1
0
Fork 0
mirror of https://gitlab.com/SIGBUS/nyaa.git synced 2024-12-22 14:10:00 +00:00

[Config change] Require recaptcha of new uploaders (#376)

* Reorganize config.example.py, add ACCOUNT_RECAPTCHA_AGE

* Require new accounts to pass recaptcha on upload

Based on ACCOUNT_RECAPTCHA_AGE in config.
This commit is contained in:
Anna-Maria Meriniemi 2017-10-05 02:05:35 +03:00 committed by Arylide
parent 214952e7b6
commit 1e5f61ddf7
4 changed files with 75 additions and 37 deletions

View file

@ -1,20 +1,47 @@
import os import os
DEBUG = True DEBUG = True
######################
## Maintenance mode ##
######################
# A read-only maintenance mode, in which the database is not modified # A read-only maintenance mode, in which the database is not modified
MAINTENANCE_MODE = True MAINTENANCE_MODE = False
# A maintenance message (used in layout.html template) # A maintenance message (used in layout.html template)
MAINTENANCE_MODE_MESSAGE = 'Site is currently in read-only maintenance mode.' MAINTENANCE_MODE_MESSAGE = 'Site is currently in read-only maintenance mode.'
# Allow logging in during maintenance (without updating last login date) # Allow logging in during maintenance (without updating last login date)
MAINTENANCE_MODE_LOGINS = True MAINTENANCE_MODE_LOGINS = True
USE_RECAPTCHA = False #############
USE_EMAIL_VERIFICATION = False ## General ##
USE_MYSQL = True #############
# Enable this once stat integration is done # What the site identifies itself as. This affects templates, not database stuff.
SITE_NAME = 'Nyaa'
# General prefix for running multiple sites, eg. most database tables are site-prefixed
SITE_FLAVOR = 'nyaa' # 'nyaa' or 'sukebei'
# Full external urls to both sites, used for site-change links
EXTERNAL_URLS = {'fap':'***', 'main':'***'}
# Secret keys for Flask
CSRF_SESSION_KEY = '***'
SECRET_KEY = '***'
# Present a recaptcha for anonymous uploaders
USE_RECAPTCHA = False
# Require email validation
USE_EMAIL_VERIFICATION = False
# Use MySQL or Sqlite3 (mostly deprecated)
USE_MYSQL = True
# Show seeds/peers/completions in torrent list/page
ENABLE_SHOW_STATS = True ENABLE_SHOW_STATS = True
# Recaptcha keys (https://www.google.com/recaptcha)
RECAPTCHA_PUBLIC_KEY = '***'
RECAPTCHA_PRIVATE_KEY = '***'
BASE_DIR = os.path.abspath(os.path.dirname(__file__)) BASE_DIR = os.path.abspath(os.path.dirname(__file__))
if USE_MYSQL: if USE_MYSQL:
SQLALCHEMY_DATABASE_URI = ('mysql://test:test123@localhost/nyaav2?charset=utf8mb4') SQLALCHEMY_DATABASE_URI = ('mysql://test:test123@localhost/nyaav2?charset=utf8mb4')
@ -22,50 +49,54 @@ else:
SQLALCHEMY_DATABASE_URI = ( SQLALCHEMY_DATABASE_URI = (
'sqlite:///' + os.path.join(BASE_DIR, 'test.db') + '?check_same_thread=False') 'sqlite:///' + os.path.join(BASE_DIR, 'test.db') + '?check_same_thread=False')
CSRF_SESSION_KEY = '***' # Email server settings
SECRET_KEY = '***'
# Prefix for running multiple sites, user table will not be prefixed.
SITE_FLAVOR = 'nyaa' # 'nyaa' or 'sukebei'
EXTERNAL_URLS = {'fap':'***', 'main':'***'}
# for recaptcha and email verification:
# keys for localhost. Change as appropriate when actual domain is registered.
RECAPTCHA_PUBLIC_KEY = '***'
RECAPTCHA_PRIVATE_KEY = '***'
SMTP_SERVER = '***' SMTP_SERVER = '***'
SMTP_PORT = 587 SMTP_PORT = 587
MAIL_FROM_ADDRESS = '***' MAIL_FROM_ADDRESS = '***'
SMTP_USERNAME = '***' SMTP_USERNAME = '***'
SMTP_PASSWORD = '***' SMTP_PASSWORD = '***'
# What the site identifies itself as. This affects templates, not database stuff.
SITE_NAME = 'Nyaa'
# The maximum number of files a torrent can contain # The maximum number of files a torrent can contain
# until the site says "Too many files to display." # until the site says "Too many files to display."
MAX_FILES_VIEW = 1000 MAX_FILES_VIEW = 1000
# # Verify uploaded torrents have the given tracker in them?
# Setting to make sure main announce url is present in torrent
#
ENFORCE_MAIN_ANNOUNCE_URL = False ENFORCE_MAIN_ANNOUNCE_URL = False
MAIN_ANNOUNCE_URL = 'http://127.0.0.1:6881/announce' MAIN_ANNOUNCE_URL = 'http://127.0.0.1:6881/announce'
# Tracker API integration - don't mind this
TRACKER_API_URL = 'http://127.0.0.1:6881/api' TRACKER_API_URL = 'http://127.0.0.1:6881/api'
TRACKER_API_AUTH = 'topsecret' TRACKER_API_AUTH = 'topsecret'
#############
## Account ##
#############
# Torrents uploaded without an account must be at least this big in total (bytes) # Torrents uploaded without an account must be at least this big in total (bytes)
# Set to 0 to disable # Set to 0 to disable
MINIMUM_ANONYMOUS_TORRENT_SIZE = 1 * 1024 * 1024 MINIMUM_ANONYMOUS_TORRENT_SIZE = 1 * 1024 * 1024
# Minimum age for an account not to be served a captcha (seconds)
# Relies on USE_RECAPTCHA. Set to 0 to disable.
ACCOUNT_RECAPTCHA_AGE = 7 * 24 * 3600 # A week
# Backup original .torrent uploads
BACKUP_TORRENT_FOLDER = 'torrents' BACKUP_TORRENT_FOLDER = 'torrents'
# ############
# Search Options ## Search ##
# ############
# How many results should a page contain. Applies to RSS as well.
RESULTS_PER_PAGE = 75 RESULTS_PER_PAGE = 75
# See README.MD on Elasticsearch setup # Use better searching with ElasticSearch
# See README.MD on setup!
USE_ELASTIC_SEARCH = False USE_ELASTIC_SEARCH = False
# Highlight matches (for debugging)
ENABLE_ELASTIC_SEARCH_HIGHLIGHT = False ENABLE_ELASTIC_SEARCH_HIGHLIGHT = False
# Max ES search results, do not set over 10000 # Max ES search results, do not set over 10000
ES_MAX_SEARCH_RESULT = 1000 ES_MAX_SEARCH_RESULT = 1000
ES_INDEX_NAME = SITE_FLAVOR # we create indicies named nyaa or sukebei # ES index name generally (nyaa or sukebei)
ES_INDEX_NAME = SITE_FLAVOR

View file

@ -239,6 +239,17 @@ class BanForm(FlaskForm):
]) ])
def recaptcha_validator_shim(form, field):
''' Selectively does a recaptcha validation '''
if app.config['USE_RECAPTCHA']:
# Recaptcha anonymous and new users
if not flask.g.user or flask.g.user.age < app.config['ACCOUNT_RECAPTCHA_AGE']:
return RecaptchaValidator()(form, field)
else:
# Always pass validating the recaptcha field if disabled
return True
class UploadForm(FlaskForm): class UploadForm(FlaskForm):
torrent_file = FileField('Torrent file', [ torrent_file = FileField('Torrent file', [
FileRequired() FileRequired()
@ -251,17 +262,8 @@ class UploadForm(FlaskForm):
'%(max)d at most.') '%(max)d at most.')
]) ])
if config['USE_RECAPTCHA']: recaptcha = RecaptchaField(validators=[recaptcha_validator_shim])
# Captcha only for not logged in users
_recaptcha_validator = RecaptchaValidator()
def _validate_recaptcha(form, field):
if not flask.g.user:
return UploadForm._recaptcha_validator(form, field)
recaptcha = RecaptchaField(validators=[_validate_recaptcha])
# category = SelectField('Category')
category = DisabledSelectField('Category') category = DisabledSelectField('Category')
def validate_category(form, field): def validate_category(form, field):

View file

@ -601,6 +601,11 @@ class User(db.Model):
def is_banned(self): def is_banned(self):
return self.status == UserStatusType.BANNED return self.status == UserStatusType.BANNED
@property
def age(self):
'''Account age in seconds'''
return (datetime.utcnow() - self.created_time).total_seconds()
class AdminLogBase(DeclarativeHelperBase): class AdminLogBase(DeclarativeHelperBase):
__tablename_base__ = 'adminlog' __tablename_base__ = 'adminlog'

View file

@ -86,7 +86,7 @@
</div> </div>
</div> </div>
{% if config.USE_RECAPTCHA and not g.user %} {% if config.USE_RECAPTCHA and (not g.user or g.user.age < config['ACCOUNT_RECAPTCHA_AGE']) %}
<div class="row"> <div class="row">
<div class="col-md-4"> <div class="col-md-4">
{% for error in upload_form.recaptcha.errors %} {% for error in upload_form.recaptcha.errors %}