KevaChat
/
webapp
mirror of https://github.com/kevachat/webapp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

implement post validation

main
ghost 11 months ago
parent
3a500a1554
commit
d4e450b6af
7 changed files with 152 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      .env
  2. 4
      config/services.yaml
  3. 8
      public/css/default.css
  4. 3
      src/Controller/ModuleController.php
  5. 133
      src/Controller/RoomController.php
  6. 5
      templates/default/module/post.html.twig
  7. 2
      templates/default/room/index.html.twig

9
.env
Unescape View File

@ -23,6 +23,10 @@ APP_VERSION=1.0.0 @@ -23,6 +23,10 @@ APP_VERSION=1.0.0
APP_NAME=KevaChat
# Connect memcached
APP_MEMCACHED_HOST=127.0.0.1
APP_MEMCACHED_PORT=11211
# Connect kevacoin
APP_KEVACOIN_PROTOCOL=http
@ -59,5 +63,8 @@ APP_ADD_POST_REMOTE_IP_DELAY=60 @@ -59,5 +63,8 @@ APP_ADD_POST_REMOTE_IP_DELAY=60
# Skip access limits for following IPs separated by |
APP_ADD_POST_REMOTE_IP_MODERATORS=
# Skip access limits for banned IPs separated by |
APP_ADD_POST_REMOTE_IP_DENIED=
# Post content rules (for kevacoin value)
APP_ADD_POST_VALUE_REGEX=/[\w]{2,3072}/
APP_ADD_POST_VALUE_REGEX=/^[\w\s]{2,3072}$/ui

4
config/services.yaml
Unescape View File

@ -6,7 +6,8 @@ @@ -6,7 +6,8 @@
parameters:
app.version: '%env(APP_VERSION)%'
app.name: '%env(APP_NAME)%'
app.memcached.host: '%env(APP_MEMCACHED_HOST)%'
app.memcached.port: '%env(APP_MEMCACHED_PORT)%'
app.kevacoin.protocol: '%env(APP_KEVACOIN_PROTOCOL)%'
app.kevacoin.host: '%env(APP_KEVACOIN_HOST)%'
app.kevacoin.port: '%env(APP_KEVACOIN_PORT)%'
@ -22,6 +23,7 @@ parameters: @@ -22,6 +23,7 @@ parameters:
app.add.post.remote.ip.regex: '%env(APP_ADD_POST_REMOTE_IP_REGEX)%'
app.add.post.remote.ip.delay: '%env(APP_ADD_POST_REMOTE_IP_DELAY)%'
app.add.post.remote.ip.moderators: '%env(APP_ADD_POST_REMOTE_IP_MODERATORS)%'
app.add.post.remote.ip.denied: '%env(APP_ADD_POST_REMOTE_IP_DENIED)%'
app.add.post.value.regex: '%env(APP_ADD_POST_VALUE_REGEX)%'
services:

8
public/css/default.css
Unescape View File

@ -146,4 +146,12 @@ footer > form > button @@ -146,4 +146,12 @@ footer > form > button
cursor: pointer;
float: right;
padding: 2px 8px;
}
footer > form > output
{
color: #ff6363;
display: block;
font-weight: bolder;
margin-bottom: 16px;
}

3
src/Controller/ModuleController.php
Unescape View File

@ -156,8 +156,9 @@ class ModuleController extends AbstractController @@ -156,8 +156,9 @@ class ModuleController extends AbstractController
[
'enabled' => in_array($request->get('namespace'), $public),
'namespace' => $request->get('namespace'),
'message' => $message,
'user' => $request->get('user'),
'error' => $request->get('error'),
'message' => $message,
'ip' => $request->getClientIp()
]
);

133
src/Controller/RoomController.php
Unescape View File

@ -3,6 +3,7 @@ @@ -3,6 +3,7 @@
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Contracts\Translation\TranslatorInterface;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpFoundation\Response;
@ -165,9 +166,27 @@ class RoomController extends AbstractController @@ -165,9 +166,27 @@ class RoomController extends AbstractController
]
)]
public function post(
Request $request
Request $request,
TranslatorInterface $translator
): Response
{
// Connect memcached
$memcached = new \Memcached();
$memcached->addServer(
$this->getParameter('app.memcached.host'),
$this->getParameter('app.memcached.port')
);
$memory = [
'app.add.post.remote.ip.delay' => md5(
sprintf(
'kevachat.app.add.post.remote.ip.delay:%s.%s',
$this->getParameter('app.name'),
$request->getClientIp(),
),
),
];
// Connect kevacoin
$client = new \Kevachat\Kevacoin\Client(
$this->getParameter('app.kevacoin.protocol'),
@ -188,13 +207,27 @@ class RoomController extends AbstractController @@ -188,13 +207,27 @@ class RoomController extends AbstractController
// Check namespace exist for this wallet
if (!in_array($request->get('namespace'), $namespaces))
{
exit('Namespace not related with this node!');
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => $translator->trans('Namespace not related with this node!')
]
);
}
// Check namespace writable
if (!in_array($request->get('namespace'), (array) explode('|', $this->getParameter('app.kevacoin.room.namespaces'))))
{
exit('Namespace not listed in settings!');
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => $translator->trans('Namespace not listed in settings!')
]
);
}
// Validate access to the room namespace
@ -202,6 +235,7 @@ class RoomController extends AbstractController @@ -202,6 +235,7 @@ class RoomController extends AbstractController
(
// Ignore this rule for is moderators
!in_array(
$request->getClientIp(),
(array) explode('|', $this->getParameter('app.add.post.remote.ip.moderators'))
) &&
@ -212,22 +246,107 @@ class RoomController extends AbstractController @@ -212,22 +246,107 @@ class RoomController extends AbstractController
)
)
{
exit('Namespace for read only!');
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => $translator->trans('Namespace for read only!')
]
);
}
// Deny requests from banned remote hosts
if (in_array($request->getClientIp(), (array) explode('|', $this->getParameter('app.add.post.remote.ip.denied'))))
{
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => $translator->trans('Access denied for this IP!')
]
);
}
// Validate remote IP regex
if (!preg_match($this->getParameter('app.add.post.remote.ip.regex'), $request->getClientIp()))
{
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => $translator->trans('Access not allowed for this IP!')
]
);
}
// Validate remote IP limits
// Validate message regex
if (!preg_match($this->getParameter('app.add.post.value.regex'), $request->get('message')))
{
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => sprintf(
$translator->trans('Message does not match node requirements: %s'),
$this->getParameter('app.add.post.value.regex')
)
]
);
}
// Validate funds
/// Validate remote IP limits
if ($delay = (int) $memcached->get($memory['app.add.post.remote.ip.delay']))
{
// Error
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => sprintf(
$translator->trans('Please wait for %s seconds before post new message!'),
(int) $this->getParameter('app.add.post.remote.ip.delay') - (time() - $delay)
)
]
);
}
/// Validate funds available yet
if (1 > $client->getBalance())
{
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace'),
'message' => $request->get('message'),
'error' => sprintf(
$translator->trans('Insufficient funds, wallet: %s'),
$this->getParameter('app.kevacoin.mine.address')
)
]
);
}
// @TODO Send message to DHT
// Register event time
$memcached->set(
$memory['app.add.post.remote.ip.delay'],
time(),
(int) $this->getParameter('app.add.post.remote.ip.delay')
);
// Redirect back to room
return $this->redirectToRoute(
'room_namespace',
[
'namespace' => $request->get('namespace')
'namespace' => $request->get('namespace'),
'error' => null,
'message' => null
]
);
}

5
templates/default/module/post.html.twig
Unescape View File

@ -1,6 +1,9 @@ @@ -1,6 +1,9 @@
{% if enabled %}
<form name="post" action="{{ path('room_post', { namespace : namespace }) }}" method="post">
<textarea name="message" placeholder="{{ 'enter your message...' | trans }}">{{ message }}</textarea>
{% if error %}
<output name="error" for="form-post-message">{{ error }}</output>
{% endif %}
<textarea name="message" id="form-post-message" placeholder="{{ 'enter your message...' | trans }}">{{ message }}</textarea>
{% if user == 'anonymous' or user != 'ip' %}
<input type="radio" name="user" value="anonymous" id="form-post-user-anonymous" checked="checked" />
{% else %}

2
templates/default/room/index.html.twig
Unescape View File

@ -24,7 +24,7 @@ @@ -24,7 +24,7 @@
</strong>
{% endif %}
&bull;
<a href="#{{ post.txid }}" title="{{ 'time:' | trans }} {{ post.transaction.time }} / {{ 'confirmations:' | trans }} {{ post.transaction.confirmations }}">{{ post.transaction.timestamp | format_ago }}</a>
<a href="{{ path('room_namespace', { namespace : request.get('namespace') }) }}#{{ post.txid }}" title="{{ 'time:' | trans }} {{ post.transaction.time }} / {{ 'confirmations:' | trans }} {{ post.transaction.confirmations }}">{{ post.transaction.timestamp | format_ago }}</a>
&bull;
<a href="{{ path('room_namespace', { namespace : request.get('namespace'), txid : post.txid }) }}#{{ post.txid }}">{{ 'quote' | trans }}</a>
<p>

Write Preview
Loading…
Cancel
Save