Add whitelist to upload services and file downloaders

app/controllers/upload_whitelists_controller.rb

@@ -59,7 +59,7 @@ class UploadWhitelistsController < ApplicationController
   end
 
   def search_params
-    params.fetch(:search, {}).permit(%i[allowed order pattern reason])
+    params.fetch(:search, {}).permit(%i[allowed order pattern note reason])
   end
 
   def whitelist_params

app/controllers/uploads_controller.rb

@@ -54,6 +54,9 @@ class UploadsController < ApplicationController
     @service = UploadService.new(upload_params)
     @upload = @service.start!
 
+    if @upload.invalid?
+      flash[:notice] = @upload.errors.full_messages.join("; ")
+    end
     if @service.warnings.any?
       flash[:notice] = @service.warnings.join(".\n \n")
     end

app/logical/downloads/file.rb

@@ -37,6 +37,8 @@ module Downloads
       errors[:base] << "URL must not be blank" if url.blank?
       errors[:base] << "'#{url}' is not a valid url" if !url.host.present?
       errors[:base] << "'#{url}' is not a valid url. Did you mean 'http://#{url}'?" if !url.scheme.in?(%w[http https])
+      valid, reason = UploadWhitelist.is_whitelisted?(url)
+      errors[:base] << "'#{url}' is not whitelisted and can't be direct downloaded: #{reason}" if !valid
     end
 
     def http_get_streaming(url, file: Tempfile.new(binmode: true), headers: {}, max_size: Danbooru.config.max_file_size)

app/logical/upload_service.rb

@@ -39,7 +39,7 @@ class UploadService
 
     params[:rating] ||= "q"
     params[:tag_string] ||= "tagme"
-    @upload = Upload.create!(params)
+    @upload = Upload.create(params)
 
     begin
       if @upload.invalid?

app/models/upload.rb

@@ -62,6 +62,7 @@ class Upload < ApplicationRecord
   before_validation :initialize_attributes, on: :create
   before_validation :assign_rating_from_tags
   validate :uploader_is_not_limited, on: :create
+  validate :source_is_whitelisted, on: :create
   # validates :source, format: { with: /\Ahttps?/ }, if: ->(record) {record.file.blank?}, on: :create
   validates :rating, inclusion: { in: %w(q e s) }, allow_nil: true
   validates :md5, confirmation: true, if: -> (rec) { rec.md5_confirmation.present? }
@@ -262,6 +263,16 @@ class Upload < ApplicationRecord
     end
   end
 
+  def source_is_whitelisted
+    return true if source_url.nil?
+    valid, reason = UploadWhitelist.is_whitelisted?(source_url)
+    if !valid
+      self.errors.add(:source, "is not whitelisted: #{reason}")
+      return false
+    end
+    true
+  end
+
   def assign_rating_from_tags
     if rating = Tag.has_metatag?(tag_string, :rating)
       self.rating = rating.downcase.first

app/models/upload_whitelist.rb

@@ -4,7 +4,7 @@ class UploadWhitelist < ApplicationRecord
 
   validates_presence_of :pattern
   validates_uniqueness_of :pattern
-  validates_format_of :pattern, with: /\A[a-zA-Z0-9.%\-*\/?&]+\z/
+  validates_format_of :pattern, with: /\A[a-zA-Z0-9.%:\-*\/?&]+\z/
   after_create do |rec|
     ModAction.log("#{CurrentUser.name} created upload whitelist #{rec.pattern}", :upload_whitelist_create)
   end
@@ -27,14 +27,26 @@ class UploadWhitelist < ApplicationRecord
     q = super
 
     if params[:pattern].present?
-      q = q.where("pattern ILIKE ?", params[:pattern])
+      q = q.where("pattern ILIKE ?", params[:pattern].to_escaped_for_sql_like)
     end
 
     if params[:note].present?
-      q = q.where("note ILIKE ?", params[:note])
+      q = q.where("note ILIKE ?", params[:note].to_escaped_for_sql_like)
     end
 
-    q.apply_default_order(params)
+    params[:order] ||= params.delete(:sort)
+    case params[:order]
+    when "note"
+      q = q.order("upload_whitelists.note")
+    when "pattern"
+      q = q.order("upload_whitelists.pattern")
+    when "updated_at"
+      q = q.order("upload_whitelists.updated_at desc")
+    else
+      q = q.apply_default_order(params)
+    end
+
+    q
   end
 
   def self.is_whitelisted?(url, options = {})
@@ -51,6 +63,6 @@ class UploadWhitelist < ApplicationRecord
         return [x.allowed, x.reason]
       end
     end
-    [false, "not found"]
+    [false, "not in whitelist"]
   end
 end

app/views/upload_whitelists/_search.html.erb

@@ -0,0 +1,7 @@
+<%= simple_form_for(:search, url: upload_whitelists_path, method: :get, defaults: { required: false }, html: { class: "inline-form" }) do |f| %>
+  <%= f.input :pattern, label: "Pattern", hint: "Use * for wildcard", input_html: { value: params[:search][:pattern]} %>
+  <%= f.input :note, label: "Note", as: "string", input_html: { value: params[:search][:note] } %>
+  <%= f.input :reason, label: "Ban Reason", input_html: { value: params[:search][:reason] } %>
+  <%= f.input :order, collection: [["Recently created", "id"], ["Last updated", "updated_at"], ["Pattern", "pattern"], ["Note", "note"]], selected: params[:search][:order] %>
+  <%= f.submit "Search" %>
+<% end %>

app/views/upload_whitelists/index.html.erb

@@ -1,5 +1,6 @@
 <div id="c-upload-whitelists">
   <div id="a-index">
+    <%= render "search" %>
     <h1>Upload Whitelists</h1>
 
     <table class="striped" width="100%">

config/danbooru_default_config.rb

@@ -794,7 +794,7 @@ module Danbooru
     end
 
     def bypass_upload_whitelist?(user)
-      false #user.is_admin?
+      user.is_admin?
     end
   end