debian-mirror-gitlab/app/services/spam/spam_params.rb

67 lines
3 KiB
Ruby
Raw Normal View History

2021-03-11 19:13:27 +05:30
# frozen_string_literal: true
module Spam
##
# This class is a Parameter Object (https://refactoring.com/catalog/introduceParameterObject.html)
2021-09-30 23:02:18 +05:30
# which acts as an container abstraction for multiple values related to spam and
# captcha processing for a provided HTTP request object.
#
# It is used to encapsulate these values and allow them to be passed from the Controller/GraphQL
# layers down into to the Service layer, without needing to pass the entire request and therefore
# unnecessarily couple the Service layer to the HTTP request.
2021-03-11 19:13:27 +05:30
#
# Values contained are:
#
# captcha_response: The response resulting from the user solving a captcha. Currently it is
# a scalar reCAPTCHA response string, but it can be expanded to an object in the future to
2021-09-30 23:02:18 +05:30
# support other captcha implementations such as FriendlyCaptcha. Obtained from
# request.headers['X-GitLab-Captcha-Response']
# spam_log_id: The id of a SpamLog record. Obtained from request.headers['X-GitLab-Spam-Log-Id']
# ip_address = The remote IP. Obtained from request.env['action_dispatch.remote_ip']
# user_agent = The user agent. Obtained from request.env['HTTP_USER_AGENT']
# referer = The HTTP referer. Obtained from request.env['HTTP_REFERER']
#
# NOTE: The presence of these values in the request is not currently enforced. If they are missing,
# then the spam check may fail, or the SpamLog or UserAgentDetail may have missing fields.
2021-03-11 19:13:27 +05:30
class SpamParams
2021-09-30 23:02:18 +05:30
def self.new_from_request(request:)
2022-05-07 20:08:51 +05:30
self.normalize_grape_request_headers(request: request)
2021-09-30 23:02:18 +05:30
self.new(
captcha_response: request.headers['X-GitLab-Captcha-Response'],
spam_log_id: request.headers['X-GitLab-Spam-Log-Id'],
ip_address: request.env['action_dispatch.remote_ip'].to_s,
user_agent: request.env['HTTP_USER_AGENT'],
referer: request.env['HTTP_REFERER']
)
end
attr_reader :captcha_response, :spam_log_id, :ip_address, :user_agent, :referer
2021-03-11 19:13:27 +05:30
2021-09-30 23:02:18 +05:30
def initialize(captcha_response:, spam_log_id:, ip_address:, user_agent:, referer:)
2021-03-11 19:13:27 +05:30
@captcha_response = captcha_response
@spam_log_id = spam_log_id
2021-09-30 23:02:18 +05:30
@ip_address = ip_address
@user_agent = user_agent
@referer = referer
2021-03-11 19:13:27 +05:30
end
def ==(other)
2021-04-29 21:17:54 +05:30
other.class <= self.class &&
other.captcha_response == captcha_response &&
2021-09-30 23:02:18 +05:30
other.spam_log_id == spam_log_id &&
other.ip_address == ip_address &&
other.user_agent == user_agent &&
other.referer == referer
2021-03-11 19:13:27 +05:30
end
2022-05-07 20:08:51 +05:30
def self.normalize_grape_request_headers(request:)
# If needed, make a normalized copy of Grape headers with the case of 'GitLab' (with an
# uppercase 'L') instead of 'Gitlab' (with a lowercase 'l'), because Grape header helper keys
# are "coerced into a capitalized kebab case". See https://github.com/ruby-grape/grape#request
%w[X-Gitlab-Captcha-Response X-Gitlab-Spam-Log-Id].each do |header|
request.headers[header.gsub('Gitlab', 'GitLab')] = request.headers[header] if request.headers.key?(header)
end
end
2021-03-11 19:13:27 +05:30
end
end