Add anonymous feedback (#380)

config/initializers/rack_attack.rb

@@ -57,6 +57,29 @@ class Rack::Attack
     end
   end
 
+  # Throttle POST requests to /posts by IP address using anti-spam measures
+  throttle('posts/ip', limit: 1, period: 1.minute) do |req|
+    if req.path == '/posts' && req.post?
+      ip = req.get_header("action_dispatch.remote_ip")
+      real_req = ActionDispatch::Request.new(req.env) # Needed to parse JSON body
+  
+      # Check for honeypot field submission
+      honeypot_filled = real_req.params['post']['dnf1'] != "" || real_req.params['post']['dnf2'] != ""
+
+      # Check for time of form render
+      too_fast_submit = Time.now.to_i - real_req.params[:post][:form_rendered_at] < 3
+  
+      if honeypot_filled || too_fast_submit
+        Rack::Attack.cache.store.write("post-submit-antispam-#{ip}", true, expires_in: 1.minute)
+      end
+  
+      # Block if this IP was previously flagged
+      if Rack::Attack.cache.store.read("post-submit-antispam-#{ip}")
+        ip
+      end
+    end
+  end
+
   ### Custom Throttle Response ###
 
   # By default, Rack::Attack returns an HTTP 429 for throttled responses,

config/locales/backend/backend.en.yml

@@ -109,6 +109,10 @@ en:
       post:
         title: 'Title'
         description: 'Description'
+        approval_status: 'Approval status'
+        approval_status_approved: 'Approved'
+        approval_status_pending: 'Pending approval'
+        approval_status_rejected: 'Rejected'
         board_id: 'Post board'
         user_id: 'Post author'
         post_status_id: 'Post status'
@@ -120,6 +124,8 @@ en:
         custom_domain: 'Custom domain'
       tenant_setting:
         brand_display: 'Display'
+        allow_anonymous_feedback: 'Allow anonymous feedback'
+        feedback_approval_policy: 'Feedback approval policy'
         show_vote_count: 'Show vote count to users'
         show_vote_button_in_board: 'Show vote buttons in board page'
         show_powered_by: 'Show "Powered by Astuto"'

config/locales/en.yml

@@ -1,5 +1,7 @@
 en:
   common:
+    words:
+      or: 'or'
     errors:
       unknown: 'An unknown error occurred, please try again'
     validations:
@@ -65,6 +67,8 @@ en:
       back: 'Back'
       test: 'Test'
       clear: 'Clear'
+      approve: 'Approve'
+      reject: 'Reject'
     datetime:
       now: 'just now'
       minutes:
@@ -80,6 +84,7 @@ en:
     menu:
       administration_header: 'Administration'
       site_settings: 'Site settings'
+      moderation: 'Moderation'
       profile_header: 'Profile'
       profile_settings: 'Profile settings'
       help_header: 'Help'
@@ -97,12 +102,16 @@ en:
   board:
     new_post:
       submit_button: 'Submit feedback'
+      submit_anonymous_button: 'Submit anonymously'
       cancel_button: 'Cancel'
       login_button: 'Log in / Sign up'
       title: 'Title'
       description: 'Description (optional)'
       no_title: 'Title field is mandatory'
+      anonymous_submission_help: 'You are posting anonymously'
+      non_anonymous_submission_help: 'You are posting as %{name}'
       submit_success: 'Feedback published! You will be redirected soon...'
+      submit_pending: 'Your feedback has been submitted and is now pending moderator approval!'
     search_box:
       title: 'Search'
     filter_box:
@@ -122,6 +131,7 @@ en:
   post:
     edit_button: 'Edit'
     published_by: 'Published by'
+    published_anonymously: 'Published anonymously'
     post_status_select:
       no_post_status: 'None'
     updates_box:
@@ -153,7 +163,6 @@ en:
       boards: 'Boards'
       post_statuses: 'Statuses'
       roadmap: 'Roadmap'
-      users: 'Users'
       authentication: 'Authentication'
       appearance: 'Appearance'
     info_box:
@@ -166,6 +175,12 @@ en:
       brand_setting_name: 'Name only'
       brand_setting_logo: 'Logo only'
       brand_setting_none: 'None'
+      subtitle_moderation: 'Moderation'
+      allow_anonymous_feedback_help: 'Unregistered users will be able to submit feedback.'
+      feedback_approval_policy_anonymous_require_approval: 'Require approval for anonymous feedback only'
+      feedback_approval_policy_never_require_approval: 'Never require approval'
+      feedback_approval_policy_always_require_approval: 'Always require approval'
+      feedback_approval_policy_help: 'If you require approval, submitted feedback will remain hidden from the public until a moderator or administrator approves it. Feedback submitted by moderators and administrators is always approved automatically.'
       subtitle_header: 'Header'
       collapse_boards_in_header_no_collapse: 'Never'
       collapse_boards_in_header_always_collapse: 'Always'
@@ -195,21 +210,6 @@ en:
     appearance:
       title: 'Appearance'
       learn_more: 'Learn how to customize appearance'
-    users:
-      title: 'Users'
-      block: 'Block'
-      unblock: 'Unblock'
-      block_confirmation: "%{name} won't be able to log in until it is unblocked. Are you sure?"
-      unblock_confirmation: "%{name} will be able to log in and submit feedback. Are you sure?"
-      role_to_moderator_confirmation: "%{name} will be able to manage posts and users. Proceed only if you trust this person. Are you sure?"
-      role_to_admin_confirmation: "%{name} will be able to manage boards, posts, statuses, users and more. Proceed only if you trust this person. Are you sure?"
-      role_user: 'User'
-      role_moderator: 'Moderator'
-      role_admin: 'Administrator'
-      role_owner: 'Owner'
-      status_active: 'Active'
-      status_blocked: 'Blocked'
-      status_deleted: 'Deleted'
     authentication:
       title: 'Authentication'
       learn_more: 'Learn how to configure custom OAuth providers'
@@ -230,3 +230,26 @@ en:
         subtitle_oauth_config: 'OAuth configuration'
         subtitle_user_profile_config: 'User profile configuration'
         client_secret_help: 'hidden for security purposes'
+  moderation:
+    menu:
+      feedback: 'Feedback'
+      users: 'Users'
+    feedback:
+      anonymous_feedback_allowed: 'Anonymous feedback allowed'
+      anonymous_feedback_not_allowed: 'Anonymous feedback not allowed'
+      change_feedback_moderation_settings: 'Change feedback moderation settings'
+    users:
+      title: 'Users'
+      block: 'Block'
+      unblock: 'Unblock'
+      block_confirmation: "%{name} won't be able to log in until it is unblocked. Are you sure?"
+      unblock_confirmation: "%{name} will be able to log in and submit feedback. Are you sure?"
+      role_to_moderator_confirmation: "%{name} will be able to manage posts and users. Proceed only if you trust this person. Are you sure?"
+      role_to_admin_confirmation: "%{name} will be able to manage boards, posts, statuses, users and more. Proceed only if you trust this person. Are you sure?"
+      role_user: 'User'
+      role_moderator: 'Moderator'
+      role_admin: 'Administrator'
+      role_owner: 'Owner'
+      status_active: 'Active'
+      status_blocked: 'Blocked'
+      status_deleted: 'Deleted'

config/routes.rb

@@ -55,6 +55,8 @@ Rails.application.routes.draw do
       resources :likes, only: [:index]
       resources :comments, only: [:index, :create, :update, :destroy]
       resources :post_status_changes, only: [:index]
+
+      get '/moderation', on: :collection, to: 'posts#moderation'
     end
     
     resources :boards, only: [:index, :create, :update, :destroy, :show] do
@@ -72,6 +74,10 @@ Rails.application.routes.draw do
       get 'post_statuses'
       get 'roadmap'
       get 'appearance'
+    end
+
+    namespace :moderation do
+      get 'feedback'
       get 'users'
     end
   end