TL0 Instagram 和 Youtube 链接帖子出现 500 错误

markersocial · 2020 年11 月 17 日 13:53

我遇到了一个奇怪的错误。

这是在测试实例上发生的（测试已通过，错误在 beta 和 tests-passed 分支上均出现过）。我尝试卸载了除 Docker Manager 之外的所有插件，并移除了所有主题组件。

我从 Stable 更新到了 Beta，然后又更新到了 tests-passed。一个线索可能是：在更新后，普通测试用户账户的两篇旧帖子被系统标记，原因是它们包含过多指向相同域名的引用。

当我尝试使用 TL0 信任等级的账户发帖时，可以正常发布 Twitter 和 Reddit 的 oneboxes。然而，Instagram 和 YouTube 链接会返回 500 错误。如果将该账户的信任等级提升至 TL1，链接可以正常发布（但如果将其恢复为 TL0，则再次出现 500 错误）。

此外，如果将 YouTube 和 Instagram 添加到 allowed_spam_host_domains 配置中，TL0 用户的 500 错误就会消失。

日志 - 信息：

NoMethodError (undefined method `title' for nil:NilClass)
lib/post_action_creator.rb:264:in `create_message_creator'
lib/post_action_creator.rb:91:in `perform'
lib/post_action_creator.rb:18:in `create'
app/models/user.rb:1073:in `block in flag_linked_posts_as_spam'
app/models/user.rb:1066:in `flag_linked_posts_as_spam'
lib/new_post_manager.rb:284:in `perform_create_post'
lib/new_post_manager.rb:216:in `perform'
app/controllers/posts_controller.rb:180:in `create'
app/controllers/application_controller.rb:357:in `block in with_resolved_locale'
app/controllers/application_controller.rb:357:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:68:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:354:in `call'
config/initializers/100-quiet_logger.rb:23:in `call'
config/initializers/100-silence_logger.rb:31:in `call'
lib/middleware/enforce_hostname.rb:22:in `call'
lib/middleware/request_tracker.rb:176:in `call'

日志 - 回溯：

lib/post_action_creator.rb:264:in `create_message_creator'

lib/post_action_creator.rb:91:in `perform'

lib/post_action_creator.rb:18:in `create'

app/models/user.rb:1073:in `block in flag_linked_posts_as_spam'

activerecord (6.0.3.3) lib/active_record/relation/delegation.rb:87:in `each'

activerecord (6.0.3.3) lib/active_record/relation/delegation.rb:87:in `each'

app/models/user.rb:1066:in `flag_linked_posts_as_spam'

lib/new_post_manager.rb:284:in `perform_create_post'

lib/new_post_manager.rb:216:in `perform'

app/controllers/posts_controller.rb:180:in `create'

actionpack (6.0.3.3) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'

actionpack (6.0.3.3) lib/abstract_controller/base.rb:195:in `process_action'

actionpack (6.0.3.3) lib/action_controller/metal/rendering.rb:30:in `process_action'

actionpack (6.0.3.3) lib/abstract_controller/callbacks.rb:42:in `block in process_action'

activesupport (6.0.3.3) lib/active_support/callbacks.rb:112:in `block in run_callbacks'

app/controllers/application_controller.rb:357:in `block in with_resolved_locale'

i18n (1.8.5) lib/i18n.rb:313:in `with_locale'

app/controllers/application_controller.rb:357:in `with_resolved_locale'

activesupport (6.0.3.3) lib/active_support/callbacks.rb:121:in `block in run_callbacks'

activesupport (6.0.3.3) lib/active_support/callbacks.rb:139:in `run_callbacks'

actionpack (6.0.3.3) lib/abstract_controller/callbacks.rb:41:in `process_action'

actionpack (6.0.3.3) lib/action_controller/metal/rescue.rb:22:in `process_action'

actionpack (6.0.3.3) lib/action_controller/metal/instrumentation.rb:33:in `block in process_action'

activesupport (6.0.3.3) lib/active_support/notifications.rb:180:in `block in instrument'

activesupport (6.0.3.3) lib/active_support/notifications/instrumenter.rb:24:in `instrument'

activesupport (6.0.3.3) lib/active_support/notifications.rb:180:in `instrument'

actionpack (6.0.3.3) lib/action_controller/metal/instrumentation.rb:32:in `process_action'

actionpack (6.0.3.3) lib/action_controller/metal/params_wrapper.rb:245:in `process_action'

activerecord (6.0.3.3) lib/active_record/railties/controller_runtime.rb:27:in `process_action'

actionpack (6.0.3.3) lib/abstract_controller/base.rb:136:in `process'

actionview (6.0.3.3) lib/action_view/rendering.rb:39:in `process'

rack-mini-profiler (2.2.0) lib/mini_profiler/profiling_methods.rb:85:in `block in profile_method'

actionpack (6.0.3.3) lib/action_controller/metal.rb:190:in `dispatch'

actionpack (6.0.3.3) lib/action_controller/metal.rb:254:in `dispatch'

actionpack (6.0.3.3) lib/action_dispatch/routing/route_set.rb:50:in `dispatch'

actionpack (6.0.3.3) lib/action_dispatch/routing/route_set.rb:33:in `serve'

actionpack (6.0.3.3) lib/action_dispatch/journey/router.rb:49:in `block in serve'

actionpack (6.0.3.3) lib/action_dispatch/journey/router.rb:32:in `each'

actionpack (6.0.3.3) lib/action_dispatch/journey/router.rb:32:in `serve'

actionpack (6.0.3.3) lib/action_dispatch/routing/route_set.rb:834:in `call'

lib/middleware/omniauth_bypass_middleware.rb:68:in `call'

rack (2.2.3) lib/rack/tempfile_reaper.rb:15:in `call'

rack (2.2.3) lib/rack/conditional_get.rb:40:in `call'

rack (2.2.3) lib/rack/head.rb:12:in `call'

lib/content_security_policy/middleware.rb:12:in `call'

lib/middleware/anonymous_cache.rb:354:in `call'

rack (2.2.3) lib/rack/session/abstract/id.rb:266:in `context'

rack (2.2.3) lib/rack/session/abstract/id.rb:260:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/cookies.rb:648:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'

activesupport (6.0.3.3) lib/active_support/callbacks.rb:101:in `run_callbacks'

actionpack (6.0.3.3) lib/action_dispatch/middleware/callbacks.rb:26:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'

logster (2.9.4) lib/logster/middleware/reporter.rb:43:in `call'

railties (6.0.3.3) lib/rails/rack/logger.rb:37:in `call_app'

railties (6.0.3.3) lib/rails/rack/logger.rb:28:in `call'

config/initializers/100-quiet_logger.rb:23:in `call'

config/initializers/100-silence_logger.rb:31:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/request_id.rb:27:in `call'

lib/middleware/enforce_hostname.rb:22:in `call'

rack (2.2.3) lib/rack/method_override.rb:24:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/executor.rb:14:in `call'

rack (2.2.3) lib/rack/sendfile.rb:110:in `call'

actionpack (6.0.3.3) lib/action_dispatch/middleware/host_authorization.rb:76:in `call'

rack-mini-profiler (2.2.0) lib/mini_profiler/profiler.rb:246:in `call'

message_bus (3.3.4) lib/message_bus/rack/middleware.rb:61:in `call'

lib/middleware/request_tracker.rb:176:in `call'

railties (6.0.3.3) lib/rails/engine.rb:527:in `call'

railties (6.0.3.3) lib/rails/railtie.rb:190:in `public_send'

railties (6.0.3.3) lib/rails/railtie.rb:190:in `method_missing'

rack (2.2.3) lib/rack/urlmap.rb:74:in `block in call'

rack (2.2.3) lib/rack/urlmap.rb:58:in `each'

rack (2.2.3) lib/rack/urlmap.rb:58:in `call'

unicorn (5.7.0) lib/unicorn/http_server.rb:632:in `process_client'

unicorn (5.7.0) lib/unicorn/http_server.rb:728:in `worker_loop'

unicorn (5.7.0) lib/unicorn/http_server.rb:548:in `spawn_missing_workers'

unicorn (5.7.0) lib/unicorn/http_server.rb:144:in `start'

unicorn (5.7.0) bin/unicorn:128:in `<top (required)>'

vendor/bundle/ruby/2.6.0/bin/unicorn:23:in `load'

vendor/bundle/ruby/2.6.0/bin/unicorn:23:in `<main>'

techAPJ · 2020 年11 月 19 日 17:41

我在最新版本的 Discourse 上无法复现此问题。

请尝试将您的 Discourse 实例更新至最新版本，并在安全模式下测试。如果问题仍然存在，请检查您是否修改了任何相关设置。

markersocial · 2020 年11 月 22 日 15:51

感谢 @techAPJ 的回复。我认为这与新用户发布指向同一域名的链接有关，当链接数量超过“新用户垃圾邮件主机阈值”且该域名不在“允许的垃圾邮件主机域名”列表中时，就会触发问题。

这似乎并非针对特定主机，而是只要 TL0 级别的用户在同一主机上发布链接次数过多就会触发。它也不特定于某些域名（如 Instagram 和 YouTube）。

我已将系统更新至最新版本的 Discourse（测试通过 2.6.0beta6），未安装任何插件（除 Docker 管理器外）或模板，并在我的测试实例（使用 TL0 普通用户）上确认了以下情况：

如果我将“新用户垃圾邮件主机阈值”增加 1，该用户可以再发布一次指向同一域名（此前会导致 500 错误）的链接。但在下一次发布时，他们仍会收到 500 错误。此现象可重复。
如果我将该域名添加到“允许的垃圾邮件主机域名”列表中，他们就可以继续发布该域名的 URL，且不会出错。
如果将该用户的信任等级提升至 1，他们也可以继续发布该域名的 URL，且不会出错。

如果您根据上述信息无法复现该问题，请告知，我将尝试在安全模式下进行测试。

techAPJ · 2021 年4 月 29 日 16:28

经过仔细排查，这似乎并非漏洞，而是按设计正常运行的机制。

新用户不允许发布过多来自同一主机的链接。如果管理员希望覆盖此行为，可以通过调整 newuser_spam_host_threshold 和 allowed_spam_host_domains 站点设置来实现。

这一点也体现在我们因重复链接而阻止帖子时向工作人员发送的消息中：

github.com/discourse/discourse

config/locales/server.en.yml

cd93d1b5f


      
          subject_template: "New user %{username} posts blocked due to repeated links"
          text_body_template: |
            This is an automated message.
          
            The new user [%{username}](%{user_url}) tried to create multiple posts with links to %{domains}, but those posts were blocked to avoid spam. The user is still able to create new posts that do not link to %{domains}.
          
            Please [review the user](%{user_url}).
          
            This can be modified via the `newuser_spam_host_threshold` and `allowed_spam_host_domains` site settings. Consider adding %{domains} to the allowlist if they should be exempt.

techAPJ · 2021 年4 月 30 日 16:28

此主题在 23 小时后自动关闭。不再允许新回复。

话题		回复	浏览量
White_listed_spam_host_domains setting not being honoured for New Users? UX	11	1142	2019 年10 月 25 日
User can't post: 500 internal server error Support	12	1402	2018 年4 月 18 日
500 Error While Posting a Topic Bug	16	875	2020 年8 月 6 日
I get "500 error" error while editing post Self-hosting	15	1060	2026 年3 月 17 日
Link to own domain results in "Internal Server Error" Support	6	861	2019 年10 月 18 日

TL0 Instagram 和 Youtube 链接帖子出现 500 错误

相关话题