mastodon/app/models/domain_block.rb

# frozen_string_literal: true

# == Schema Information
#
# Table name: domain_blocks
#
#  id              :bigint(8)        not null, primary key
#  domain          :string           default(""), not null
#  created_at      :datetime         not null
#  updated_at      :datetime         not null
#  severity        :integer          default("silence")
#  reject_media    :boolean          default(FALSE), not null
#  reject_reports  :boolean          default(FALSE), not null
#  private_comment :text
#  public_comment  :text
#  obfuscate       :boolean          default(FALSE), not null
#

class DomainBlock < ApplicationRecord
  include Paginable
  include DomainNormalizable
  include DomainMaterializable

  enum :severity, { silence: 0, suspend: 1, noop: 2 }

  validates :domain, presence: true, uniqueness: true, domain: true

  has_many :accounts, foreign_key: :domain, primary_key: :domain, inverse_of: false, dependent: nil
  delegate :count, to: :accounts, prefix: true

  scope :with_user_facing_limitations, -> { where(severity: [:silence, :suspend]) }
  scope :with_limitations, -> { where(severity: [:silence, :suspend]).or(where(reject_media: true)) }
  scope :by_severity, -> { in_order_of(:severity, %w(noop silence suspend)).order(:domain) }

  def to_log_human_identifier
    domain
  end

  def policies
    if suspend?
      [:suspend]
    else
      [severity.to_sym, reject_media? ? :reject_media : nil, reject_reports? ? :reject_reports : nil].reject { |policy| policy == :noop || policy.nil? }
    end
  end

  class << self
    def suspend?(domain)
      !!rule_for(domain)&.suspend?
    end

    def silence?(domain)
      !!rule_for(domain)&.silence?
    end

    def reject_media?(domain)
      !!rule_for(domain)&.reject_media?
    end

    def reject_reports?(domain)
      !!rule_for(domain)&.reject_reports?
    end

    alias blocked? suspend?

    def rule_for(domain)
      return if domain.blank?

      uri      = Addressable::URI.new.tap { |u| u.host = domain.strip.delete('/') }
      segments = uri.normalized_host.split('.')
      variants = segments.map.with_index { |_, i| segments[i..].join('.') }

      where(domain: variants).by_domain_length.first
    rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
      nil
    end
  end

  def stricter_than?(other_block)
    return true  if suspend?
    return false if other_block.suspend? && (silence? || noop?)
    return false if other_block.silence? && noop?

    (reject_media || !other_block.reject_media) && (reject_reports || !other_block.reject_reports)
  end

  def public_domain
    return domain unless obfuscate?

    length        = domain.size
    visible_ratio = length / 4

    domain.chars.map.with_index do |chr, i|
      if i > visible_ratio && i < length - visible_ratio && chr != '.'
        '*'
      else
        chr
      end
    end.join
  end

  def domain_digest
    Digest::SHA256.hexdigest(domain)
  end
end
Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 07:56:29 -08:00			`# frozen_string_literal: true`
Autofix Rubocop remaining Layout rules (#23679) 2023-02-19 21:58:28 -08:00
annotate models (#2697) * add annotate to Gemfile * rails g annotate:install * configure annotate_models * add schema info to models * fix rubocop to add frozen_string_literal 2017-05-01 17:14:47 -07:00			`# == Schema Information`
			`#`
			`# Table name: domain_blocks`
			`#`
Add domain block notes (#11515) * Add database columns for adding notes to domain blocks/restrctions * Add admin UI to set private and public comments when blocking a domain * Add text for private and public comments on domain blocks * Show domain block comments in admin UI * Add comments to the domain block undo page * Make UnblockDomainService more robust regarding upgraded domain blocks * Allow editing domain blocks * Rename button from “undo domain block” to “view domain block” in account admin UI * Change test to unsilence silenced users from upgraded blocks 2019-08-07 11:20:23 -07:00			`# id :bigint(8) not null, primary key`
			`# domain :string default(""), not null`
			`# created_at :datetime not null`
			`# updated_at :datetime not null`
			`# severity :integer default("silence")`
			`# reject_media :boolean default(FALSE), not null`
			`# reject_reports :boolean default(FALSE), not null`
			`# private_comment :text`
			`# public_comment :text`
Add option to obfuscate domain name in public list of domain blocks (#15355) - Replace the middle of the domain with * characters (except for periods) - Add SHA-256 digest of the domain name in tooltip 2020-12-17 23:30:41 -08:00			`# obfuscate :boolean default(FALSE), not null`
annotate models (#2697) * add annotate to Gemfile * rails g annotate:install * configure annotate_models * add schema info to models * fix rubocop to add frozen_string_literal 2017-05-01 17:14:47 -07:00			`#`
Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 07:56:29 -08:00
Adding domain blocks 2016-10-09 05:48:43 -07:00			`class DomainBlock < ApplicationRecord`
Add /api/v1/admin/domain_blocks (#18247) * Add /api/v1/admin/domain_blocks Fixes #18140 - `GET /api/v1/admin/domain_blocks` lists domain blocks - `GET /api/v1/admin/domain_blocks/:id` shows one by ID - `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block - `POST /api/v1/admin/domain_blocks` to create a new domain block: if it conflicts with an existing one, returns an error with an attribute `existing_domain_block` with the rendered domain block * Simplify conflict handling as suggested in review 2022-06-01 08:31:36 -07:00			`include Paginable`
Create DomainNormalizable#normalize_domain (#9631) 2018-12-25 21:38:42 -08:00			`include DomainNormalizable`
Fix performance on instances list in admin UI (#15282) - Reduce duplicate queries - Remove n+1 queries - Add accounts count to detailed view - Add separate action log entry for updating existing domain blocks 2020-12-14 00:06:34 -08:00			`include DomainMaterializable`
Create DomainNormalizable#normalize_domain (#9631) 2018-12-25 21:38:42 -08:00
Update enum syntax to use the new Rails 7.0 style (#29217) 2024-02-16 06:54:23 -08:00			`enum :severity, { silence: 0, suspend: 1, noop: 2 }`
Domain blocks now have varying severity - auto-suspend vs auto-silence 2017-01-23 08:38:38 -08:00
Fix crash when saving invalid domain name (#11528) Fix #7629 2019-08-08 14:04:19 -07:00			`validates :domain, presence: true, uniqueness: true, domain: true`
Adding domain blocks 2016-10-09 05:48:43 -07:00
Add explicit `dependent: nil` to associations (#28169) 2023-12-01 07:52:47 -08:00			`has_many :accounts, foreign_key: :domain, primary_key: :domain, inverse_of: false, dependent: nil`
I18n health warnings (#1949) * Rename admin.domain_block to admin.domain_blocks in prep for i18n improvement * Use implicit controller/action path for i18n in admin/domain_blocks * Add DomainBlock#accounts has_many * Avoid i18n health warning for `en` locale by using symbol scope with :count * Remove unused i18n key: plaintext_secret_html * Remove unused i18n key two_factor_auth.warning * Remove final will_paginate i18n keys * Remove unused key two_factor_auth.recovery_codes * Remove unused key: admin.reports.comment.none * Remove unused reports. i18n namespace (moved to admin.reports) * Ignore keys from locales which override activemodel and activerecord errors * Revert "Remove unused key: admin.reports.comment.none" This reverts commit 350ef2685fadc069e619bb6d1066190de195d942. * Update i18n key reference to match moved location * Add missing `en` keys to i18n * Tell i18n-tasks to ignore missing attributes that dont need overwriting * Add i18n-tasks unused to travis 2017-04-16 10:37:01 -07:00			`delegate :count, to: :accounts, prefix: true`

Change about page to be mounted in the web UI (#19345) 2022-10-13 05:42:37 -07:00			`scope :with_user_facing_limitations, -> { where(severity: [:silence, :suspend]) }`
Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597) * Allow import/export of instance-level domain blocks/allows (#1754) * Allow import/export of instance-level domain blocks/allows. Fixes #15095 * Pacify circleci * Address simple code review feedback * Add headers to exported CSV * Extract common import/export functionality to AdminExportControllerConcern * Add additional fields to instance-blocked domain export * Address review feedback * Split instance domain block/allow import/export into separate pages/controllers * Address code review feedback * Pacify DeepSource * Work around Paperclip::HasAttachmentFile for Rails 6 * Fix deprecated API warning in export tests * Remove after_commit workaround (cherry picked from commit 94e98864e39c010635e839fea984f2b4893bef1a) * Add confirmation page when importing blocked domains (#1773) * Move glitch-soc-specific strings to glitch-soc-specific locale files * Add confirmation page when importing blocked domains (cherry picked from commit b91196f4b73fff91997b8077619ae25b6d04a59e) * Fix authorization check in domain blocks controller (cherry picked from commit 75279377583c6e2aa04cc8d7380c593979630b38) * Fix error strings for domain blocks and email-domain blocks Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's" * Ran i18n-tasks normalize to address test failure * Removed unused admin.export_domain_blocks.not_permitted string Removing unused string as indicated by Check i18n * Fix tests (cherry picked from commit 9094c2f52c24e1c00b594e7c11cd00e4a07eb431) * Fix domain block export not exporting blocks with only media rejection (cherry picked from commit 26ff48ee48a5c03a2a4b0bd03fd322529e6bd960) * Fix various issues with domain block import - stop using Paperclip for processing domain allow/block imports - stop leaving temporary files - better error handling - assume CSV files are UTF-8-encoded (cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902) Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2022-11-17 02:05:09 -08:00			`scope :with_limitations, -> { where(severity: [:silence, :suspend]).or(where(reject_media: true)) }`
Use Arel `in_order_of` method to generate CASE for `DomainBlock.by_severity` (#28617) 2024-01-08 03:15:36 -08:00			`scope :by_severity, -> { in_order_of(:severity, %w(noop silence suspend)).order(:domain) }`
Add domain search/filter to the "Federation" (/admin/instances) page (#10071) 2019-02-18 05:59:19 -08:00
Add audit log entries for user roles (#19040) * Refactor audit log schema * Add audit log entries for user roles 2022-08-25 11:39:40 -07:00			`def to_log_human_identifier`
			`domain`
			`end`

Change design of federation pages in admin UI (#17704) * Change design of federation pages in admin UI * Fix query performance in instance media attachments measure * Fix reblogs being included in instance languages dimension 2022-03-08 23:52:32 -08:00			`def policies`
			`if suspend?`
Fix a type error in domain_block policies (#17735) 2022-03-09 19:10:20 -08:00			`[:suspend]`
Change design of federation pages in admin UI (#17704) * Change design of federation pages in admin UI * Fix query performance in instance media attachments measure * Fix reblogs being included in instance languages dimension 2022-03-08 23:52:32 -08:00			`else`
			`[severity.to_sym, reject_media? ? :reject_media : nil, reject_reports? ? :reject_reports : nil].reject { \|policy\| policy == :noop \|\| policy.nil? }`
			`end`
			`end`

Change domain blocks to automatically support subdomains (#11138) * Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style 2019-06-21 15:13:10 -07:00			`class << self`
			`def suspend?(domain)`
			`!!rule_for(domain)&.suspend?`
			`end`

			`def silence?(domain)`
			`!!rule_for(domain)&.silence?`
			`end`

			`def reject_media?(domain)`
			`!!rule_for(domain)&.reject_media?`
			`end`

			`def reject_reports?(domain)`
			`!!rule_for(domain)&.reject_reports?`
			`end`

			`alias blocked? suspend?`

			`def rule_for(domain)`
			`return if domain.blank?`

Autofix Rubocop Regex Style rules (#23690) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2023-06-06 05:50:51 -07:00			`uri = Addressable::URI.new.tap { \|u\| u.host = domain.strip.delete('/') }`
Change domain blocks to automatically support subdomains (#11138) * Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style 2019-06-21 15:13:10 -07:00			`segments = uri.normalized_host.split('.')`
Fix `Style/SlicingWithRange` cop (#25923) 2023-07-12 01:03:06 -07:00			`variants = segments.map.with_index { \|_, i\| segments[i..].join('.') }`
Change domain blocks to automatically support subdomains (#11138) * Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style 2019-06-21 15:13:10 -07:00
Extract `by_domain_length` scope in `DomainNormalizable` concern (#29517) 2024-03-12 06:09:11 -07:00			`where(domain: variants).by_domain_length.first`
Fix admin page crashing when trying to block an invalid domain name (#13884) * Fix admin page crashing when trying to block an invalid domain name Fixes #13880 * Fix trailing and leading spaces not being properly stripped for domain blocks 2020-05-31 18:47:20 -07:00			`rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError`
			`nil`
Change domain blocks to automatically support subdomains (#11138) * Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style 2019-06-21 15:13:10 -07:00			`end`
Adding domain blocks 2016-10-09 05:48:43 -07:00			`end`
Provide a link to existing domain block when trying to block an already-blocked domain (#10663) * When trying to block an already-blocked domain, provide a link to the block * Fix styling for links in flash messages * Allow blocks to be upgraded but not downgraded 2019-05-03 11:36:36 -07:00
			`def stricter_than?(other_block)`
Change domain blocks to automatically support subdomains (#11138) * Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style 2019-06-21 15:13:10 -07:00			`return true if suspend?`
Provide a link to existing domain block when trying to block an already-blocked domain (#10663) * When trying to block an already-blocked domain, provide a link to the block * Fix styling for links in flash messages * Allow blocks to be upgraded but not downgraded 2019-05-03 11:36:36 -07:00			`return false if other_block.suspend? && (silence? \|\| noop?)`
			`return false if other_block.silence? && noop?`
Change domain blocks to automatically support subdomains (#11138) * Change domain blocks to automatically support subdomains If a more authoritative domain is blocked (example.com), then the same block will be applied to a subdomain (foo.example.com) * Match subdomains of existing accounts when blocking/unblocking domains * Improve code style 2019-06-21 15:13:10 -07:00
Provide a link to existing domain block when trying to block an already-blocked domain (#10663) * When trying to block an already-blocked domain, provide a link to the block * Fix styling for links in flash messages * Allow blocks to be upgraded but not downgraded 2019-05-03 11:36:36 -07:00			`(reject_media \|\| !other_block.reject_media) && (reject_reports \|\| !other_block.reject_reports)`
			`end`
Record account suspend/silence time and keep track of domain blocks (#10660) * Record account suspend/silence time and keep track of domain blocks * Also unblock users who were suspended/silenced before dates were recorded * Add tests * Keep track of suspending date for users suspended through the CLI * Show accurate number of accounts that would be affected by unsuspending an instance * Change migration to set silenced_at and suspended_at * Revert "Also unblock users who were suspended/silenced before dates were recorded" This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c. * Switch from using suspended and silenced to suspended_at and silenced_at * Add post-deployment migration script to remove `suspended` and `silenced` columns * Use Account#silence! and Account#suspend! instead of updating the underlying property * Add silenced_at and suspended_at migration to post-migration * Change account fabricator to translate suspended and silenced attributes * Minor fixes * Make unblocking domains always retroactive 2019-05-14 10:05:02 -07:00
Add option to obfuscate domain name in public list of domain blocks (#15355) - Replace the middle of the domain with * characters (except for periods) - Add SHA-256 digest of the domain name in tooltip 2020-12-17 23:30:41 -08:00			`def public_domain`
			`return domain unless obfuscate?`

			`length = domain.size`
			`visible_ratio = length / 4`

			`domain.chars.map.with_index do \|chr, i\|`
			`if i > visible_ratio && i < length - visible_ratio && chr != '.'`
			`'*'`
			`else`
			`chr`
			`end`
			`end.join`
			`end`

			`def domain_digest`
			`Digest::SHA256.hexdigest(domain)`
			`end`
Adding domain blocks 2016-10-09 05:48:43 -07:00			`end`