BLENDER: Add Admin page for Users with links in their profile

This can help to spot early creations of spam accounts.

Author: bartvdbraak

options/locale/locale_en-US.ini

@@ -722,6 +722,8 @@ spamreport.modal_info = Report a user as a spammer to site admins.
 spamreport.modal_action = Report spam
 spamreport.profile_button = Report spam
 
+
+
 [settings]
 profile = Profile
 account = Account
@@ -2956,6 +2958,7 @@ last_page = Last
 total = Total: %d
 settings = Admin Settings
 spamreports = Spam Reports
+users_with_links = Users (Potential Spam)
 
 dashboard.new_version_hint = Gitea %s is now available, you are running %s. Check <a target="_blank" rel="noreferrer" href="%s">the blog</a> for more details.
 dashboard.statistic = Summary
@@ -3103,6 +3106,11 @@ users.list_status_filter.is_2fa_enabled = 2FA Enabled
 users.list_status_filter.not_2fa_enabled = 2FA Disabled
 users.details = User Details
 
+users.description = Description
+users.location = Location
+users.website = Website
+users.report_spam = Report Users for Spam
+
 emails.email_manage_panel = User Email Management
 emails.primary = Primary
 emails.activated = Activated

routers/web/admin/users_with_links.go

@@ -0,0 +1,84 @@
+package admin
+
+import (
+	"net/http"
+	"strings"
+
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/optional"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/services/context"
+)
+
+const tplUsersWithLinks templates.TplName = "admin/users_with_links"
+
+// UsersWithLinks renders a list of users that contain hyperlinks in bio fields
+func UsersWithLinks(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("admin.users.with_links")
+	ctx.Data["PageIsAdminUsers"] = true
+
+	// Parse filters from query parameters
+	statusActive := ctx.FormString("status_filter[is_active]")
+	statusAdmin := ctx.FormString("status_filter[is_admin]")
+	statusRestricted := ctx.FormString("status_filter[is_restricted]")
+	status2fa := ctx.FormString("status_filter[is_2fa_enabled]")
+	statusProhibit := ctx.FormString("status_filter[is_prohibit_login]")
+
+	sort := ctx.FormString("sort")
+	if sort == "" {
+		sort = "created_unix"
+	}
+	ctx.Data["SortType"] = sort
+
+	// Build search options
+	opts := &user_model.SearchUserOptions{
+		ListOptions: db.ListOptions{
+			Page:     ctx.FormInt("page"),
+			PageSize: setting.UI.Admin.UserPagingNum,
+		},
+		OrderBy: db.SearchOrderBy(sort),
+		Type:    user_model.UserTypeIndividual,
+
+		IsActive:           optional.ParseBool(statusActive),
+		IsAdmin:            optional.ParseBool(statusAdmin),
+		IsRestricted:       optional.ParseBool(statusRestricted),
+		IsTwoFactorEnabled: optional.ParseBool(status2fa),
+		IsProhibitLogin:    optional.ParseBool(statusProhibit),
+
+		IncludeReserved: true,
+		SearchByEmail:   true,
+	}
+
+	users, count, err := user_model.SearchUsers(ctx, opts)
+	if err != nil {
+		ctx.ServerError("SearchUsers", err)
+		return
+	}
+
+	// Filter users with hyperlinks in bio fields
+	filtered := make([]*user_model.User, 0, len(users))
+	for _, u := range users {
+		if containsHyperlink(u.FullName) || containsHyperlink(u.Description) ||
+			containsHyperlink(u.Location) || containsHyperlink(u.Website) {
+			filtered = append(filtered, u)
+		}
+	}
+
+	ctx.Data["Users"] = filtered
+	ctx.Data["Total"] = len(filtered)
+	ctx.Data["CanDeleteUsers"] = true
+
+	// Pagination
+	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
+	pager.AddParamFromRequest(ctx.Req)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplUsersWithLinks)
+}
+
+func containsHyperlink(text string) bool {
+	text = strings.ToLower(text)
+	return strings.Contains(text, "http://") || strings.Contains(text, "https://")
+}

routers/web/web.go

@@ -761,6 +761,9 @@ func registerWebRoutes(m *web.Router) {
 		})
 
 		// BLENDER: spam reporting
+		m.Group("/users_with_links", func() {
+			m.Get("", admin.UsersWithLinks)
+		})
 		m.Group("/spamreports", func() {
 			m.Get("", admin.SpamReports)
 			m.Post("", admin.SpamReportsPost)

templates/admin/navbar.tmpl

@@ -31,6 +31,9 @@
 				<a class="{{if .PageIsSpamReports}}active {{end}}item" href="{{AppSubUrl}}/-/admin/spamreports">
 					{{ctx.Locale.Tr "admin.spamreports"}}
 				</a>
+				<a class="{{if .PageIsSpamReports}}active {{end}}item" href="{{AppSubUrl}}/-/admin/users_with_links">
+					{{ctx.Locale.Tr "admin.users_with_links"}}
+				</a>
 			</div>
 		</details>
 		<details class="item toggleable-item" {{if or .PageIsAdminRepositories (and .EnablePackages .PageIsAdminPackages)}}open{{end}}>

templates/admin/users_with_links.tmpl

@@ -0,0 +1,50 @@
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin user")}}
+<div class="admin-setting-content">
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "admin.users_with_links"}} ({{.Total}})
+	</h4>
+
+	<div class="ui attached table segment">
+		<table class="ui very basic striped table unstackable">
+			<thead>
+				<tr>
+					<th><input type="checkbox" id="select-all"></th>
+					<th>ID</th>
+					<th>{{ctx.Locale.Tr "admin.users.name"}}</th>
+					<th>{{ctx.Locale.Tr "admin.users.full_name"}}</th>
+					<th>{{ctx.Locale.Tr "admin.users.description"}}</th>
+					<th>{{ctx.Locale.Tr "admin.users.location"}}</th>
+					<th>{{ctx.Locale.Tr "admin.users.website"}}</th>
+					<th>{{ctx.Locale.Tr "admin.users.created"}}</th>
+				</tr>
+			</thead>
+			<tbody>
+				{{range .Users}}
+				<tr>
+					<td><input type="checkbox" name="user_ids" value="{{.ID}}"></td>
+					<td>{{.ID}}</td>
+					<td><a href="{{.HomeLink}}">{{.Name}}</a></td>
+					<td>{{.FullName}}</td>
+					<td class="gt-ellipsis tw-max-w-48">{{.Description}}</td>
+					<td class="gt-ellipsis tw-max-w-48">{{.Location}}</td>
+					<td class="gt-ellipsis tw-max-w-48"><a href="{{.Website}}" target="_blank">{{.Website}}</a></td>
+					<td>{{DateUtils.AbsoluteShort .CreatedUnix}}</td>
+				</tr>
+				{{else}}
+				<tr class="no-results-row">
+					<td class="tw-text-center" colspan="8">{{ctx.Locale.Tr "no_results_found"}}</td>
+				</tr>
+				{{end}}
+			</tbody>
+		</table>
+	</div>
+
+	{{template "base/paginate" .}}
+</div>
+<script>
+	document.getElementById('select-all').addEventListener('click', function () {
+		const checkboxes = document.querySelectorAll('input[name="user_ids"]');
+		for (const cb of checkboxes) cb.checked = this.checked;
+	});
+</script>
+{{template "admin/layout_footer" .}}