advancedcontentfilter/advancedcontentfilter.php

   1 <?php
   2 /**
   3  * Name: Advanced content Filter
   4  * Description: Expression-based content filter
   5  * Version: 1.0
   6  * Author: Hypolite Petovan <https://friendica.mrpetovan.com/profile/hypolite>
   7  * Maintainer: Hypolite Petovan <https://friendica.mrpetovan.com/profile/hypolite>
   8  *
   9  * Copyright (c) 2018 Hypolite Petovan
  10  * All rights reserved.
  11  *
  12  * Redistribution and use in source and binary forms, with or without
  13  * modification, are permitted provided that the following conditions are met:
  14  *    * Redistributions of source code must retain the above copyright notice,
  15  *     this list of conditions and the following disclaimer.
  16  *    * Redistributions in binary form must reproduce the above
  17  *    * copyright notice, this list of conditions and the following disclaimer in
  18  *      the documentation and/or other materials provided with the distribution.
  19  *    * Neither the name of Friendica nor the names of its contributors
  20  *      may be used to endorse or promote products derived from this software
  21  *      without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  25  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  26  * DISCLAIMED. IN NO EVENT SHALL FRIENDICA BE LIABLE FOR ANY DIRECT,
  27  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
  28  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  29  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  30  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
  31  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  32  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33  *
  34  */
  35
  36 use Friendica\App;
  37 use Friendica\BaseModule;
  38 use Friendica\Content\Text\Markdown;
  39 use Friendica\Core\Hook;
  40 use Friendica\Core\Logger;
  41 use Friendica\Core\Renderer;
  42 use Friendica\Database\DBA;
  43 use Friendica\Database\DBStructure;
  44 use Friendica\DI;
  45 use Friendica\Model\Item;
  46 use Friendica\Model\Post;
  47 use Friendica\Model\Tag;
  48 use Friendica\Model\User;
  49 use Friendica\Module\Security\Login;
  50 use Friendica\Network\HTTPException;
  51 use Friendica\Util\DateTimeFormat;
  52 use Psr\Http\Message\ResponseInterface;
  53 use Psr\Http\Message\ServerRequestInterface;
  54 use Symfony\Component\ExpressionLanguage;
  55
  56 require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
  57
  58 function advancedcontentfilter_install(App $a)
  59 {
  60         Hook::register('dbstructure_definition'     , __FILE__, 'advancedcontentfilter_dbstructure_definition');
  61         Hook::register('prepare_body_content_filter', __FILE__, 'advancedcontentfilter_prepare_body_content_filter');
  62         Hook::register('addon_settings'             , __FILE__, 'advancedcontentfilter_addon_settings');
  63
  64         Hook::add('dbstructure_definition'          , __FILE__, 'advancedcontentfilter_dbstructure_definition');
  65         DBStructure::performUpdate();
  66
  67         Logger::notice("installed advancedcontentfilter");
  68 }
  69
  70 /*
  71  * Hooks
  72  */
  73
  74 function advancedcontentfilter_dbstructure_definition(App $a, &$database)
  75 {
  76         $database["advancedcontentfilter_rules"] = [
  77                 "comment" => "Advancedcontentfilter addon rules",
  78                 "fields" => [
  79                         "id"         => ["type" => "int unsigned", "not null" => "1", "extra" => "auto_increment", "primary" => "1", "comment" => "Auto incremented rule id"],
  80                         "uid"        => ["type" => "int unsigned", "not null" => "1", "comment" => "Owner user id"],
  81                         "name"       => ["type" => "varchar(255)", "not null" => "1", "comment" => "Rule name"],
  82                         "expression" => ["type" => "mediumtext"  , "not null" => "1", "comment" => "Expression text"],
  83                         "serialized" => ["type" => "mediumtext"  , "not null" => "1", "comment" => "Serialized parsed expression"],
  84                         "active"     => ["type" => "boolean"     , "not null" => "1", "default" => "1", "comment" => "Whether the rule is active or not"],
  85                         "created"    => ["type" => "datetime"    , "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "Creation date"],
  86                 ],
  87                 "indexes" => [
  88                         "PRIMARY" => ["id"],
  89                         "uid_active" => ["uid", "active"],
  90                 ]
  91         ];
  92 }
  93
  94 function advancedcontentfilter_get_filter_fields(array $item)
  95 {
  96         $vars = [];
  97
  98         // Convert the language JSON text into a filterable format
  99         if (!empty($item['language']) && ($languages = json_decode($item['language'], true))) {
 100                 foreach ($languages as $key => $value) {
 101                         $vars['language_' . strtolower($key)] = $value;
 102                 }
 103         }
 104
 105         foreach ($item as $key => $value) {
 106                 $vars[str_replace('-', '_', $key)] = $value;
 107         }
 108
 109         ksort($vars);
 110
 111         return $vars;
 112 }
 113
 114 function advancedcontentfilter_prepare_body_content_filter(App $a, &$hook_data)
 115 {
 116         static $expressionLanguage;
 117
 118         if (is_null($expressionLanguage)) {
 119                 $expressionLanguage = new ExpressionLanguage\ExpressionLanguage();
 120         }
 121
 122         if (!local_user()) {
 123                 return;
 124         }
 125
 126         $vars = advancedcontentfilter_get_filter_fields($hook_data['item']);
 127
 128         $rules = DI::cache()->get('rules_' . local_user());
 129         if (!isset($rules)) {
 130                 $rules = DBA::toArray(DBA::select(
 131                         'advancedcontentfilter_rules',
 132                         ['name', 'expression', 'serialized'],
 133                         ['uid' => local_user(), 'active' => true]
 134                 ));
 135
 136                 DI::cache()->set('rules_' . local_user(), $rules);
 137         }
 138
 139         if ($rules) {
 140                 foreach($rules as $rule) {
 141                         try {
 142                                 $serializedParsedExpression = new ExpressionLanguage\SerializedParsedExpression(
 143                                         $rule['expression'],
 144                                         $rule['serialized']
 145                                 );
 146
 147                                 // The error suppression operator is used because of potentially broken user-supplied regular expressions
 148                                 $found = (bool) @$expressionLanguage->evaluate($serializedParsedExpression, $vars);
 149                         } catch (Exception $e) {
 150                                 $found = false;
 151                         }
 152
 153                         if ($found) {
 154                                 $hook_data['filter_reasons'][] = DI::l10n()->t('Filtered by rule: %s', $rule['name']);
 155                                 break;
 156                         }
 157                 }
 158         }
 159 }
 160
 161
 162 function advancedcontentfilter_addon_settings(App $a, array &$data)
 163 {
 164         if (!local_user()) {
 165                 return;
 166         }
 167
 168         $data = [
 169                 'addon' => 'advancedcontentfilter',
 170                 'title' => DI::l10n()->t('Advanced Content Filter'),
 171                 'href'  => 'advancedcontentfilter',
 172         ];
 173 }
 174
 175 /*
 176  * Module
 177  */
 178
 179 function advancedcontentfilter_module() {}
 180
 181 function advancedcontentfilter_init(App $a)
 182 {
 183         if (DI::args()->getArgc() > 1 && DI::args()->getArgv()[1] == 'api') {
 184                 $slim = new \Slim\App();
 185
 186                 require __DIR__ . '/src/middlewares.php';
 187
 188                 require __DIR__ . '/src/routes.php';
 189                 $slim->run();
 190
 191                 exit;
 192         }
 193 }
 194
 195 function advancedcontentfilter_content(App $a)
 196 {
 197         if (!local_user()) {
 198                 return Login::form('/' . implode('/', DI::args()->getArgv()));
 199         }
 200
 201         if (DI::args()->getArgc() > 1 && DI::args()->getArgv()[1] == 'help') {
 202                 $user = User::getById(local_user());
 203
 204                 $lang = $user['language'];
 205
 206                 $default_dir = 'addon/advancedcontentfilter/doc/';
 207                 $help_file = 'advancedcontentfilter.md';
 208                 $help_path = $default_dir . $help_file;
 209                 if (file_exists($default_dir . $lang . '/' . $help_file)) {
 210                         $help_path = $default_dir . $lang . '/' . $help_file;
 211                 }
 212
 213                 $content = file_get_contents($help_path);
 214
 215                 $html = Markdown::convert($content, false);
 216
 217                 $html = str_replace('code>', 'key>', $html);
 218
 219                 return $html;
 220         } else {
 221                 $t = Renderer::getMarkupTemplate('settings.tpl', 'addon/advancedcontentfilter/');
 222                 return Renderer::replaceMacros($t, [
 223                         '$messages' => [
 224                                 'backtosettings'    => DI::l10n()->t('Back to Addon Settings'),
 225                                 'title'             => DI::l10n()->t('Advanced Content Filter'),
 226                                 'add_a_rule'        => DI::l10n()->t('Add a Rule'),
 227                                 'help'              => DI::l10n()->t('Help'),
 228                                 'intro'             => DI::l10n()->t('Add and manage your personal content filter rules in this screen. Rules have a name and an arbitrary expression that will be matched against post data. For a complete reference of the available operations and variables, check the help page.'),
 229                                 'your_rules'        => DI::l10n()->t('Your rules'),
 230                                 'no_rules'          => DI::l10n()->t('You have no rules yet! Start adding one by clicking on the button above next to the title.'),
 231                                 'disabled'          => DI::l10n()->t('Disabled'),
 232                                 'enabled'           => DI::l10n()->t('Enabled'),
 233                                 'disable_this_rule' => DI::l10n()->t('Disable this rule'),
 234                                 'enable_this_rule'  => DI::l10n()->t('Enable this rule'),
 235                                 'edit_this_rule'    => DI::l10n()->t('Edit this rule'),
 236                                 'edit_the_rule'     => DI::l10n()->t('Edit the rule'),
 237                                 'save_this_rule'    => DI::l10n()->t('Save this rule'),
 238                                 'delete_this_rule'  => DI::l10n()->t('Delete this rule'),
 239                                 'rule'              => DI::l10n()->t('Rule'),
 240                                 'close'             => DI::l10n()->t('Close'),
 241                                 'addtitle'          => DI::l10n()->t('Add new rule'),
 242                                 'rule_name'         => DI::l10n()->t('Rule Name'),
 243                                 'rule_expression'   => DI::l10n()->t('Rule Expression'),
 244                                 'cancel'            => DI::l10n()->t('Cancel'),
 245                         ],
 246                         '$current_theme' => $a->getCurrentTheme(),
 247                         '$rules' => advancedcontentfilter_get_rules(),
 248                         '$form_security_token' => BaseModule::getFormSecurityToken()
 249                 ]);
 250         }
 251 }
 252
 253 /*
 254  * Common functions
 255  */
 256 function advancedcontentfilter_build_fields($data)
 257 {
 258         $fields = [];
 259
 260         if (!empty($data['name'])) {
 261                 $fields['name'] = $data['name'];
 262         }
 263
 264         if (!empty($data['expression'])) {
 265                 $allowed_keys = [
 266                         'author_id', 'author_link', 'author_name', 'author_avatar',
 267                         'owner_id', 'owner_link', 'owner_name', 'owner_avatar',
 268                         'contact_id', 'uid', 'id', 'parent', 'uri',
 269                         'thr_parent', 'parent_uri',
 270                         'content_warning',
 271                         'commented', 'created', 'edited', 'received',
 272                         'verb', 'object_type', 'postopts', 'plink', 'guid', 'wall', 'private', 'starred',
 273                         'title', 'body',
 274                         'file', 'event_id', 'location', 'coord', 'app', 'attach',
 275                         'rendered_hash', 'rendered_html', 'object',
 276                         'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid',
 277                         'item_id', 'item_network', 'author_thumb', 'owner_thumb',
 278                         'network', 'url', 'name', 'writable', 'self',
 279                         'cid', 'alias',
 280                         'event_created', 'event_edited', 'event_start', 'event_finish', 'event_summary',
 281                         'event_desc', 'event_location', 'event_type', 'event_nofinish', 'event_ignore',
 282                         'children', 'pagedrop', 'tags', 'hashtags', 'mentions',
 283                         'attachments',
 284                 ];
 285
 286                 $expressionLanguage = new ExpressionLanguage\ExpressionLanguage();
 287
 288                 $parsedExpression = $expressionLanguage->parse($data['expression'], $allowed_keys);
 289
 290                 $serialized = serialize($parsedExpression->getNodes());
 291
 292                 $fields['expression'] = $data['expression'];
 293                 $fields['serialized'] = $serialized;
 294         }
 295
 296         if (isset($data['active'])) {
 297                 $fields['active'] = intval($data['active']);
 298         } else {
 299                 $fields['active'] = 1;
 300         }
 301
 302         return $fields;
 303 }
 304
 305 /*
 306  * API
 307  */
 308
 309 function advancedcontentfilter_get_rules()
 310 {
 311         if (!local_user()) {
 312                 throw new HTTPException\UnauthorizedException(DI::l10n()->t('You must be logged in to use this method'));
 313         }
 314
 315         $rules = DBA::toArray(DBA::select('advancedcontentfilter_rules', [], ['uid' => local_user()]));
 316
 317         return json_encode($rules);
 318 }
 319
 320 function advancedcontentfilter_get_rules_id(ServerRequestInterface $request, ResponseInterface $response, $args)
 321 {
 322         if (!local_user()) {
 323                 throw new HTTPException\UnauthorizedException(DI::l10n()->t('You must be logged in to use this method'));
 324         }
 325
 326         $rule = DBA::selectFirst('advancedcontentfilter_rules', [], ['id' => $args['id'], 'uid' => local_user()]);
 327
 328         return json_encode($rule);
 329 }
 330
 331 function advancedcontentfilter_post_rules(ServerRequestInterface $request)
 332 {
 333         if (!local_user()) {
 334                 throw new HTTPException\UnauthorizedException(DI::l10n()->t('You must be logged in to use this method'));
 335         }
 336
 337         if (!BaseModule::checkFormSecurityToken()) {
 338                 throw new HTTPException\BadRequestException(DI::l10n()->t('Invalid form security token, please refresh the page.'));
 339         }
 340
 341         $data = json_decode($request->getBody(), true);
 342
 343         try {
 344                 $fields = advancedcontentfilter_build_fields($data);
 345         } catch (Exception $e) {
 346                 throw new HTTPException\BadRequestException($e->getMessage(), $e);
 347         }
 348
 349         if (empty($fields['name']) || empty($fields['expression'])) {
 350                 throw new HTTPException\BadRequestException(DI::l10n()->t('The rule name and expression are required.'));
 351         }
 352
 353         $fields['uid'] = local_user();
 354         $fields['created'] = DateTimeFormat::utcNow();
 355
 356         if (!DBA::insert('advancedcontentfilter_rules', $fields)) {
 357                 throw new HTTPException\ServiceUnavailableException(DBA::errorMessage());
 358         }
 359
 360         $rule = DBA::selectFirst('advancedcontentfilter_rules', [], ['id' => DBA::lastInsertId()]);
 361
 362         DI::cache()->delete('rules_' . local_user());
 363
 364         return json_encode(['message' => DI::l10n()->t('Rule successfully added'), 'rule' => $rule]);
 365 }
 366
 367 function advancedcontentfilter_put_rules_id(ServerRequestInterface $request, ResponseInterface $response, $args)
 368 {
 369         if (!local_user()) {
 370                 throw new HTTPException\UnauthorizedException(DI::l10n()->t('You must be logged in to use this method'));
 371         }
 372
 373         if (!BaseModule::checkFormSecurityToken()) {
 374                 throw new HTTPException\BadRequestException(DI::l10n()->t('Invalid form security token, please refresh the page.'));
 375         }
 376
 377         if (!DBA::exists('advancedcontentfilter_rules', ['id' => $args['id'], 'uid' => local_user()])) {
 378                 throw new HTTPException\NotFoundException(DI::l10n()->t('Rule doesn\'t exist or doesn\'t belong to you.'));
 379         }
 380
 381         $data = json_decode($request->getBody(), true);
 382
 383         try {
 384                 $fields = advancedcontentfilter_build_fields($data);
 385         } catch (Exception $e) {
 386                 throw new HTTPException\BadRequestException($e->getMessage(), $e);
 387         }
 388
 389         if (!DBA::update('advancedcontentfilter_rules', $fields, ['id' => $args['id']])) {
 390                 throw new HTTPException\ServiceUnavailableException(DBA::errorMessage());
 391         }
 392
 393         DI::cache()->delete('rules_' . local_user());
 394
 395         return json_encode(['message' => DI::l10n()->t('Rule successfully updated')]);
 396 }
 397
 398 function advancedcontentfilter_delete_rules_id(ServerRequestInterface $request, ResponseInterface $response, $args)
 399 {
 400         if (!local_user()) {
 401                 throw new HTTPException\UnauthorizedException(DI::l10n()->t('You must be logged in to use this method'));
 402         }
 403
 404         if (!BaseModule::checkFormSecurityToken()) {
 405                 throw new HTTPException\BadRequestException(DI::l10n()->t('Invalid form security token, please refresh the page.'));
 406         }
 407
 408         if (!DBA::exists('advancedcontentfilter_rules', ['id' => $args['id'], 'uid' => local_user()])) {
 409                 throw new HTTPException\NotFoundException(DI::l10n()->t('Rule doesn\'t exist or doesn\'t belong to you.'));
 410         }
 411
 412         if (!DBA::delete('advancedcontentfilter_rules', ['id' => $args['id']])) {
 413                 throw new HTTPException\ServiceUnavailableException(DBA::errorMessage());
 414         }
 415
 416         DI::cache()->delete('rules_' . local_user());
 417
 418         return json_encode(['message' => DI::l10n()->t('Rule successfully deleted')]);
 419 }
 420
 421 function advancedcontentfilter_get_variables_guid(ServerRequestInterface $request, ResponseInterface $response, $args)
 422 {
 423         if (!local_user()) {
 424                 throw new HTTPException\UnauthorizedException(DI::l10n()->t('You must be logged in to use this method'));
 425         }
 426
 427         if (!isset($args['guid'])) {
 428                 throw new HTTPException\BadRequestException(DI::l10n()->t('Missing argument: guid.'));
 429         }
 430
 431         $condition = ["`guid` = ? AND (`uid` = ? OR `uid` = 0)", $args['guid'], local_user()];
 432         $params = ['order' => ['uid' => true]];
 433         $item = Post::selectFirstForUser(local_user(), [], $condition, $params);
 434
 435         if (!DBA::isResult($item)) {
 436                 throw new HTTPException\NotFoundException(DI::l10n()->t('Unknown post with guid: %s', $args['guid']));
 437         }
 438
 439         $tags = Tag::populateFromItem($item);
 440
 441         $item['tags'] = $tags['tags'];
 442         $item['hashtags'] = $tags['hashtags'];
 443         $item['mentions'] = $tags['mentions'];
 444
 445         $attachments = Post\Media::splitAttachments($item['uri-id'], $item['guid'] ?? '');
 446
 447         $item['attachments'] = $attachments;
 448
 449         $return = advancedcontentfilter_get_filter_fields($item);
 450
 451         return json_encode(['variables' => str_replace('\\\'', '\'', var_export($return, true))]);
 452 }