From b091cf5221435efe147b75219aa143dadc72d489 Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Mon, 17 Jul 2017 10:43:28 -0600 Subject: [PATCH 1/2] Added new TALK_DISABLE_AUTOFLAG_SUSPECT_WORDS option --- README.md | 3 ++- config.js | 10 +++++++++- graph/mutators/comment.js | 9 ++++++++- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a629065ff..86e8000d0 100644 --- a/README.md +++ b/README.md @@ -50,11 +50,12 @@ sign and verify tokens via a `HS256` algorithm. - `TALK_SMTP_PASSWORD` (*required for email*) - password for the SMTP provider you are using. - `TALK_SMTP_HOST` (*required for email*) - SMTP host url with format `smtp.domain.com`. - `TALK_SMTP_PORT` (*required for email*) - SMTP port. -- `TALK_INSTALL_LOCK` (_optional for dynamic setup_) - Defaults to `FALSE`. When `TRUE`, disables the dynamic setup endpoint. +- `TALK_INSTALL_LOCK` (_optional for dynamic setup_) - When `TRUE`, disables the dynamic setup endpoint. (Default `FALSE`) - `TALK_RECAPTCHA_SECRET` (*required for reCAPTCHA support*) - server secret used for enabling reCAPTCHA powered logins. If not provided it will instead default to providing only a time based lockout. - `TALK_RECAPTCHA_PUBLIC` (*required for reCAPTCHA support*) - client secret used for enabling reCAPTCHA powered logins. If not provided it will instead default to providing only a time based lockout. - `TALK_PLUGINS_JSON` (_optional_) - used to specify the plugin config via the environment - `TALK_KEEP_ALIVE` (_optional_) - The keepalive timeout that should be used to send keep alive messages through the websocket to keep the socket alive. (Default `30s`) +- `TALK_DISABLE_AUTOFLAG_SUSPECT_WORDS` (_optional_) When `TRUE`, disables flagging of comments that match the suspect word filter. (Default `FALSE`) Refer to the wiki page on [Configuration Loading](https://github.com/coralproject/talk/wiki/Configuration-Loading) for alternative methods of loading configuration during development. diff --git a/config.js b/config.js index ce8931235..e3dd4578c 100644 --- a/config.js +++ b/config.js @@ -77,7 +77,15 @@ const CONFIG = { SMTP_HOST: process.env.TALK_SMTP_HOST, SMTP_PASSWORD: process.env.TALK_SMTP_PASSWORD, SMTP_PORT: process.env.TALK_SMTP_PORT, - SMTP_USERNAME: process.env.TALK_SMTP_USERNAME + SMTP_USERNAME: process.env.TALK_SMTP_USERNAME, + + //------------------------------------------------------------------------------ + // Flagging Config + //------------------------------------------------------------------------------ + + // DISABLE_AUTOFLAG_SUSPECT_WORDS is true when the suspect words that are + // matched should not be flagged. + DISABLE_AUTOFLAG_SUSPECT_WORDS: process.env.TALK_DISABLE_AUTOFLAG_SUSPECT_WORDS === 'TRUE' }; //============================================================================== diff --git a/graph/mutators/comment.js b/graph/mutators/comment.js index f32172a4d..539bd674e 100644 --- a/graph/mutators/comment.js +++ b/graph/mutators/comment.js @@ -15,6 +15,10 @@ const { EDIT_COMMENT } = require('../../perms/constants'); +const { + DISABLE_AUTOFLAG_SUSPECT_WORDS +} = require('../../config'); + const debug = require('debug')('talk:graph:mutators:tags'); const plugins = require('../../services/plugins'); @@ -297,7 +301,10 @@ const createPublicComment = async (context, commentInput) => { // Otherwise just return the new comment. // TODO: Check why the wordlist is undefined - if (wordlist != null && wordlist.suspect != null) { + + // If the wordlist has matched the suspect word filter and we haven't disabled + // auto-flagging suspect words, then we should flag the comment! + if (wordlist != null && wordlist.suspect != null && !DISABLE_AUTOFLAG_SUSPECT_WORDS) { // TODO: this is kind of fragile, we should refactor this to resolve // all these const's that we're using like 'COMMENTS', 'FLAG' to be From ab87500303fea51e62496307dec801f1cf517826 Mon Sep 17 00:00:00 2001 From: Nat Welch Date: Mon, 17 Jul 2017 17:02:46 -0400 Subject: [PATCH 2/2] Fix email address env var in docs --- docs/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration.md b/docs/configuration.md index 8323ca724..c19c5a38e 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -17,7 +17,7 @@ sign and verify tokens via a `HS256` algorithm. - `TALK_JWT_EXPIRY` (_optional_) - the expiry duration (`exp`) for the tokens issued for logged in sessions (Default `1 day`) - `TALK_JWT_ISSUER` (_optional_) - the issuer (`iss`) claim for login JWT tokens (Default `process.env.TALK_ROOT_URL`) - `TALK_JWT_AUDIENCE` (_optional_) - the audience (`aud`) claim for login JWT tokens (Default `talk`) -- `TALK_SMTP_EMAIL` (*required for email*) - the address to send emails from using the +- `TALK_SMTP_FROM_ADDRESS` (*required for email*) - the address to send emails from using the SMTP provider. - `TALK_SMTP_USERNAME` (*required for email*) - username of the SMTP provider you are using. - `TALK_SMTP_PASSWORD` (*required for email*) - password for the SMTP provider you are using.