eBooru/app/controllers/iqdb_queries_controller.rb

# frozen_string_literal: true

class IqdbQueriesController < ApplicationController
  respond_to :html, :json
  # Show uses POST because it needs a file parameter. This would be GET otherwise.
  skip_forgery_protection only: :show
  before_action :validate_enabled

  def show
    # Allow legacy ?post_id=123 parameters
    search_params = params[:search].presence || params
    throttle(search_params)

    @matches = []
    if search_params[:file].present?
      @matches = IqdbProxy.query_file(search_params[:file].tempfile, search_params[:score_cutoff])
    elsif search_params[:url].present?
      parsed_url = Addressable::URI.heuristic_parse(search_params[:url]) rescue nil
      raise User::PrivilegeError, "Invalid URL" unless parsed_url
      whitelist_result = UploadWhitelist.is_whitelisted?(parsed_url)
      raise User::PrivilegeError, "Not allowed to request content from this URL" unless whitelist_result[0]
      @matches = IqdbProxy.query_url(search_params[:url], search_params[:score_cutoff])
    elsif search_params[:post_id].present?
      @matches = IqdbProxy.query_post(Post.find_by(id: search_params[:post_id]), search_params[:score_cutoff])
    elsif search_params[:hash].present?
      @matches = IqdbProxy.query_hash(search_params[:hash], search_params[:score_cutoff])
    end

    respond_with(@matches) do |fmt|
      fmt.json do
        render json: @matches, root: "posts"
      end
    end
  rescue IqdbProxy::Error => e
    render_expected_error(500, e.message)
  end

  private

  def throttle(search_params)
    return if Danbooru.config.disable_throttles?

    if %i[file url post_id hash].any? { |key| search_params[key].present? }
      if RateLimiter.check_limit("img:#{CurrentUser.ip_addr}", 1, 2.seconds)
        raise APIThrottled
      else
        RateLimiter.hit("img:#{CurrentUser.ip_addr}", 2.seconds)
      end
    end
  end

  def validate_enabled
    raise FeatureUnavailable unless IqdbProxy.enabled?
  end
end
[RuboCop] Enable `Style/FrozenStringLiteralComment` This reduces allocations on the posts page by about 5%, from basic testing 2024-02-25 12:15:55 -05:00			`# frozen_string_literal: true`

fixes #2130 2014-04-25 20:15:09 -04:00			`class IqdbQueriesController < ApplicationController`
support json for iqdb query actions 2018-06-20 14:53:44 -04:00			`respond_to :html, :json`
[IQDB] Allow POST requests without authorization The only reason this is POST is because you can't use GET for file uploads. There is no need to check the authenticity token on this endpoint. Closes #509 2023-05-07 09:08:10 -04:00			`# Show uses POST because it needs a file parameter. This would be GET otherwise.`
			`skip_forgery_protection only: :show`
[Posts] Hide "similar on e6" link if iqdb is not set up Also prevent hitting iqdb, accidentally dropped in https://github.com/e621ng/e621ng/commit/e87d617c6f42129c092d1001909f7843f50841ed That was previously catching the generic NotImplementedError but that doesn't feel appropriate for this. 2023-06-13 15:46:18 -04:00			`before_action :validate_enabled`
fixes #2130 2014-04-25 20:15:09 -04:00
Initial add of IQDB standalone page 2017-12-30 01:51:54 -05:00			`def show`
[IQDB] Expose the similarity cutoff in the UI 2023-05-07 08:48:58 -04:00			`# Allow legacy ?post_id=123 parameters`
			`search_params = params[:search].presence \|\| params`
			`throttle(search_params)`

[IQDB] Allow POST requests without authorization The only reason this is POST is because you can't use GET for file uploads. There is no need to check the authenticity token on this endpoint. Closes #509 2023-05-07 09:08:10 -04:00			`@matches = []`
[IQDB] Expose the similarity cutoff in the UI 2023-05-07 08:48:58 -04:00			`if search_params[:file].present?`
			`@matches = IqdbProxy.query_file(search_params[:file].tempfile, search_params[:score_cutoff])`
			`elsif search_params[:url].present?`
			`parsed_url = Addressable::URI.heuristic_parse(search_params[:url]) rescue nil`
[IQDB] Switch to new implementation 2023-04-24 08:46:26 -04:00			`raise User::PrivilegeError, "Invalid URL" unless parsed_url`
			`whitelist_result = UploadWhitelist.is_whitelisted?(parsed_url)`
			`raise User::PrivilegeError, "Not allowed to request content from this URL" unless whitelist_result[0]`
[IQDB] Expose the similarity cutoff in the UI 2023-05-07 08:48:58 -04:00			`@matches = IqdbProxy.query_url(search_params[:url], search_params[:score_cutoff])`
			`elsif search_params[:post_id].present?`
			`@matches = IqdbProxy.query_post(Post.find_by(id: search_params[:post_id]), search_params[:score_cutoff])`
			`elsif search_params[:hash].present?`
			`@matches = IqdbProxy.query_hash(search_params[:hash], search_params[:score_cutoff])`
support url/post_id params on iqdb queries endpoint 2018-06-19 19:46:22 -04:00			`end`

refactor iqdb endpoints 2018-06-23 13:32:39 -04:00			`respond_with(@matches) do \|fmt\|`
			`fmt.json do`
[IQDB] Add integration for the new iqdb server Use param v2=1 to use it, for now 2023-04-17 16:36:29 -04:00			`render json: @matches, root: "posts"`
refactor iqdb endpoints 2018-06-23 13:32:39 -04:00			`end`
			`end`
[IQDB] Switch to new implementation 2023-04-24 08:46:26 -04:00			`rescue IqdbProxy::Error => e`
[IQDB] Fix opaque exception on remote server error 2020-09-11 21:17:44 -04:00			`render_expected_error(500, e.message)`
add iqdb preview 2018-06-22 18:56:15 -04:00			`end`
add xhr variant detection 2018-06-23 15:01:44 -04:00
[IQDB] Add integration for the new iqdb server Use param v2=1 to use it, for now 2023-04-17 16:36:29 -04:00			`private`

[IQDB] Expose the similarity cutoff in the UI 2023-05-07 08:48:58 -04:00			`def throttle(search_params)`
			`return if Danbooru.config.disable_throttles?`
[IQDB] Allow specifying similarity cutoff 2023-04-17 17:01:45 -04:00
[IQDB] Expose the similarity cutoff in the UI 2023-05-07 08:48:58 -04:00			`if %i[file url post_id hash].any? { \|key\| search_params[key].present? }`
			`if RateLimiter.check_limit("img:#{CurrentUser.ip_addr}", 1, 2.seconds)`
[IQDB] Add integration for the new iqdb server Use param v2=1 to use it, for now 2023-04-17 16:36:29 -04:00			`raise APIThrottled`
Allow file uploads and urls for image search 2019-11-28 15:27:06 -05:00			`else`
[IQDB] Add integration for the new iqdb server Use param v2=1 to use it, for now 2023-04-17 16:36:29 -04:00			`RateLimiter.hit("img:#{CurrentUser.ip_addr}", 2.seconds)`
Allow file uploads and urls for image search 2019-11-28 15:27:06 -05:00			`end`
			`end`
			`end`
[Posts] Hide "similar on e6" link if iqdb is not set up Also prevent hitting iqdb, accidentally dropped in https://github.com/e621ng/e621ng/commit/e87d617c6f42129c092d1001909f7843f50841ed That was previously catching the generic NotImplementedError but that doesn't feel appropriate for this. 2023-06-13 15:46:18 -04:00
			`def validate_enabled`
[Misc] Add a method that returns the base url for network requests This makes it easier to stub in tests. Also add a method to the iqdb proxy to say if it is enabled or not and use it everywhere. 2024-04-26 09:57:56 -04:00			`raise FeatureUnavailable unless IqdbProxy.enabled?`
[Posts] Hide "similar on e6" link if iqdb is not set up Also prevent hitting iqdb, accidentally dropped in https://github.com/e621ng/e621ng/commit/e87d617c6f42129c092d1001909f7843f50841ed That was previously catching the generic NotImplementedError but that doesn't feel appropriate for this. 2023-06-13 15:46:18 -04:00			`end`
iqdbs: raise exception if not configured. 2017-04-05 01:37:05 -04:00			`end`