From 4e1c9f37668c3d53a05703813aa69ae4f987d488 Mon Sep 17 00:00:00 2001 From: lorenzo farnararo Date: Tue, 10 Sep 2024 22:18:51 +0200 Subject: [PATCH 1/2] add capcha gem --- Gemfile | 2 ++ Gemfile.lock | 5 +++++ config/initializers/rucaptcha.rb | 31 +++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+) create mode 100644 config/initializers/rucaptcha.rb diff --git a/Gemfile b/Gemfile index 0844d965..94e13d41 100644 --- a/Gemfile +++ b/Gemfile @@ -91,3 +91,5 @@ gem 'mina' gem 'lograge' # for listening to file modifications gem 'listen' +# capcha +gem 'rucaptcha' diff --git a/Gemfile.lock b/Gemfile.lock index 0c54aa6f..87f64c21 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -268,6 +268,7 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.11.1) ffi (~> 1.0) + rb_sys (0.9.102) redcarpet (3.6.0) regexp_parser (2.9.2) request_store (1.7.0) @@ -322,6 +323,9 @@ GEM rubocop (~> 1.61) ruby-progressbar (1.13.0) rubyzip (2.3.2) + rucaptcha (3.2.3) + railties (>= 3.2) + rb_sys (>= 0.9.86) sass-rails (6.0.0) sassc-rails (~> 2.1, >= 2.1.1) sassc (2.4.0) @@ -436,6 +440,7 @@ DEPENDENCIES rubocop-factory_bot rubocop-rails rubocop-rspec + rucaptcha sass-rails selectize-rails sentry-rails diff --git a/config/initializers/rucaptcha.rb b/config/initializers/rucaptcha.rb new file mode 100644 index 00000000..5eeeeb76 --- /dev/null +++ b/config/initializers/rucaptcha.rb @@ -0,0 +1,31 @@ +RuCaptcha.configure do + # Custom captcha code expire time if you need, default: 2 minutes + # self.expires_in = 120 + + # [Requirement / 重要] + # Store Captcha code where, this config more like Rails config.cache_store + # default: Read config info from `Rails.application.config.cache_store` + # But RuCaptcha requirements cache_store not in [:null_store, :memory_store, :file_store] + # 默认:会从 Rails 配置的 cache_store 里面读取相同的配置信息,并尝试用可以运行的方式,用于存储验证码字符 + # 但如果是 [:null_store, :memory_store, :file_store] 之类的,你可以通过下面的配置项单独给 RuCaptcha 配置 cache_store + self.cache_store = :mem_cache_store + + # If you wants disable `cache_store` check warning, you can do it, default: false + # 如果想要 disable cache_store 的 warning,就设置为 true,default false + # self.skip_cache_store_check = true + + # Chars length, default: 5, allows: [3 - 7] + # self.length = 5 + + # Enable or disable Strikethrough, default: true + # self.line = true + + # Enable or disable noise, default: false + # self.noise = false + + # Set the image format, default: png, allows: [jpeg, png, webp] + # self.format = 'png' + + # Custom mount path, default: '/rucaptcha' + # self.mount_path = '/rucaptcha' +end From fb7673236896fb042ddd3bb56fd9c3d4bae0c532 Mon Sep 17 00:00:00 2001 From: lorenzo farnararo Date: Wed, 11 Sep 2024 09:56:03 +0200 Subject: [PATCH 2/2] fix typos and add rucaptcha check in creation of comments --- Gemfile | 4 ++-- app/controllers/comments_controller.rb | 2 +- app/views/comments/_form.html.haml | 2 ++ config/environments/development.rb | 2 +- config/initializers/rucaptcha.rb | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 94e13d41..df2e38af 100644 --- a/Gemfile +++ b/Gemfile @@ -50,7 +50,7 @@ gem 'jquery-rails' gem 'js_cookie_rails' # as templating language gem 'haml-rails' -# as authentification framework +# as authentication framework gem 'devise' gem 'devise_ichain_authenticatable' # as authorization framework @@ -87,7 +87,7 @@ gem 'rails-controller-testing', group: %i[development test] gem 'rspec-rails', group: %i[development test] # as deployer gem 'mina' -# as the log formater +# as the log formatter gem 'lograge' # for listening to file modifications gem 'listen' diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index 87c47a14..7df6152d 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -13,7 +13,7 @@ def create @comment = @parent.comments.build(comment_params) @comment.commenter = current_user - if @comment.save + if verify_rucaptcha? && @comment.save @comment.send_notification(current_user, " commented on #{@comment.project.aasm_state}: #{@comment.project.title}") redirect_to project_path(@comment.project), notice: 'Thank you for your comment!' diff --git a/app/views/comments/_form.html.haml b/app/views/comments/_form.html.haml index 61a9e868..f25285ce 100644 --- a/app/views/comments/_form.html.haml +++ b/app/views/comments/_form.html.haml @@ -19,5 +19,7 @@ = icon('fas', 'spinner pulse 3x') .preview-contents.hidden %p + = rucaptcha_input_tag(class: 'form-control', placeholder: 'Input Captcha', required: 'required') + = rucaptcha_image_tag(alt: 'Captcha') = f.submit(class: "btn btn-success pull-right")   diff --git a/config/environments/development.rb b/config/environments/development.rb index e4ad024b..a092e82e 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -60,6 +60,6 @@ # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true - # Enable authentification test mode + # Enable authentication test mode config.devise.ichain_test_mode = true end diff --git a/config/initializers/rucaptcha.rb b/config/initializers/rucaptcha.rb index 5eeeeb76..2c8a1ebb 100644 --- a/config/initializers/rucaptcha.rb +++ b/config/initializers/rucaptcha.rb @@ -8,7 +8,7 @@ # But RuCaptcha requirements cache_store not in [:null_store, :memory_store, :file_store] # 默认:会从 Rails 配置的 cache_store 里面读取相同的配置信息,并尝试用可以运行的方式,用于存储验证码字符 # 但如果是 [:null_store, :memory_store, :file_store] 之类的,你可以通过下面的配置项单独给 RuCaptcha 配置 cache_store - self.cache_store = :mem_cache_store + self.cache_store = :file_store # If you wants disable `cache_store` check warning, you can do it, default: false # 如果想要 disable cache_store 的 warning,就设置为 true,default false