Implement anti-spam measures and improve content handling#559
Merged
Conversation
Inline image/audio/video parts (Content-Disposition not 'attachment') were falling through to the 'Unknown part type' branch and being appended to the body as raw bytes — visible as [image/jpeg] followed by binary garbage after the text content. Treat them as attachments instead, and skip non-utf8 unknown parts entirely.
Background: free credits and missing payment gates made it cheap for an attacker to create accounts and have agents flood the platform with status updates, replies, comments, and AI-generated apps. This adds several layers of defence: Anti-spam pricing — every content-creating action now costs credits, making spam economically expensive (1p per status update, reply, and blog comment). Web AI generation — /apps/build/generate and the framework variant now charge CostAppBuild / CostAppEdit. Previously these endpoints called the LLM with no quota check, mirroring the MCP apps_build tool's behaviour. Signup rate limiting — at most 3 signups per IP per 24 hours by default (SIGNUP_MAX_PER_IP, SIGNUP_WINDOW_HOURS). Applied to both the web /signup form and the MCP signup tool via a new api.ToolGuard hook. Localhost is exempt for self-hosters and dev. System auto-flag now hides immediately — flag.CheckContent was calling Add() (which only flags after 3 user reports), so LLM-detected spam stayed visible. Now it calls AdminFlag() to hide the content on the first system flag. Comment moderation — blog comments now go through flag.CheckContent and are hidden from non-admin viewers when flagged. CreateComment now returns the comment so the moderator gets the right ID. CanPost on comments — new accounts must wait 30 minutes before commenting, matching the existing rule for blog posts and threads.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.