Merge remote-tracking branch 'origin/main' into feature/047

backend/app/controllers/application_controller.rb

@@ -1,14 +1,16 @@
 class ApplicationController < ActionController::API
+  before_action :reject_banned_ip_address!
   before_action :authenticate_user
+  before_action :reject_banned_user!
 
-  def current_user
-    @current_user
-  end
+  def current_user = @current_user
 
   private
 
   def authenticate_user
     code = request.headers['X-Transfer-Code'] || request.headers['HTTP_X_TRANSFER_CODE']
+    return if code.blank?
+
     @current_user = User.find_by(inheritance_code: code)
   end
 
@@ -22,4 +24,17 @@ class ApplicationController < ActionController::API
       s.in?(['', '1', 'true', 'on', 'yes'])
     end
   end
+
+  def reject_banned_ip_address!
+    ip_address = IpAddress.find_by(ip_address: IPAddr.new(request.remote_ip).hton)
+    return unless ip_address&.banned?
+
+    head :forbidden
+  end
+
+  def reject_banned_user!
+    return unless current_user&.banned?
+
+    head :forbidden
+  end
 end

backend/app/controllers/tags_controller.rb

@@ -1,3 +1,7 @@
+require 'net/http'
+require 'uri'
+
+
 class TagsController < ApplicationController
   def index
     post_id = params[:post]
@@ -182,7 +186,8 @@ class TagsController < ApplicationController
              .find_by(id: params[:id])
     return head :not_found unless tag
 
-    render json: DeerjikistRepr.many(tag.deerjikists)
+    render json: { tag: TagRepr.base(tag),
+                   deerjikists: DeerjikistRepr.many(tag.deerjikists) }
   end
 
   def deerjikists_by_name
@@ -194,7 +199,31 @@ class TagsController < ApplicationController
              .find_by(tag_names: { name: })
     return head :not_found unless tag
 
-    render json: DeerjikistRepr.many(tag.deerjikists)
+    render json: { tag: TagRepr.base(tag),
+                   deerjikists: DeerjikistRepr.many(tag.deerjikists) }
+  end
+
+  def update_deerjikists
+    return head :unauthorized unless current_user
+    return head :forbidden unless current_user.gte_member?
+
+    tag = Tag.joins(:tag_name)
+             .includes(:tag_name, tag_name: :wiki_page)
+             .find_by(id: params[:id])
+    return head :not_found unless tag
+
+    ApplicationRecord.transaction do
+      tag.deerjikists = []
+      params[:_json].each do
+        platform = _1[:platform]
+        code = normalise_deerjikist_code(platform, _1[:code])
+        deerjikist = Deerjikist.find_or_initialize_by(platform:, code:)
+        deerjikist.tag = tag
+        deerjikist.save!
+      end
+    end
+
+    render json: DeerjikistRepr.many(tag.reload.deerjikists)
   end
 
   def materials_by_name
@@ -391,4 +420,21 @@ class TagsController < ApplicationController
       TagImplication.create!(tag:, parent_tag:)
     end
   end
+
+  def normalise_deerjikist_code platform, code
+    return code if platform != 'youtube' || code[0] != '@'
+
+    url = "https://www.youtube.com/#{ code }"
+
+    html = Net::HTTP.get(URI(url))
+
+    canonical = html[
+        /<link rel="canonical" href="https:\/\/www\.youtube\.com\/channel\/(UC[a-zA-Z0-9_-]{22})"/,
+        1]
+    return canonical if canonical
+
+    html[/"channelId":"(UC[a-zA-Z0-9_-]{22})"/, 1] || html[/\bUC[a-zA-Z0-9_-]{22}\b/]
+  rescue
+    nil
+  end
 end

backend/app/controllers/users_controller.rb

@@ -1,9 +1,6 @@
 class UsersController < ApplicationController
   def create
-    return head :unprocessable_entity if request.remote_ip.blank?
-
     user = nil
-
     User.transaction do
       user = User.create!(inheritance_code: SecureRandom.uuid, role: :guest)
       attach_ip_address!(user)
@@ -17,8 +14,7 @@ class UsersController < ApplicationController
   def verify
     user = User.find_by(inheritance_code: params[:code])
     return render json: { valid: false } unless user
-
-    return head :unprocessable_entity if request.remote_ip.blank?
+    return head :forbidden if user.banned?
 
     attach_ip_address!(user)