make sure media attachments are not from a blocked account, CDN, or their subdomains

author: multiple creatures <dev@multiple-creature.party> 2019-08-30 20:29:42 -0500
committer: multiple creatures <dev@multiple-creature.party> 2019-08-30 20:29:42 -0500
commit: 60c449e1d77c6e11ced796a7e088038d80137de6 (patch)
tree: 0da0448cf75ceec7d52c94f93ce236742e307727 /app/models
parent: 8a9c1b32dac14a8a39f4fb38db82d6487f84e294 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/app/models/media_attachment.rb b/app/models/media_attachment.rb
index 932632b20..f624e0721 100644
--- a/app/models/media_attachment.rb
+++ b/app/models/media_attachment.rb
@@ -161,6 +161,13 @@ class MediaAttachment < ApplicationRecord
     (file.blank? || (Paperclip::Attachment.default_options[:storage] == :filesystem && !File.exist?(file.path))) && remote_url.present?
   end
 
+  def blocked?
+    domains = Set[self.account.domain]
+    domains.add(remote_url.scan(/[\w\-]+\.[\w\-]+(?:\.[\w\-]+)*/).first) if remote_url.present?
+    blocks = DomainBlock.suspend.or(DomainBlock.where(reject_media: true))
+    domains.any? { |domain| blocks.where(domain: domain).or(blocks.where('domain LIKE ?', "%.#{domain}")).exists? }
+  end
+
   def video_or_audio?
     video? || gifv? || audio?
   end
author	multiple creatures <dev@multiple-creature.party>	2019-08-30 20:29:42 -0500
committer	multiple creatures <dev@multiple-creature.party>	2019-08-30 20:29:42 -0500
commit	60c449e1d77c6e11ced796a7e088038d80137de6 (patch)
tree	0da0448cf75ceec7d52c94f93ce236742e307727 /app/models
parent	8a9c1b32dac14a8a39f4fb38db82d6487f84e294 (diff)