 +710,7 @@
  40. fuubar (~> 2.5)
  41. goldfinger (~> 2.1)
  42. hamlit-rails (~> 0.2)
  43. + hcaptcha
  44. health_check!
  45. hiredis (~> 0.6)
  46. htmlentities (~> 4.3)
  47. --- untainted/app/controllers/admin/dashboard_controller.rb
  48. +++ tainted/app/controllers/admin/dashboard_controller.rb
  49. @@ -36,6 +36,7 @@
  50. @timeline_preview = Setting.timeline_preview
  51. @spam_check_enabled = Setting.spam_check_enabled
  52. @trends_enabled = Setting.trends
  53. + @hcaptcha_enabled = ENV['HCAPTCHA_ENABLED'] == 'true'
  54. end
  55. private
  56. --- untainted/app/controllers/api/v1/accounts_controller.rb
  57. +++ tainted/app/controllers/api/v1/accounts_controller.rb
  58. @@ -21,13 +21,14 @@
  59. end
  60. def create
  61. - token = AppSignUpService.new.call(doorkeeper_token.application, account_params)
  62. - response = Doorkeeper::OAuth::TokenResponse.new(token)
  63. + not_found
  64. + #token = AppSignUpService.new.call(doorkeeper_token.application, account_params)
  65. + #response = Doorkeeper::OAuth::TokenResponse.new(token)
  66. - headers.merge!(response.headers)
  67. + #headers.merge!(response.headers)
  68. - self.response_body = Oj.dump(response.body)
  69. - self.status = response.status
  70. + #self.response_body = Oj.dump(response.body)
  71. + #self.status = response.status
  72. end
  73. def follow
  74. --- untainted/app/controllers/auth/registrations_controller.rb
  75. +++ tainted/app/controllers/auth/registrations_controller.rb
  76. @@ -11,6 +11,7 @@
  77. before_action :set_body_classes, only: [:new, :create, :edit, :update]
  78. before_action :require_not_suspended!, only: [:update]
  79. before_action :set_cache_headers, only: [:edit, :update]
  80. + before_action :check_captcha, only: [:create]
  81. skip_before_action :require_functional!, only: [:edit, :update]
  82. @@ -91,6 +92,15 @@
  83. end
  84. private
  85. +
  86. + def check_captcha
  87. + if ENV['HCAPTCHA_ENABLED'] == 'true' && !verify_hcaptcha
  88. + self.resource = resource_class.new sign_up_params
  89. + resource.validate
  90. + flash[:alert] = Hcaptcha::Helpers.to_error_message(:verification_failed)
  91. + respond_with_navigational(resource) { render :new }
  92. + end
  93. + end
  94. def set_instance_presenter
  95. @instance_presenter = InstancePresenter.new
  96. --- untainted/app/javascript/styles/mastodon/forms.scss
  97. +++ tainted/app/javascript/styles/mastodon/forms.scss
  98. @@ -239,6 +239,9 @@
  99. .input:last-child {
  100. margin-bottom: 0;
  101. }
  102. + .h-captcha {
  103. + text-align: center;
  104. + }
  105. }
  106. .fields-row {
  107. --- untainted/app/views/about/_registration.html.haml
  108. +++ tainted/app/views/about/_registration.html.haml
  109. @@ -18,6 +18,10 @@
  110. .fields-group
  111. = f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', rules_path: about_more_path, terms_path: terms_path), disabled: closed_registrations?
  112. + - if ENV['HCAPTCHA_ENABLED'] == 'true'
  113. + .fields-group
  114. + = hcaptcha_tags
  115. +
  116. .actions
  117. = f.button :button, sign_up_message, type: :submit, class: 'button button-primary', disabled: closed_registrations?
  118. --- untainted/app/views/admin/dashboard/index.html.haml
  119. +++ tainted/app/views/admin/dashboard/index.html.haml
  120. @@ -121,6 +121,8 @@
  121. %li
  122. = feature_hint('PAM', @pam_enabled)
  123. %li
  124. + = feature_hint(t('admin.dashboard.feature_hcaptcha'), @hcaptcha_enabled)
  125. + %li
  126. = feature_hint(t('admin.dashboard.hidden_service'), @hidden_service)
  127. .dashboard__widgets__trends
  128. --- untainted/app/views/auth/registrations/new.html.haml
  129. +++ tainted/app/views/auth/registrations/new.html.haml
  130. @@ -35,6 +35,10 @@
  131. .fields-group
  132. = f.input :agreement, as: :boolean, wrapper: :with_label, label: whitelist_mode? ? t('auth.checkbox_agreement_without_rules_html', terms_path: terms_path) : t('auth.checkbox_agreement_html', rules_path: about_more_path, terms_path: terms_path)
  133. + - if ENV['HCAPTCHA_ENABLED'] == 'true'
  134. + .fields-group
  135. + = hcaptcha_tags
  136. +
  137. .actions
  138. = f.button :button, @invite.present? ? t('auth.register') : sign_up_message, type: :submit
  139. --- untainted/config/initializers/content_security_policy.rb
  140. +++ tainted/config/initializers/content_security_policy.rb
  141. @@ -16,27 +16,29 @@
  142. media_host ||= host_to_url(ENV['S3_HOSTNAME']) if ENV['S3_ENABLED'] == 'true'
  143. media_host ||= assets_host
  144. +hcaptcha_hosts = ["https://hcaptcha.com", "https://*.hcaptcha.com"]
  145. +
  146. Rails.application.config.content_security_policy do |p|
  147. p.base_uri :none
  148. p.default_src :none
  149. p.frame_ancestors :none
  150. p.font_src :self, assets_host
  151. p.img_src :self, :https, :data, :blob, assets_host
  152. - p.style_src :self, :unsafe_inline, assets_host
  153. + p.style_src :self, :unsafe_inline, assets_host, *hcaptcha_hosts
  154. p.media_src :self, :https, :data, assets_host
  155. - p.frame_src :self, :https
  156. + p.frame_src :self, :https, *hcaptcha_hosts
  157. p.manifest_src :self, assets_host
  158. if Rails.env.development?
  159. webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" }
  160. p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls
  161. - p.script_src :self, :unsafe_inline, :unsafe_eval, assets_host
  162. + p.script_src :self, :unsafe_inline, :unsafe_eval, assets_host, *hcaptcha_hosts
  163. p.child_src :self, :blob, assets_host
  164. p.worker_src :self, :blob, assets_host
  165. else
  166. p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url
  167. - p.script_src :self, assets_host
  168. + p.script_src :self, assets_host, *hcaptcha_hosts
  169. p.child_src :self, :blob, assets_host
  170. p.worker_src :self, :blob, assets_host
  171. end
  172. --- /dev/null
  173. +++ tainted/config/initializers/hcaptcha.rb
  174. @@ -0,0 +1,5 @@
  175. +Hcaptcha.configure do |config|
  176. + config.site_key = ENV.fetch('HCAPTCHA_SITE_KEY') { '10000000-ffff-ffff-ffff-000000000001' }
  177. + config.secret_key = ENV.fetch('HCAPTCHA_SECRET_KEY') { '0x0000000000000000000000000000000000000000' }
  178. +end
  179. +
  180. --- untainted/config/locales/en.yml
  181. +++ tainted/config/locales/en.yml
  182. @@ -324,6 +324,7 @@
  183. backlog: backlogged jobs
  184. config: Configuration
  185. feature_deletions: Account deletions
  186. + feature_hcaptcha: hCaptcha
  187. feature_invites: Invite links
  188. feature_profile_directory: Profile directory
  189. feature_registrations: Registrations
  190. @@ -535,6 +536,8 @@
  191. deletion:
  192. desc_html: Allow anyone to delete their account
  193. title: Open account deletion
  194. + errors:
  195. + captcha_fail: Captcha verification failed
  196. min_invite_role:
  197. disabled: No one
  198. title: Allow invitations by