lila/app/controllers/Mod.scala

package controllers

import lila.app._
import lila.security.Permission
import lila.user.UserRepo
import views._

import org.joda.time.DateTime
import play.api.mvc._
import play.api.mvc.Results._

import lila.evaluation.{ PlayerAssessment }

import chess.Color

object Mod extends LilaController {

  private def modApi = Env.mod.api
  private def modLogApi = Env.mod.logApi
  private def assessApi = Env.mod.assessApi

  def engine(username: String) = Secure(_.MarkEngine) { _ =>
    me => modApi.toggleEngine(me.id, username) inject redirect(username)
  }

  def booster(username: String) = Secure(_.MarkBooster) { _ =>
    me => modApi.toggleBooster(me.id, username) inject redirect(username)
  }

  def troll(username: String) = Secure(_.MarkTroll) { implicit ctx =>
    me =>
      modApi.troll(me.id, username, getBool("set")) inject {
        get("then") match {
          case Some("reports") => Redirect(routes.Report.list)
          case _               => redirect(username)
        }
      }
  }

  def ban(username: String) = Secure(_.IpBan) { implicit ctx =>
    me => modApi.ban(me.id, username) inject redirect(username)
  }

  def ipban(ip: String) = Secure(_.IpBan) { implicit ctx =>
    me => modApi.ipban(me.id, ip)
  }

  def closeAccount(username: String) = Secure(_.CloseAccount) { implicit ctx =>
    me => modApi.closeAccount(me.id, username) flatMap {
      _ ?? Account.doClose
    } inject redirect(username)
  }

  def reopenAccount(username: String) = Secure(_.ReopenAccount) { implicit ctx =>
    me => modApi.reopenAccount(me.id, username) inject redirect(username)
  }

  def setTitle(username: String) = SecureBody(_.SetTitle) { implicit ctx =>
    me =>
      implicit def req = ctx.body
      lila.user.DataForm.title.bindFromRequest.fold(
        err => fuccess(redirect(username, mod = true)),
        title => modApi.setTitle(me.id, username, title) inject redirect(username, mod = false)
      )
  }

  def setEmail(username: String) = SecureBody(_.SetEmail) { implicit ctx =>
    me =>
      implicit def req = ctx.body
      OptionFuResult(UserRepo named username) { user =>
        Env.security.forms.modEmail(user).bindFromRequest.fold(
          err => BadRequest(err.toString).fuccess,
          email => modApi.setEmail(me.id, user.id, email) inject redirect(user.username, mod = true)
        )
      }
  }

  def notifySlack(username: String) = Auth { implicit ctx =>
    me =>
      OptionFuResult(UserRepo named username) { user =>
        Env.slack.api.userMod(user = user, mod = me) inject redirect(user.username)
      }
  }

  def log = Secure(_.SeeReport) { implicit ctx =>
    me => modLogApi.recent map { html.mod.log(_) }
  }

  def communication(username: String) = Secure(_.MarkTroll) { implicit ctx =>
    me =>
      OptionFuOk(UserRepo named username) { user =>
        for {
          povs <- lila.game.GameRepo.recentPovsByUser(user, 100)
          chats <- povs.map(p => Env.chat.api.playerChat findNonEmpty p.gameId).sequence
          povWithChats = (povs zip chats) collect {
            case (p, Some(c)) => p -> c
          } take 9
          threads <- {
            lila.message.ThreadRepo.visibleByUser(user.id, 50) map {
              _ filter (_ hasPostsWrittenBy user.id) take 9
            }
          }
          publicLines <- Env.shutup.api getPublicLines user.id
          spy <- Env.security userSpy user.id
        } yield html.mod.communication(user, povWithChats, threads, publicLines, spy)
      }
  }

  private val ipIntelCache =
    lila.memo.AsyncCache[String, Int](ip => {
      import play.api.libs.ws.WS
      import play.api.Play.current
      val email = "lichess.contact@gmail.com"
      val url = s"http://check.getipintel.net/check.php?ip=$ip&contact=$email"
      WS.url(url).get().map(_.body).mon(_.security.proxy.request.time).flatMap { str =>
        parseFloatOption(str).fold[Fu[Int]](fufail(s"Invalid ratio ${str.take(140)}")) { ratio =>
          fuccess((ratio * 100).toInt)
        }
      }.addEffects(
        fail = _ => lila.mon.security.proxy.request.failure(),
        succ = percent => {
          lila.mon.security.proxy.percent(percent max 0)
          lila.mon.security.proxy.request.success()
        })
    }, maxCapacity = 1024)

  def ipIntel(ip: String) = Secure(_.IpBan) { ctx =>
    me =>
      ipIntelCache(ip).map { Ok(_) }.recover {
        case e: Exception => InternalServerError(e.getMessage)
      }
  }

  def redirect(username: String, mod: Boolean = true) = Redirect(routes.User.show(username).url + mod.??("?mod"))

  def refreshUserAssess(username: String) = Secure(_.MarkEngine) { implicit ctx =>
    me => assessApi.refreshAssessByUsername(username) inject redirect(username)
  }

  def gamify = Secure(_.SeeReport) { implicit ctx =>
    me =>
      Env.mod.gamify.leaderboards zip
        Env.mod.gamify.history(orCompute = true) map {
          case (leaderboards, history) => Ok(html.mod.gamify.index(leaderboards, history))
        }
  }
  def gamifyPeriod(periodStr: String) = Secure(_.SeeReport) { implicit ctx =>
    me =>
      lila.mod.Gamify.Period(periodStr).fold(notFound) { period =>
        Env.mod.gamify.leaderboards map { leaderboards =>
          Ok(html.mod.gamify.period(leaderboards, period))
        }
      }
  }

  def search = Secure(_.UserSearch) { implicit ctx =>
    me =>
      val query = (~get("q")).trim
      Env.mod.search(query) map { users =>
        html.mod.search(query, users)
      }
  }

  def chatUser(username: String) = Secure(_.ChatTimeout) { implicit ctx =>
    me =>
      implicit val lightUser = Env.user.lightUser _
      JsonOptionOk {
        Env.chat.api.userChat userModInfo username map2 lila.chat.JsonView.userModInfo
      }
  }

  def powaaa(username: String) = Secure(_.ChangePermission) { implicit ctx =>
    me =>
      OptionOk(UserRepo named username) { user =>
        html.mod.powaaa(user)
      }
  }

  def savePowaaa(username: String) = SecureBody(_.ChangePermission) { implicit ctx =>
    me =>
      implicit def req = ctx.body
      OptionFuResult(UserRepo named username) { user =>
        import play.api.data._
        import play.api.data.Forms._
        Form(single(
          "permissions" -> list(nonEmptyText.verifying { str =>
            lila.security.Permission.allButSuperAdmin.exists(_.name == str)
          })
        )).bindFromRequest.fold(
          err => BadRequest(html.mod.powaaa(user)).fuccess,
          permissions =>
            UserRepo.setRoles(user.id, permissions map (_.toUpperCase)) inject
              Redirect(routes.User.show(user.username) + "?mod")
        )
      }
  }
}
progress on forum and general templating 2013-05-06 08:51:19 -06:00			`package controllers`

			`import lila.app._`
			`import lila.security.Permission`
more work on troll isolation 2013-05-16 16:00:28 -06:00			`import lila.user.UserRepo`
FIDE titles 2014-02-26 17:18:09 -07:00			`import views._`
progress on forum and general templating 2013-05-06 08:51:19 -06:00
store assessments author and date 2015-01-23 01:13:56 -07:00			`import org.joda.time.DateTime`
progress on forum and general templating 2013-05-06 08:51:19 -06:00			`import play.api.mvc._`
			`import play.api.mvc.Results._`

Analysed games are now referenced and put in DB 2015-01-17 04:12:34 -07:00			`import lila.evaluation.{ PlayerAssessment }`
"refactoring" 2015-01-15 04:15:28 -07:00
Bug fixes and merge fixing 2015-01-19 08:07:02 -07:00			`import chess.Color`

progress on forum and general templating 2013-05-06 08:51:19 -06:00			`object Mod extends LilaController {`

progress on controller abstractions and forum UI 2013-05-06 10:41:02 -06:00			`private def modApi = Env.mod.api`
			`private def modLogApi = Env.mod.logApi`
"refactoring" 2015-01-15 04:15:28 -07:00			`private def assessApi = Env.mod.assessApi`
progress on forum and general templating 2013-05-06 08:51:19 -06:00
s/⇒/=> 2014-02-17 02:12:19 -07:00			`def engine(username: String) = Secure(_.MarkEngine) { _ =>`
fix auto toggle engine/booster and remove unused code 2015-02-24 03:43:09 -07:00			`me => modApi.toggleEngine(me.id, username) inject redirect(username)`
mod app 2013-05-10 03:56:34 -06:00			`}`

Progress on Booster title 2015-02-13 07:14:39 -07:00			`def booster(username: String) = Secure(_.MarkBooster) { _ =>`
fix auto toggle engine/booster and remove unused code 2015-02-24 03:43:09 -07:00			`me => modApi.toggleBooster(me.id, username) inject redirect(username)`
Progress on Booster title 2015-02-13 07:14:39 -07:00			`}`

quick troll-and-back-to-reports button 2015-07-01 03:15:54 -06:00			`def troll(username: String) = Secure(_.MarkTroll) { implicit ctx =>`
s/⇒/=> 2014-02-17 02:12:19 -07:00			`me =>`
make communication modding more convenient 2015-07-08 03:53:56 -06:00			`modApi.troll(me.id, username, getBool("set")) inject {`
quick troll-and-back-to-reports button 2015-07-01 03:15:54 -06:00			`get("then") match {`
			`case Some("reports") => Redirect(routes.Report.list)`
			`case _ => redirect(username)`
			`}`
			`}`
mod app 2013-05-10 03:56:34 -06:00			`}`

s/⇒/=> 2014-02-17 02:12:19 -07:00			`def ban(username: String) = Secure(_.IpBan) { implicit ctx =>`
			`me => modApi.ban(me.id, username) inject redirect(username)`
mod app 2013-05-10 03:56:34 -06:00			`}`

s/⇒/=> 2014-02-17 02:12:19 -07:00			`def ipban(ip: String) = Secure(_.IpBan) { implicit ctx =>`
			`me => modApi.ipban(me.id, ip)`
progress on controller abstractions and forum UI 2013-05-06 10:41:02 -06:00			`}`
progress on forum and general templating 2013-05-06 08:51:19 -06:00
s/⇒/=> 2014-02-17 02:12:19 -07:00			`def closeAccount(username: String) = Secure(_.CloseAccount) { implicit ctx =>`
fixes #1661 2016-03-01 18:27:36 -07:00			`me => modApi.closeAccount(me.id, username) flatMap {`
			`_ ?? Account.doClose`
			`} inject redirect(username)`
let mods close accounts 2014-02-01 06:13:22 -07:00			`}`

s/⇒/=> 2014-02-17 02:12:19 -07:00			`def reopenAccount(username: String) = Secure(_.ReopenAccount) { implicit ctx =>`
			`me => modApi.reopenAccount(me.id, username) inject redirect(username)`
let admins reopen closed accounts 2013-09-11 04:38:16 -06:00			`}`

UI to change permissions 2016-06-20 10:44:30 -06:00			`def setTitle(username: String) = SecureBody(_.SetTitle) { implicit ctx =>`
FIDE titles 2014-02-26 17:18:09 -07:00			`me =>`
			`implicit def req = ctx.body`
UI to change permissions 2016-06-20 10:44:30 -06:00			`lila.user.DataForm.title.bindFromRequest.fold(`
			`err => fuccess(redirect(username, mod = true)),`
			`title => modApi.setTitle(me.id, username, title) inject redirect(username, mod = false)`
			`)`
FIDE titles 2014-02-26 17:18:09 -07:00			`}`

UI to change permissions 2016-06-20 10:44:30 -06:00			`def setEmail(username: String) = SecureBody(_.SetEmail) { implicit ctx =>`
let mods set user email - closes #756 2015-08-12 05:17:16 -06:00			`me =>`
			`implicit def req = ctx.body`
can't change mod email 2015-08-12 16:50:05 -06:00			`OptionFuResult(UserRepo named username) { user =>`
UI to change permissions 2016-06-20 10:44:30 -06:00			`Env.security.forms.modEmail(user).bindFromRequest.fold(`
			`err => BadRequest(err.toString).fuccess,`
			`email => modApi.setEmail(me.id, user.id, email) inject redirect(user.username, mod = true)`
			`)`
can't change mod email 2015-08-12 16:50:05 -06:00			`}`
let mods set user email - closes #756 2015-08-12 05:17:16 -06:00			`}`

notify slack #deputy - closes #1373 2016-01-04 21:18:39 -07:00			`def notifySlack(username: String) = Auth { implicit ctx =>`
			`me =>`
			`OptionFuResult(UserRepo named username) { user =>`
			`Env.slack.api.userMod(user = user, mod = me) inject redirect(user.username)`
			`}`
			`}`

secure the mod log 2015-09-12 16:28:27 -06:00			`def log = Secure(_.SeeReport) { implicit ctx =>`
s/⇒/=> 2014-02-17 02:12:19 -07:00			`me => modLogApi.recent map { html.mod.log(_) }`
mod app 2013-05-10 03:56:34 -06:00			`}`
improve engine detection automation 2014-01-16 01:46:01 -07:00
let mods review communications of reported users 2014-05-22 13:01:54 -06:00			`def communication(username: String) = Secure(_.MarkTroll) { implicit ctx =>`
			`me =>`
			`OptionFuOk(UserRepo named username) { user =>`
			`for {`
get more games for communication report 2015-06-29 10:20:21 -06:00			`povs <- lila.game.GameRepo.recentPovsByUser(user, 100)`
let mods review communications of reported users 2014-05-22 13:01:54 -06:00			`chats <- povs.map(p => Env.chat.api.playerChat findNonEmpty p.gameId).sequence`
			`povWithChats = (povs zip chats) collect {`
			`case (p, Some(c)) => p -> c`
			`} take 9`
drop communication report timeout 2015-05-29 05:09:30 -06:00			`threads <- {`
let mods review communications of reported users 2014-05-22 13:01:54 -06:00			`lila.message.ThreadRepo.visibleByUser(user.id, 50) map {`
			`_ filter (_ hasPostsWrittenBy user.id) take 9`
			`}`
			`}`
store & display public butthurt messages - closes #651 2015-07-01 04:22:06 -06:00			`publicLines <- Env.shutup.api getPublicLines user.id`
show alt accounts on mod communications view - closes #886 2015-09-04 04:22:15 -06:00			`spy <- Env.security userSpy user.id`
			`} yield html.mod.communication(user, povWithChats, threads, publicLines, spy)`
let mods review communications of reported users 2014-05-22 13:01:54 -06:00			`}`
			`}`

cache proxy detection - closes #814 2015-08-20 16:45:48 -06:00			`private val ipIntelCache =`
monitor ipintel requests 2016-03-11 21:29:21 -07:00			`lila.memo.AsyncCache[String, Int](ip => {`
detect proxies https://i.imgur.com/b3udHh6.png 2015-08-20 16:39:32 -06:00			`import play.api.libs.ws.WS`
			`import play.api.Play.current`
getipintel unescaped query parameters - the dirty way They won't accept properly escaped parameters for dubious reasons. 2015-10-13 01:28:54 -06:00			`val email = "lichess.contact@gmail.com"`
			`val url = s"http://check.getipintel.net/check.php?ip=$ip&contact=$email"`
monitor ipintel requests 2016-03-11 21:29:21 -07:00			`WS.url(url).get().map(_.body).mon(_.security.proxy.request.time).flatMap { str =>`
don't show all ipintel failure html 2016-06-20 03:58:59 -06:00			`parseFloatOption(str).fold[Fu[Int]](fufail(s"Invalid ratio ${str.take(140)}")) { ratio =>`
monitor ipintel requests 2016-03-11 21:29:21 -07:00			`fuccess((ratio * 100).toInt)`
			`}`
			`}.addEffects(`
			`fail = _ => lila.mon.security.proxy.request.failure(),`
			`succ = percent => {`
master: don't monitor proxy percent negative values 2016-03-16 05:02:29 -06:00			`lila.mon.security.proxy.percent(percent max 0)`
monitor ipintel requests 2016-03-11 21:29:21 -07:00			`lila.mon.security.proxy.request.success()`
			`})`
			`}, maxCapacity = 1024)`
cache proxy detection - closes #814 2015-08-20 16:45:48 -06:00
			`def ipIntel(ip: String) = Secure(_.IpBan) { ctx =>`
			`me =>`
handle getipintel failures 2016-07-10 03:52:09 -06:00			`ipIntelCache(ip).map { Ok(_) }.recover {`
			`case e: Exception => InternalServerError(e.getMessage)`
			`}`
detect proxies https://i.imgur.com/b3udHh6.png 2015-08-20 16:39:32 -06:00			`}`

Progress on player assessment ScalaEvaluator 2015-01-13 03:44:12 -07:00			`def redirect(username: String, mod: Boolean = true) = Redirect(routes.User.show(username).url + mod.??("?mod"))`

Allow moderators to hail fire upon cheaters 2015-02-22 23:12:25 -07:00			`def refreshUserAssess(username: String) = Secure(_.MarkEngine) { implicit ctx =>`
			`me => assessApi.refreshAssessByUsername(username) inject redirect(username)`
			`}`
mod hall of fame v1 2016-01-10 21:09:37 -07:00
			`def gamify = Secure(_.SeeReport) { implicit ctx =>`
			`me =>`
mod leaderboard history 2016-01-11 02:37:09 -07:00			`Env.mod.gamify.leaderboards zip`
			`Env.mod.gamify.history(orCompute = true) map {`
			`case (leaderboards, history) => Ok(html.mod.gamify.index(leaderboards, history))`
			`}`
moderator hall of fame 2016-01-10 22:18:26 -07:00			`}`
			`def gamifyPeriod(periodStr: String) = Secure(_.SeeReport) { implicit ctx =>`
			`me =>`
			`lila.mod.Gamify.Period(periodStr).fold(notFound) { period =>`
			`Env.mod.gamify.leaderboards map { leaderboards =>`
			`Ok(html.mod.gamify.period(leaderboards, period))`
			`}`
mod hall of fame v1 2016-01-10 21:09:37 -07:00			`}`
			`}`
implement moderator user search by IP & email - for #858 2016-01-11 20:16:20 -07:00
			`def search = Secure(_.UserSearch) { implicit ctx =>`
			`me =>`
			`val query = (~get("q")).trim`
			`Env.mod.search(query) map { users =>`
			`html.mod.search(query, users)`
			`}`
			`}`
show timeout history in chat mod view 2016-06-10 18:13:57 -06:00
chat moderation permission 2016-06-19 08:03:04 -06:00			`def chatUser(username: String) = Secure(_.ChatTimeout) { implicit ctx =>`
show timeout history in chat mod view 2016-06-10 18:13:57 -06:00			`me =>`
			`implicit val lightUser = Env.user.lightUser _`
			`JsonOptionOk {`
			`Env.chat.api.userChat userModInfo username map2 lila.chat.JsonView.userModInfo`
			`}`
			`}`
UI to change permissions 2016-06-20 10:44:30 -06:00
			`def powaaa(username: String) = Secure(_.ChangePermission) { implicit ctx =>`
			`me =>`
			`OptionOk(UserRepo named username) { user =>`
			`html.mod.powaaa(user)`
			`}`
			`}`

			`def savePowaaa(username: String) = SecureBody(_.ChangePermission) { implicit ctx =>`
			`me =>`
			`implicit def req = ctx.body`
			`OptionFuResult(UserRepo named username) { user =>`
			`import play.api.data._`
			`import play.api.data.Forms._`
			`Form(single(`
			`"permissions" -> list(nonEmptyText.verifying { str =>`
			`lila.security.Permission.allButSuperAdmin.exists(_.name == str)`
			`})`
			`)).bindFromRequest.fold(`
			`err => BadRequest(html.mod.powaaa(user)).fuccess,`
			`permissions =>`
			`UserRepo.setRoles(user.id, permissions map (_.toUpperCase)) inject`
			`Redirect(routes.User.show(user.username) + "?mod")`
			`)`
			`}`
			`}`
progress on forum and general templating 2013-05-06 08:51:19 -06:00			`}`