@@ -4,7 +4,7 @@ class AssetsController < ApplicationController # we check to see if the current_user is authorized based on the asset.user before_filter :login_required, :except => [:index, :show, :latest, :radio] - before_filter :find_referer, :only => :show + before_filter :find_referer, :prevent_abuse, :only => :show #rescue_from NoMethodError, :with => :user_not_found #rescue_from ActiveRecord::RecordNotFound, :with => :not_found @@ -47,7 +47,6 @@ class AssetsController < ApplicationController end format.mp3 do - render(:text => "Denied due to abuse", :status => 403) and return false if abuser? register_listen redirect_to @asset.public_mp3 end @@ -267,7 +266,11 @@ class AssetsController < ApplicationController @@valid_listeners.any?{|valid_agent| @agent.include? valid_agent} end + def prevent_abuse + render(:text => "Denied due to abuse", :status => 403) if abuser? + end + def abuser? - request.user_agent and @agent =~/mp3bot/ + request.user_agent and request.user_agent.include? 'mp3bot' end end app/controllers/assets_controller.rb @@ -35,6 +35,7 @@ describe AssetsController do it 'should properly detect leeching blacklisted sites and not register a listen' do request.user_agent = 'mp3bot' lambda{get_song }.should_not change(Listen, :count) + response.response_code.should == 403 end it 'should consider an empty user agent to be a spider and not register a listen' do spec/controllers/assets_controller_spec.rb 2f6de4fe3f2c2f558bbe1111d5fcc18d778aa76e Sudara sudara@alonetone.com http://github.com/tiendung/alonetone/commit/eaac541e0146d2c53ab10bdfbbf43074f9a56c4e eaac541e0146d2c53ab10bdfbbf43074f9a56c4e 2008-10-19T12:47:31-07:00 2008-10-19T12:47:31-07:00 Enusre that abusers are denied, verify with specs c8b3b7a996a6a1cb2de6ad338c981d91640ae057 Sudara sudara@alonetone.com