disposable emails & invisible captcha

rauversion · Nov 30, 2024 · 4b22dfe · 4b22dfe
1 parent a80608a
commit 4b22dfe
Show file tree

Hide file tree

Showing 12 changed files with 101 additions and 5 deletions.
diff --git a/Gemfile b/Gemfile
@@ -87,6 +87,8 @@ gem "rqrcode", "~> 2.0"
 gem "devise"
 gem "devise_invitable"
 gem "omniauth-rails_csrf_protection"
+gem "nondisposable"
+gem "invisible_captcha"
 gem "omniauth", "~> 2.0"
 # gem 'omniauth-zoom'
 # gem "omniauth-github"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -314,6 +314,8 @@ GEM
     image_processing (1.12.2)
       mini_magick (>= 4.9.5, < 5)
       ruby-vips (>= 2.0.17, < 3)
+    invisible_captcha (2.3.0)
+      rails (>= 5.2)
     io-console (0.7.2)
     irb (1.14.1)
       rdoc (>= 4.0.0)
@@ -396,6 +398,8 @@ GEM
     nokogiri (1.16.7)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
+    nondisposable (0.1.0)
+      rails (>= 7.0.0)
     oauth (1.1.0)
       oauth-tty (~> 1.0, >= 1.0.1)
       snaky_hash (~> 2.0)
@@ -674,13 +678,15 @@ DEPENDENCIES
   hotwire_combobox!
   http (~> 5.1)
   image_processing (~> 1.2)
+  invisible_captcha
   jbuilder
   jsbundling-rails
   kaminari
   kredis (~> 1.5)
   mercadopago (~> 2.3)
   meta-tags!
   mrsk (~> 0.15.1)
+  nondisposable
   omniauth (~> 2.0)
   omniauth-discord
   omniauth-google-oauth2

diff --git a/app/controllers/releases_controller.rb b/app/controllers/releases_controller.rb
@@ -38,7 +38,8 @@ def destroy
 
   def find_playlist
     @playlist = Playlist
-      .where(user_id: current_user.id).or(Playlist.where(label_id: current_user.id))
+      .where(user_id: current_user.id)
+      .or(Playlist.where(label_id: current_user.id))
       .friendly.find(params[:playlist_id])
 
     render status: :not_found and return if @playlist.blank?

diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
@@ -4,6 +4,8 @@ class Users::RegistrationsController < Devise::RegistrationsController
   before_action :configure_sign_up_params, only: [:create]
   before_action :configure_account_update_params, only: [:update]
 
+  invisible_captcha only: [:create, :update], on_spam: :spam_callback_method
+
   # GET /resource/sign_up
   # def new
   #   super
@@ -111,4 +113,10 @@ def create_oauth_credential_and_identity(user)
   # def after_inactive_sign_up_path_for(resource)
   #   super(resource)
   # end
+
+  private
+
+  def spam_callback_method
+    redirect_to root_path
+  end
 end
diff --git a/app/jobs/disposable_email_domain_list_update_job.rb b/app/jobs/disposable_email_domain_list_update_job.rb
@@ -0,0 +1,7 @@
+class DisposableEmailDomainListUpdateJob < ApplicationJob
+  queue_as :default
+
+  def perform(*args)
+    Nondisposable::DomainListUpdater.update
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -3,6 +3,8 @@ class User < ApplicationRecord
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   enum :role, { user: 'user', admin: 'admin', artist: 'artist' }
 
+  validates :email, nondisposable: true
+
   devise :invitable, :database_authenticatable, :registerable,
     :recoverable, :rememberable, :validatable, :confirmable,
     :invitable, :omniauthable, :trackable, :lockable

diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb
@@ -82,7 +82,7 @@
 
           <%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
             <% #= render "devise/shared/error_messages", resource: resource %>
-
+            <%= invisible_captcha %>
             
             <div class="field">
               <%= f.text_field :username %>

diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb
@@ -14,14 +14,15 @@
   <div class="mt-6 grid grid-cols-5 gap-3">
 
     <%- if devise_mapping.omniauthable? %>
-      <%- resource_class.omniauth_providers.each do |provider| %>
+      <%- (resource_class.omniauth_providers && [:google_oauth2, :discord]).each do |provider| %>
 
 
-        <div>
+        <div class="col-span-5">
           <%= button_to omniauth_authorize_path(resource_name, provider), data: { turbo: false },
             class: "w-full inline-flex justify-center py-2 px-4 border border-gray-300 dark:border-gray-800 rounded-md shadow-sm bg-default text-sm font-medium border-subtle hover:bg-gray-50 dark:hover:bg-gray-900" do %>
             <span class="sr-only"><%= gettext("Sign in with #{OmniAuth::Utils.camelize(provider)}") %></span>
             <%= raw icon_for(provider) %>
+            <span class="ml-2">Sign in with <%= provider.to_s.gsub("_oauth2", "").humanize %></span>
           <% end %>
         </div>
 

diff --git a/config/initializers/nondisposable.rb b/config/initializers/nondisposable.rb
@@ -0,0 +1,10 @@
+Nondisposable.configure do |config|
+  # Customize the error message if needed
+  # config.error_message = "is not allowed. Please use a non-disposable email address."
+  #
+  # Add custom domains you want to be considered as disposable
+  # config.additional_domains = ['custom-disposable-domain.com']
+  #
+  # Exclude domains that are considered disposable but you want to allow anyways
+  # config.excluded_domains = ['false-positive-domain.com']
+end
diff --git a/db/migrate/20241130003102_create_nondisposable_disposable_domains.rb b/db/migrate/20241130003102_create_nondisposable_disposable_domains.rb
@@ -0,0 +1,21 @@
+class CreateNondisposableDisposableDomains < ActiveRecord::Migration[7.2]
+  def change
+    primary_key_type, foreign_key_type = primary_and_foreign_key_types
+
+    create_table :nondisposable_disposable_domains, id: primary_key_type do |t|
+      t.string :name, null: false, index: { unique: true }
+
+      t.timestamps
+    end
+  end
+
+  private
+
+  def primary_and_foreign_key_types
+    config = Rails.configuration.generators
+    setting = config.options[config.orm][:primary_key_type]
+    primary_key_type = setting || :primary_key
+    foreign_key_type = setting || :bigint
+    [primary_key_type, foreign_key_type]
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
diff --git a/lib/tasks/utils.rake b/lib/tasks/utils.rake
@@ -33,4 +33,35 @@ namespace :utils do
       end
 
   end
+
+
+  # use: rake utils:gen_qr'[url=https://example.com,path=custom-qrcode]'
+  desc "create qr code"
+  task :gen_qr, [:url, :path] do |t, args|
+    require "rqrcode"
+
+    # Set default values if options are not provided
+    url = args[:url]
+    path = "/tmp/#{args[:path]}.png" || "/tmp/#{SecureRandom.hex(4)}.png"
+
+    qrcode = RQRCode::QRCode.new(url)
+
+    # NOTE: showing with default options specified explicitly
+    png = qrcode.as_png(
+      bit_depth: 1,
+      border_modules: 4,
+      color_mode: ChunkyPNG::COLOR_GRAYSCALE,
+      color: "black",
+      file: nil,
+      fill: "white",
+      module_px_size: 6,
+      resize_exactly_to: false,
+      resize_gte_to: false,
+      size: 500
+    )
+
+    IO.binwrite(path, png.to_s)
+    puts "QR code generated at #{path}"
+  end
+
 end