feat: ban user if they post link within 10mins of account creation#3531
Merged
feat: ban user if they post link within 10mins of account creation#3531
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces an automated spam mitigation flow that marks (and effectively bans) very new accounts when they post comments containing links, and updates comment rendering so links are emitted with rel="nofollow".
Changes:
- Add server-side auto-ban logic for “new account + link in comment” and wire it into discussion/thread-comment form submission endpoints.
- Extend spam-tag typing + notification reason text and add a new spam notification event (
new-account-link-comment-ban). - Add client-side comment-editor link mark that outputs
rel="nofollow", plus tests for the new auto-ban behavior.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
types/spam.ts |
Adds trigger types/fields for recording link-based spam triggers on user spam tags. |
server/spamTag/commentSpam.ts |
Implements the auto-ban detection/tagging + notification dispatch. |
server/threadComment/api.ts |
Wires auto-ban into thread comment creation (currently only /fromForm). |
server/discussion/api.ts |
Wires auto-ban into discussion creation (currently only /fromForm). |
server/threadComment/__tests__/api.test.ts |
Adds an integration test asserting link-posting new accounts are banned. |
server/discussion/__tests__/api.test.ts |
Adds an integration test asserting link-posting new accounts are banned. |
server/spamTag/notifications/index.ts |
Registers a new spam event handler for auto-bans. |
server/spamTag/notifications/shared.ts |
Formats the new trigger type into human-readable ban reasons. |
server/spamTag/notifications/slack.ts |
Minor structure change to the test-environment early return. |
client/containers/Pub/PubDocument/PubDiscussions/Discussion/commentEditorMarks.ts |
Adds a custom link mark for comment editors that outputs rel="nofollow". |
client/containers/Pub/PubDocument/PubDiscussions/Discussion/ThreadComment.tsx |
Passes customMarks into the comment editor instance. |
client/containers/Pub/PubDocument/PubDiscussions/Discussion/DiscussionInput.tsx |
Passes customMarks into the discussion starter editor instance. |
client/components/Editor/schemas/base.ts |
Avoids mutating node attrs in toDOM; retains link output behavior. |
infra/.env.enc |
Adds encrypted config for the new time window env var. |
infra/.env.dev.enc |
Adds encrypted config for the new time window env var in dev. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| } | ||
|
|
||
| const options = { ...req.body, userId }; | ||
|
|
server/spamTag/commentSpam.ts
Outdated
Comment on lines
+18
to
+19
| console.log('PARSED WINDOW MINUTES', parsedWindowMinutes); | ||
|
|
Comment on lines
+80
to
+98
| const user = await User.findOne({ | ||
| where: { id: userId }, | ||
| include: [{ model: SpamTag, as: 'spamTag' }], | ||
| }); | ||
|
|
||
| const accountAgeMs = getAccountAgeMs(user?.createdAt); | ||
|
|
||
| const contentTree = Node.fromJSON(editorSchema, content); | ||
|
|
||
| const links: Mark[] = []; | ||
|
|
||
| contentTree.descendants((node) => { | ||
| node.marks.forEach((mark) => { | ||
| if (mark.type.name === 'link') { | ||
| links.push(mark); | ||
| } | ||
| }); | ||
| }); | ||
| const shouldSkipAutoBan = !user || accountAgeMs > NEW_ACCOUNT_LINK_COMMENT_WINDOW_MS; |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue(s) Resolved
Does what it says on the tin
Also more: adds
nofollowattrs to links, that way they won't get indexed in googleTest Plan
Screenshots (if applicable)
Optional
Notes/Context/Gotchas
Supporting Docs