dev: Scam file purge helper#3629
Open
isTravis wants to merge 3 commits into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a new Scam Files tab to the superadmin dashboard for handling phishing/malware reports on
assets.pubpub.org. Previously, responding to these reports required manually running S3 commands and CDN purge API calls. This tab provides a guided workflow with status verification at each step.I have only tested this locally, where there aren't the same spam files that are being reported from prod. This will likely need a couple iterations to work out bugs that we'll only find once deployed.
Workflow
hxxps://assets.pubpub[.]org/...are handled automatically)reported-scamsS3 bucket (preserving the key as an archive)assets.pubpub.orgA Check Status button queries each layer independently — S3 via HeadObject (bypasses CDN), and a HEAD request to the CDN URL to inspect
cf-cache-status,x-cache, and other headers — so you can verify the file is fully gone before and after each step.The check also searches User and Community image fields for references to the asset key. If an associated account is found, it displays the current spam status and provides quick Mark Spam / Mark Not Spam buttons (using the existing spamTags API).
New env var required
CLOUDFLARE_CACHE_PURGE_API_TOKEN— a Cloudflare API token with Zone > Cache Purge > Edit permission. The tab warns if this isn't set but doesn't block the other steps.