Mirrors/astuto
1
0
Fork 0
mirror of https://github.com/astuto/astuto.git synced 2025-12-15 19:27:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Various improvements (#383)

Browse Source 
* Improve moderation page style
* Increase ban period of anti-spam measures to 1 hour
* Fix i18n fallbacks in production
* Add EMAIL_MAIL_REPLY_TO env variable support
This commit is contained in:
Riccardo Graziosi
2024-07-16 17:30:23 +02:00
committed by GitHub
parent a49b5695f5
commit 426d65df63
8 changed files with 23 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/environments/development.rb
View File

@@ -60,7 +60,7 @@ Rails.application.configure do
config.action_mailer.default_options = {
from: ENV.fetch("EMAIL_MAIL_FROM", "noreply@astuto.io"),
reply_to: "noreply@astuto.io"
reply_to: ENV.fetch("EMAIL_MAIL_REPLY_TO", "noreply@astuto.io")
}
# Store uploaded files on the local file system (see config/storage.yml for options).

4
config/environments/production.rb
View File

@@ -84,12 +84,12 @@ Rails.application.configure do
config.action_mailer.default_options = {
from: ENV.fetch("EMAIL_MAIL_FROM", "noreply@astuto.io"),
reply_to: "noreply@astuto.io"
reply_to: ENV.fetch("EMAIL_MAIL_REPLY_TO", "noreply@astuto.io")
}
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
# the I18n.default_locale when a translation cannot be found).
config.i18n.fallbacks = true
config.i18n.fallbacks = [:en]
# Send deprecation notices to registered listeners.
config.active_support.deprecation = :notify

6
config/initializers/rack_attack.rb
View File

@@ -58,7 +58,7 @@ class Rack::Attack
end
# Throttle POST requests to /posts by IP address using anti-spam measures
throttle('posts/ip', limit: 1, period: 1.minute) do |req|
throttle('posts/ip', limit: 1, period: 1.hour) do |req|
if req.path == '/posts' && req.post?
ip = req.get_header("action_dispatch.remote_ip")
real_req = ActionDispatch::Request.new(req.env) # Needed to parse JSON body
@@ -67,10 +67,10 @@ class Rack::Attack
honeypot_filled = real_req.params['post']['dnf1'] != "" || real_req.params['post']['dnf2'] != ""
# Check for time of form render
too_fast_submit = Time.now.to_i - real_req.params[:post][:form_rendered_at] < 3
too_fast_submit = Time.now.to_i - real_req.params[:post][:form_rendered_at] < 2
if honeypot_filled || too_fast_submit
Rack::Attack.cache.store.write("post-submit-antispam-#{ip}", true, expires_in: 1.minute)
Rack::Attack.cache.store.write("post-submit-antispam-#{ip}", true, expires_in: 1.hour)
end
# Block if this IP was previously flagged