~netlandish/links: Add helper to stop bots from tag crawling. Now requests to public profiles, recent, and popular bookmarks pages will require login if they want to filter by more than 2 tags.

2 files changed, 35 insertions(+), 2 deletions(-)

M core/routes.go
M helpers.go

M core/routes.go => core/routes.go +13 -2

@@ 1562,6 1562,12 @@ func (s *Service) OrgLinksCreate(c echo.Context) error {
 // PopularLinkList ...
 func (s *Service) PopularLinkList(c echo.Context) error {
 	gctx := c.(*server.Context)
+
+	err := links.TagAbuseRedirect(c)
+	if err != nil {
+		return err
+	}
+
 	type GraphQLResponse struct {
 		PopularLinks []models.BaseURL `json:"getPopularLinks"`
 	}


@@ 1602,7 1608,7 @@ func (s *Service) PopularLinkList(c echo.Context) error {
 		op.Var("tag", tag)
 	}
 
-	err := links.Execute(links.LangContext(c), op, &result)
+	err = links.Execute(links.LangContext(c), op, &result)
 	if err != nil {
 		if graphError, ok := err.(*gqlclient.Error); ok {
 			err = links.ParseInputErrors(c, graphError, gobwebs.Map{})


@@ 1869,6 1875,11 @@ func (s *Service) OrgLinksList(c echo.Context) error {
 	gctx := c.(*server.Context)
 	user := gctx.User.(*models.User)
 
+	err := links.TagAbuseRedirect(c)
+	if err != nil {
+		return err
+	}
+
 	type GraphQLResponse struct {
 		OrgLinks struct {
 			Result   []models.OrgLink `json:"result"`


@@ 2083,7 2094,7 @@ func (s *Service) OrgLinksList(c echo.Context) error {
 		queries.Add("q", search)
 	}
 
-	err := links.Execute(links.LangContext(c), op, &result)
+	err = links.Execute(links.LangContext(c), op, &result)
 	if err != nil {
 		if graphError, ok := err.(*gqlclient.Error); ok {
 			err = links.ParseInputErrors(c, graphError, gobwebs.Map{})

M helpers.go => helpers.go +22 -0

@@ 42,6 42,7 @@ import (
 	"netlandish.com/x/gobwebs/core"
 	"netlandish.com/x/gobwebs/crypto"
 	"netlandish.com/x/gobwebs/database"
+	"netlandish.com/x/gobwebs/messages"
 	"netlandish.com/x/gobwebs/server"
 	"netlandish.com/x/gobwebs/validate"
 )


@@ 1220,3 1221,24 @@ func StripURLFragment(furl string) string {
 	baseURL.Fragment = ""
 	return baseURL.String()
 }
+
+// TagAbuseRedirct will return a redirect resposne for unauthenticated users
+// who are requesting more than X tags at a time on public pages. This is to
+// help curb bot abuse that is pounding the site.
+func TagAbuseRedirect(c echo.Context) error {
+	gctx := c.(*server.Context)
+	tags := c.QueryParam("tag")
+	if !gctx.User.IsAuthenticated() && tags != "" {
+		ntags := strings.Split(tags, ",")
+		if len(ntags) > 2 {
+			lt := localizer.GetSessionLocalizer(c)
+			messages.Error(c, lt.Translate("Please login to view multiple tag combos (sorry, this is to help stop bot abuse)"))
+			req := c.Request()
+			qs := req.URL.Query()
+			next := url.QueryEscape(fmt.Sprintf("%s?%s", req.URL.Path, qs.Encode()))
+			next = fmt.Sprintf("%s?next=%s", c.Echo().Reverse("accounts:login"), next)
+			return c.Redirect(http.StatusMovedPermanently, next)
+		}
+	}
+	return nil
+}