do not hardcode e-mail addresses, update readme

This commit is contained in:
Wouter Groeneveld 2022-04-24 16:25:00 +02:00
parent 0652aa73d4
commit f1ac5a9602
6 changed files with 31 additions and 8 deletions

View File

@ -16,6 +16,8 @@ Place a `config.json` file in the same directory that looks like this: (below ar
```json
{
"baseURL": "https://mygojamminginstance.mydomain.com/",
"adminEmail": "myemail@domain.com",
"port": 1337,
"host": "localhost",
"token": "miauwkes",
@ -26,13 +28,16 @@ Place a `config.json` file in the same directory that looks like this: (below ar
],
"blacklist": [
"youtube.com"
]
],
"whitelist": []
}
```
- baseURL, with trailing slash: base access point, used in approval/admin panel
- adminEmail, the e-mail address to send notificaions to. If absent, will not send out mails. **uses 127.0.0.1:25 postfix** at the moment.
- port, host: http server params
- token, allowedWebmentionSources: see below, used for authentication
- blacklist: blacklist domains from which we do NOT send to or accept mentions from.
- blacklist/whitelist: domains from which we do (NOT) send to or accept mentions from.
- utcOffset: offset in minutes for date processing, starting from UTC time.
If a config file is missing, or required keys are missing, a warning will be generated and default values will be used instead. See `common/config.go`.

View File

@ -126,7 +126,7 @@ It will attempt to auto-discover them with a HEAD call, in the following order:
3. `/feed`
4. `/feed/index.xml`
If none provied a status of 200 with content-type `application/xml`, it will abort and log an error.
If none provied a status of 200 with a Content-Type that contains `xml`, it will abort and log an error.
Note that this _requires your site to be on HTTPS_!!
@ -188,7 +188,21 @@ Database migrations are run using the `-migrate` flag.
Since Go-jamming still supports Pingbacks, spam could be an issue. However, if the URL doesn't contain a genuine link, the mention will be immediately dropped.
Still, spammers always find a way and sometimes even create fake blog posts with real links to your blog. In that case, simply add the domain to the `blacklist` in `config.json`.
Still, spammers always find a way and sometimes even create fake blog posts with real links to your blog.
### Mentions _in moderation_
Go-Jamming employs a `whitelist` and `blacklist` system. By default, all mentions end up in a moderation queue, another database that will not pollute the mention db.
Each mention has to be manually approved. An e-mail to `localhost:25` (a local Postfix) will be sent out with approve/reject links, if configured. Otherwise, the endpoint `/admin/{token}` is the dashboard where you can approve/reject from time to time:
![](https://raw.githubusercontent.com/wgroeneveld/go-jamming/master/adminpanel.jpg)
Approved mentions will have their domain added to the whitelist. Rejected mentions will have their domain added to the blacklist.
### Manually blacklisting partial domains
In that case, simply add the domain to the `blacklist` in `config.json`.
Adding this **manually** will not remove existing spam in your DB! The `-blacklist` flag is there to:

BIN
adminpanel.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 141 KiB

View File

@ -55,11 +55,11 @@ func sendMail(from, subject, body, toName, toAddress string) error {
func (mn *MailNotifier) NotifyReceived(wm mf.Mention, indieweb *mf.IndiewebData) {
err := sendMail(
"admin@brainbaking.com",
mn.Conf.AdminEmail,
"Webmention in moderation from "+wm.SourceDomain(),
BuildNotification(wm, indieweb, mn.Conf),
"Go-Jamming User",
"wouter@brainbaking.com")
mn.Conf.AdminEmail)
if err != nil {
log.Err(err).Msg("Unable to send notification mail, check localhost postfix settings?")

View File

@ -89,9 +89,11 @@ func HandlePost(conf *common.Config, repo db.MentionRepo) http.HandlerFunc {
RestClient: httpClient,
Conf: conf,
Repo: repo,
Notifier: &notifier.MailNotifier{
}
if len(conf.AdminEmail) > 0 {
recv.Notifier = &notifier.MailNotifier{
Conf: conf,
},
}
}
go recv.Receive(wm)

View File

@ -14,6 +14,7 @@ import (
type Config struct {
// BaseURL should end with a / and is used to build URLs in notifications
BaseURL string `json:"baseURL"`
AdminEmail string `json:"adminEmail"`
Port int `json:"port"`
Token string `json:"token"`
UtcOffset int `json:"utcOffset"`
@ -137,6 +138,7 @@ func config() *Config {
func defaultConfig() *Config {
defaultConfig := &Config{
AdminEmail: "wouter@brainbaking.com",
BaseURL: "https://jam.brainbaking.com/",
Port: 1337,
Token: "miauwkes",