feat: initial commit

Co-Authored-By: Emanuele Rocco Petrone <[email protected]>
Co-Authored-By: Gianguido Sorà <[email protected]>
Co-Authored-By: Antonio Busillo <[email protected]>

.gitignore

@@ -0,0 +1,21 @@
+#Binaries
+admin-bot
+admin
+main
+adminbot-deploy-db
+adminbot-add-admin
+database/cmd/adminbot-add-admin/adminbot-add-admin
+database/cmd/adminbot-deploy-db/adminbot-deploy-db
+*.exe
+
+#Editors folders
+.idea/
+.vscode/
+
+#Config files
+*.toml
+
+#Gometalinter results
+gometalinter-results.xml
+
+.tdlib/

.gitlab-ci.yml

@@ -0,0 +1,118 @@
+image: registry.gitlab.com/shitposting/golang
+
+variables:
+  REPO_NAME: "gitlab.com/shitposting/admin-bot"
+
+before_script:
+  - mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
+  - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
+  - cd $GOPATH/src/$REPO_NAME
+  - eval $(ssh-agent -s)
+  - mkdir -p ~/.ssh
+  - echo "$SSH_PRIVATE_KEY" >> ~/.ssh/id_rsa
+  - printf "$SSH_PUBLIC_KEY" >> ~/.ssh/id_rsa.pub
+  - chmod 700 ~/.ssh
+  - chmod 600 ~/.ssh/id_rsa
+  - chmod 644 ~/.ssh/id_rsa.pub
+  - git config --global [email protected]:.insteadOf https://gitlab.com/
+  - ssh-add ~/.ssh/id_rsa
+  - ssh-add -l
+  - ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts
+
+
+stages:
+  - format
+  - test
+  - build
+  - staging
+  - production
+
+.exceptions: &exclude  # use <<: *exclude to add this rule to a job
+  except:
+    changes:
+      - README.md
+      - FEATURE.md
+      - .gitignore
+      - config_example.toml
+      - run_gometalint.sh
+
+go-fmt:
+  stage: format
+  script:
+    - go fmt $(go list ./... | grep -v /vendor/)
+  <<: *exclude
+
+
+lint_code:
+  stage: format
+  script:
+    - mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
+    - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
+    - cd $GOPATH/src/$REPO_NAME
+    - go get -u golang.org/x/lint/golint
+    - golint -set_exit_status $(go list ./... | grep -v /vendor/)
+  allow_failure: true
+  <<: *exclude
+
+.race_detector:
+  stage: test
+  script:
+    - go test -race -short $(go list ./... | grep -v "documentstore")
+  <<: *exclude
+
+test:
+  stage: test
+  script: 
+#    - go test ./...
+    - go test -race -short $(go list ./... | grep -v "documentstore")
+  <<: *exclude
+
+compile:
+  stage: build
+  script:
+    - make build
+  <<: *exclude
+  artifacts:
+    paths:
+      - admin-bot
+
+.test-deploy:
+  stage: staging
+  script:
+    - sshpass -V
+    - export SSHPASS=$USER_PASS
+    - sshpass -e ssh -p $PORT -o stricthostkeychecking=no $USER_ID@$HOSTNAME systemctl --user stop admin-bot
+    - sshpass -e ssh -p $PORT -o stricthostkeychecking=no $USER_ID@$HOSTNAME mv /home/$USER_ID/go/bin/admin-bot /home/$USER_ID/go/bin/admin-bot_bak
+    - sshpass -e scp -P $PORT -o stricthostkeychecking=no -r admin-bot $USER_ID@$HOSTNAME:/home/$USER_ID/go/bin/admin-bot
+    - sshpass -e ssh -p $PORT -o stricthostkeychecking=no $USER_ID@$HOSTNAME systemctl --user start admin-bot
+  <<: *exclude
+
+.stop-unit:
+  stage: staging
+  script:
+    - sshpass -V
+    - export SSHPASS=$USER_PASS
+    - sshpass -e ssh -p $PORT -o stricthostkeychecking=no $USER_ID@$HOSTNAME systemctl --user stop admin-bot
+  when: manual
+  <<: *exclude
+
+.start-unit:
+  stage: staging
+  script:
+    - sshpass -V
+    - export SSHPASS=$USER_PASS
+    - sshpass -e ssh -p $PORT -o stricthostkeychecking=no $USER_ID@$HOSTNAME systemctl --user start admin-bot
+  when: manual 
+  <<: *exclude
+
+prod-deploy:
+  stage: production
+  script:
+    - sshpass -V
+    - export SSHPASS=$PROD_USER_PASS
+    - sshpass -e ssh -p $PROD_PORT -o stricthostkeychecking=no $PROD_USER_ID@$PROD_HOSTNAME systemctl --user stop admin-bot
+    - sshpass -e ssh -p $PROD_PORT -o stricthostkeychecking=no $PROD_USER_ID@$PROD_HOSTNAME mv /home/$PROD_USER_ID/go/bin/admin-bot /home/$PROD_USER_ID/go/bin/admin-bot_bak
+    - sshpass -e scp -P $PROD_PORT -o stricthostkeychecking=no -r admin-bot $PROD_USER_ID@$PROD_HOSTNAME:/home/$PROD_USER_ID/go/bin/admin-bot
+    - sshpass -e ssh -p $PROD_PORT -o stricthostkeychecking=no $PROD_USER_ID@$PROD_HOSTNAME systemctl --user start admin-bot
+  when: manual
+  <<: *exclude

Dockerfile

@@ -0,0 +1,38 @@
+# 🇧🇷 powered
+
+# Pull from our golang image with tdlib installed
+FROM registry.gitlab.com/shitposting/golang:latest as builder
+
+# Create the user and group files that will be used in the running 
+# container to run the process as an unprivileged user.
+RUN mkdir /user && \
+    echo 'adminbot:x:65534:65534:adminbot:/:' > /user/passwd && \
+    echo 'adminbot:x:65534:' > /user/group
+
+# Set the Current Working Directory inside the container
+WORKDIR $GOPATH/src/gitlab.com/shitposting/admin-bot
+
+# Copy everything from the current directory to the PWD(Present Working Directory) inside the container
+COPY . .
+
+# Compile adminbot
+RUN make install
+
+# Execution stage
+FROM registry.gitlab.com/shitposting/tdlib:latest
+
+# Dependencies
+RUN apt update && apt install -y -qq \
+    gperf 
+
+# Import the user and group files from the first stage.
+COPY --from=builder /user/group /user/passwd /etc/
+
+# Set the workdir
+WORKDIR /home/adminbot
+
+# Copy the built file
+COPY --from=builder /go/bin/admin-bot .
+
+# Run the executable
+CMD ["./admin-bot", "-config", "configs/admin-bot.toml"]

FEATURES.md

@@ -0,0 +1,97 @@
+
+# Shitposting.io `admin-bot`
+
+## Available features
+
+- Ability to blacklist all kinds of media, stickers and sticker packs
+- AI powered recognition of NSFW/suggestive content with automated removal
+- Anti spam (an user can send a maximum of 11 text/media messages, 6 other messages or a total of 18 messages in a 10 second span)
+- Anti userbot (analyzes every user that joins to check for similarities between recent joins)
+- Anti flood (reduces API calls when under attack)
+- User verification (requires user to press a button to verify they're human)
+- Emergency mode (automatically restrict users that join, requiring approval from moderators)
+- Automated deletion of non-whitelisted group/channel handles and links
+- Automated deletion of messages forwarded from non-whitelisted channels
+- Automated deletion of long messages (over 800 characters or with over 15 newlines)
+- Automated deletion of commands to prevent spamming
+- Automated reports and backups for various actions, including `@admin` mentions
+- Logging of ban motivations and automated actions with the possibility to quickly undo them or to confirm them
+
+## Available commands in groups
+
+- `/ban` bans a user.
+- `/banh` bans a user given their `@username`.
+- `/idban` bans a user given their user id (subject to Telegram's limitations on visibility).
+- `/mute` restricts a user from sending messages.
+- `/nomedia` restricts a user from sending media, stickers and gifs.
+- `/noother` restricts a user from sending stickers and gifs.
+- `/blm` adds a media to the blacklist.
+- `/bls` adds a sticker to the blacklist.
+- `/blsp` adds a sticker pack to the blacklist.
+- `/blh` adds one or more handles to the blacklist. **[ONLY FOR DB ADMINS]**
+
+### Commands usage
+
+All commands need to be sent as a reply to the message you want to act upon, otherwise they will be automatically deleted.
+
+#### `/ban`
+
+Bans a user. The syntax to use is `/ban motivation`. The command **will not** work if no motivation is provided. The motivation, along with additional data, will be stored in the database for future use.
+
+#### `/banh`
+
+Bans a user. The syntax to use is `/banh @username motivation`. The command **will not** work if no motivation is provided. The motivation, along with additional data, will be stored in the database for future use.
+
+#### `/idban`
+
+Bans a user. The syntax to use is `/idban userid motivation`. The command **will not** work if no motivation is provided. The motivation, along with additional data, will be stored in the database for future use.
+
+#### `/mute`
+
+Restricts a user to read only for a period of time. The syntax to use is `/mute [duration(e|w|d|h|m)]`.
+
+The duration parameter is optional and, if omitted or the specified duration cannot be parsed, the bot will default the duration to 12 hours. **Restricting an user for under a minute will often lead to the restriction being permanent**.
+
+#### `/nomedia`
+
+Restricts a user from sending media, stickers and gifs for a period of time. The syntax to use is `/(nomedia|nopic) [duration(e|w|d|h|m)]`.
+
+The duration parameter is optional and, if omitted or the specified duration cannot be parsed, the bot will default the duration to 12 hours. **Restricting an user for under a minute will often lead to the restriction being permanent**.
+
+#### `/nosticker`
+
+Restricts a user from sending stickers and gifs for a period of time. The syntax to use is `/nosticker [duration(e|w|d|h|m)]`.
+
+The duration parameter is optional and, if omitted or the specified duration cannot be parsed, the bot will default the duration to 12 hours. **Restricting an user for under a minute will often lead to the restriction being permanent**.
+
+### `/blm`
+
+Blacklists a sticker/photo/video/audio/voice message/video message/animation.
+
+### `/bls`
+
+Blacklists a sticker.
+
+### `/blsp`
+
+Blacklists a sticker pack. In case the sticker does not have one, it'll blacklist the single sticker.
+
+### `/blh`
+
+Blacklists handles. **ONLY DATABASE ADMINS CAN USE THIS COMMAND**.
+
+The bot will look for all handles present in a message: @mentions and t.me / telegram.me links. In case no handles are found, the bot will, in case the message has been forwarded, blacklist the handle of the original poster.
+
+### Available feaures in a private conversation **[DB ADMINS ONLY]**
+
+In a private conversation with the bot, an admin can perform all blacklist actions with a few additions.
+
+- Blacklist multiple things at once by activating blacklist all mode with the command `/blacklistall`
+- Blacklist handles by sending the handle as a text message to the bot
+- Pardon blacklisted content
+- Whitelist photos, videos and animations recognised as unsafe by the AI
+- Whitelist a channel with the command `/whitelistchannel`.
+- Remove a channel from the whitelist with `/removechannel`.
+- Get user informations (ex. ban status, restriction status) by forwarding text messages of an user. In case the user is banned or restricted, a button for a quick unban/unrestriction will be provided as well.
+- Mod an user in the chat by using `/mod userid`. Additional information on the user will be provided and a button will need to be clicked in order to complete the action.
+- Activate an emergency mode with `/emergencymode [duration]`. For the specified amount of time, users without a profile picture or an username will automatically be limited and an alert will be sent on the report channel. Emergency mode can be toggled off at any time by sending `/emergencymode` again.

Makefile

@@ -0,0 +1,47 @@
+# per gentile concessione: https://gist.github.com/subfuzion/0bd969d08fe0d8b5cc4b23c795854a13
+
+SHELL := /bin/bash
+
+TARGET := $(shell echo $${PWD\#\#*/})
+.DEFAULT_GOAL: $(TARGET)
+
+VERSION := $(shell git describe --tags --abbrev=0)
+BUILD := $(shell git rev-parse HEAD)
+LDFLAGS=-ldflags "-X=main.Version=$(VERSION) -X=main.Build=$(BUILD)"
+
+SRC = $(shell find . -type f -name '*.go' -not -path "./vendor/*")
+
+.PHONY: all build clean install uninstall fmt simplify check run
+
+all: check build
+
+$(TARGET): $(SRC)
+	$(info Building $(TARGET) ${VERSION}. Build ${BUILD})
+	@env CGO_CFLAGS_ALLOW="-L(.*)|-I(.*)" go build $(LDFLAGS) -o $(TARGET)
+
+build: $(TARGET)
+	@true
+
+clean:
+	@rm -f $(TARGET)
+
+install:
+	$(info Building $(TARGET) ${VERSION}. Build ${BUILD})
+	@env CGO_CFLAGS_ALLOW="-L(.*)|-I(.*)" go install $(LDFLAGS)
+
+uninstall: clean
+	@rm -f $$(which ${TARGET})
+
+fmt:
+	@gofmt -l -w $(SRC)
+
+simplify:
+	@gofmt -s -l -w $(SRC)
+
+check:
+	@test -z $(shell gofmt -l main.go | tee /dev/stderr) || echo "[WARN] Fix formatting issues with 'make fmt'"
+	@for d in $$(go list ./... | grep -v /vendor/); do golint $${d}; done
+	@go tool vet ${SRC}
+
+run: install
+	@$(TARGET)GOBUILD=go