From 5851060eb47d9310b58d2b700fedd3779385ef24 Mon Sep 17 00:00:00 2001 From: Peter Sanchez Date: Fri, 7 Mar 2025 07:16:22 -0600 Subject: [PATCH] Add helper to stop bots from tag crawling. Now requests to public profiles, recent, and popular bookmarks pages will require login if they want to filter by more than 2 tags. Changelog-changed: require login to view recent, popular, or public bookmark pages while filtering by more than 2 tags. Signed-off-by: Peter Sanchez --- core/routes.go | 15 +++++++++++++-- helpers.go | 22 ++++++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/core/routes.go b/core/routes.go index 231e35a..445e8a5 100644 --- a/core/routes.go +++ b/core/routes.go @@ -1562,6 +1562,12 @@ func (s *Service) OrgLinksCreate(c echo.Context) error { // PopularLinkList ... func (s *Service) PopularLinkList(c echo.Context) error { gctx := c.(*server.Context) + + err := links.TagAbuseRedirect(c) + if err != nil { + return err + } + type GraphQLResponse struct { PopularLinks []models.BaseURL `json:"getPopularLinks"` } @@ -1602,7 +1608,7 @@ func (s *Service) PopularLinkList(c echo.Context) error { op.Var("tag", tag) } - err := links.Execute(links.LangContext(c), op, &result) + err = links.Execute(links.LangContext(c), op, &result) if err != nil { if graphError, ok := err.(*gqlclient.Error); ok { err = links.ParseInputErrors(c, graphError, gobwebs.Map{}) @@ -1869,6 +1875,11 @@ func (s *Service) OrgLinksList(c echo.Context) error { gctx := c.(*server.Context) user := gctx.User.(*models.User) + err := links.TagAbuseRedirect(c) + if err != nil { + return err + } + type GraphQLResponse struct { OrgLinks struct { Result []models.OrgLink `json:"result"` @@ -2083,7 +2094,7 @@ func (s *Service) OrgLinksList(c echo.Context) error { queries.Add("q", search) } - err := links.Execute(links.LangContext(c), op, &result) + err = links.Execute(links.LangContext(c), op, &result) if err != nil { if graphError, ok := err.(*gqlclient.Error); ok { err = links.ParseInputErrors(c, graphError, gobwebs.Map{}) diff --git a/helpers.go b/helpers.go index b82b692..25e161c 100644 --- a/helpers.go +++ b/helpers.go @@ -42,6 +42,7 @@ import ( "netlandish.com/x/gobwebs/core" "netlandish.com/x/gobwebs/crypto" "netlandish.com/x/gobwebs/database" + "netlandish.com/x/gobwebs/messages" "netlandish.com/x/gobwebs/server" "netlandish.com/x/gobwebs/validate" ) @@ -1220,3 +1221,24 @@ func StripURLFragment(furl string) string { baseURL.Fragment = "" return baseURL.String() } + +// TagAbuseRedirct will return a redirect resposne for unauthenticated users +// who are requesting more than X tags at a time on public pages. This is to +// help curb bot abuse that is pounding the site. +func TagAbuseRedirect(c echo.Context) error { + gctx := c.(*server.Context) + tags := c.QueryParam("tag") + if !gctx.User.IsAuthenticated() && tags != "" { + ntags := strings.Split(tags, ",") + if len(ntags) > 2 { + lt := localizer.GetSessionLocalizer(c) + messages.Error(c, lt.Translate("Please login to view multiple tag combos (sorry, this is to help stop bot abuse)")) + req := c.Request() + qs := req.URL.Query() + next := url.QueryEscape(fmt.Sprintf("%s?%s", req.URL.Path, qs.Encode())) + next = fmt.Sprintf("%s?next=%s", c.Echo().Reverse("accounts:login"), next) + return c.Redirect(http.StatusMovedPermanently, next) + } + } + return nil +} -- 2.45.3