saul365/commento
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: saul365:master
Branches Tags
saul365:master
saul365:v1.8.0 saul365:v1.8.0-rc1 saul365:v1.7.0 saul365:v1.6.2 saul365:v1.6.1 saul365:v1.6.0 saul365:v1.5.0 saul365:v1.4.2 saul365:v1.4.1 saul365:v1.4.0 saul365:v1.3.1 saul365:v1.2.0 saul365:v1.1.3 saul365:v1.1.2 saul365:v1.1.1 saul365:v1.1.0 saul365:v1.0.0
..
compare: saul365:v1.8.0
Branches Tags
saul365:master
saul365:v1.8.0 saul365:v1.8.0-rc1 saul365:v1.7.0 saul365:v1.6.2 saul365:v1.6.1 saul365:v1.6.0 saul365:v1.5.0 saul365:v1.4.2 saul365:v1.4.1 saul365:v1.4.0 saul365:v1.3.1 saul365:v1.2.0 saul365:v1.1.3 saul365:v1.1.2 saul365:v1.1.1 saul365:v1.1.0 saul365:v1.0.0

1 Commits
master ... v1.8.0

Author SHA1 Message Date
Adhityaa Chandrasekar
a2a8f9ce86 release: v1.8.0 2020-04-10 17:55:22 -04:00
12 changed files with 90 additions and 107 deletions
Expand all files Collapse all files

37
Dockerfile
View File

@@ -1,51 +1,46 @@
# backend build (api server) # backend build (api server)
FROM golang:1.15-alpine AS api-build FROM golang:1.14-alpine AS api-build
RUN apk add --no-cache --update bash dep make git curl g++ RUN apk add --no-cache --update bash dep make git curl g++
ARG RELEASE=prod
COPY ./api /go/src/commento/api/ COPY ./api /go/src/commento/api/
WORKDIR /go/src/commento/api WORKDIR /go/src/commento/api
RUN make ${RELEASE} -j$(($(nproc) + 1)) RUN make prod -j$(($(nproc) + 1))
# frontend build (html, js, css, images) # frontend build (html, js, css, images)
FROM node:12-alpine AS frontend-build FROM node:10-alpine AS frontend-build
RUN apk add --no-cache --update bash make python2 g++ RUN apk add --no-cache --update bash make python2 g++
ARG RELEASE=prod
COPY ./frontend /commento/frontend COPY ./frontend /commento/frontend
WORKDIR /commento/frontend/ WORKDIR /commento/frontend/
RUN make ${RELEASE} -j$(($(nproc) + 1)) RUN make prod -j$(($(nproc) + 1))
# templates and db build # templates and db build
FROM alpine:3.13 AS templates-db-build FROM alpine:3.9 AS templates-db-build
RUN apk add --no-cache --update bash make RUN apk add --no-cache --update bash make
ARG RELEASE=prod
COPY ./templates /commento/templates COPY ./templates /commento/templates
WORKDIR /commento/templates WORKDIR /commento/templates
RUN make ${RELEASE} -j$(($(nproc) + 1)) RUN make prod -j$(($(nproc) + 1))
COPY ./db /commento/db COPY ./db /commento/db
WORKDIR /commento/db WORKDIR /commento/db
RUN make ${RELEASE} -j$(($(nproc) + 1)) RUN make prod -j$(($(nproc) + 1))
# final image # final image
FROM alpine:3.13 FROM alpine:3.7
RUN apk add --no-cache --update ca-certificates RUN apk add --no-cache --update ca-certificates
ARG RELEASE=prod COPY --from=api-build /go/src/commento/api/build/prod/commento /commento/commento
COPY --from=frontend-build /commento/frontend/build/prod/js /commento/js
COPY --from=api-build /go/src/commento/api/build/${RELEASE}/commento /commento/commento COPY --from=frontend-build /commento/frontend/build/prod/css /commento/css
COPY --from=frontend-build /commento/frontend/build/${RELEASE}/js /commento/js COPY --from=frontend-build /commento/frontend/build/prod/images /commento/images
COPY --from=frontend-build /commento/frontend/build/${RELEASE}/css /commento/css COPY --from=frontend-build /commento/frontend/build/prod/fonts /commento/fonts
COPY --from=frontend-build /commento/frontend/build/${RELEASE}/images /commento/images COPY --from=frontend-build /commento/frontend/build/prod/*.html /commento/
COPY --from=frontend-build /commento/frontend/build/${RELEASE}/fonts /commento/fonts COPY --from=templates-db-build /commento/templates/build/prod/templates /commento/templates/
COPY --from=frontend-build /commento/frontend/build/${RELEASE}/*.html /commento/ COPY --from=templates-db-build /commento/db/build/prod/db /commento/db/
COPY --from=templates-db-build /commento/templates/build/${RELEASE}/templates /commento/templates/
COPY --from=templates-db-build /commento/db/build/${RELEASE}/db /commento/db/
EXPOSE 8080 EXPOSE 8080
WORKDIR /commento/ WORKDIR /commento/

4
api/Makefile
View File

@@ -26,11 +26,11 @@ clean:
devel-go: devel-go:
GO111MODULE=on go mod vendor GO111MODULE=on go mod vendor
GO111MODULE=on go build -mod=vendor -v -o $(GO_DEVEL_BUILD_BINARY) -ldflags "-X main.version=$(shell git describe --tags)" GO111MODULE=on go build -mod=vendor -v -o $(GO_DEVEL_BUILD_BINARY) -ldflags "-X main.version=v1.8.0"
prod-go: prod-go:
GO111MODULE=on go mod vendor GO111MODULE=on go mod vendor
GO111MODULE=on go build -mod=vendor -v -o $(GO_PROD_BUILD_BINARY) -ldflags "-X main.version=$(shell git describe --tags)" GO111MODULE=on go build -mod=vendor -v -o $(GO_PROD_BUILD_BINARY) -ldflags "-X main.version=v1.8.0"
test-go: test-go:
GO111MODULE=on go mod vendor GO111MODULE=on go mod vendor

17
api/comment_delete.go
View File

@@ -2,26 +2,19 @@ package main
import ( import (
"net/http" "net/http"
"time"
) )
func commentDelete(commentHex string, deleterHex string) error { func commentDelete(commentHex string) error {
if commentHex == "" || deleterHex == "" { if commentHex == "" {
return errorMissingField return errorMissingField
} }
statement := ` statement := `
UPDATE comments UPDATE comments
SET SET deleted = true, markdown = '[deleted]', html = '[deleted]', commenterHex = 'anonymous'
deleted = true,
markdown = '[deleted]',
html = '[deleted]',
commenterHex = 'anonymous',
deleterHex = $2,
deletionDate = $3
WHERE commentHex = $1; WHERE commentHex = $1;
` `
_, err := db.Exec(statement, commentHex, deleterHex, time.Now().UTC()) _, err := db.Exec(statement, commentHex)
if err != nil { if err != nil {
// TODO: make sure this is the error is actually non-existant commentHex // TODO: make sure this is the error is actually non-existant commentHex
@@ -72,7 +65,7 @@ func commentDeleteHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
if err = commentDelete(*x.CommentHex, c.CommenterHex); err != nil { if err = commentDelete(*x.CommentHex); err != nil {
bodyMarshal(w, response{"success": false, "message": err.Error()}) bodyMarshal(w, response{"success": false, "message": err.Error()})
return return
} }

11
api/comment_delete_test.go
View File

@@ -8,16 +8,15 @@ import (
func TestCommentDeleteBasics(t *testing.T) { func TestCommentDeleteBasics(t *testing.T) {
failTestOnError(t, setupTestEnv()) failTestOnError(t, setupTestEnv())
commenterHex := "temp-commenter-hex" commentHex, _ := commentNew("temp-commenter-hex", "example.com", "/path.html", "root", "**foo**", "approved", time.Now().UTC())
commentHex, _ := commentNew(commenterHex, "example.com", "/path.html", "root", "**foo**", "approved", time.Now().UTC()) commentNew("temp-commenter-hex", "example.com", "/path.html", commentHex, "**bar**", "approved", time.Now().UTC())
commentNew(commenterHex, "example.com", "/path.html", commentHex, "**bar**", "approved", time.Now().UTC())
if err := commentDelete(commentHex, commenterHex); err != nil { if err := commentDelete(commentHex); err != nil {
t.Errorf("unexpected error deleting comment: %v", err) t.Errorf("unexpected error deleting comment: %v", err)
return return
} }
c, _, _ := commentList(commenterHex, "example.com", "/path.html", false) c, _, _ := commentList("temp-commenter-hex", "example.com", "/path.html", false)
if len(c) != 0 { if len(c) != 0 {
t.Errorf("expected no comments found %d comments", len(c)) t.Errorf("expected no comments found %d comments", len(c))
@@ -28,7 +27,7 @@ func TestCommentDeleteBasics(t *testing.T) {
func TestCommentDeleteEmpty(t *testing.T) { func TestCommentDeleteEmpty(t *testing.T) {
failTestOnError(t, setupTestEnv()) failTestOnError(t, setupTestEnv())
if err := commentDelete("", "test-commenter-hex"); err == nil { if err := commentDelete(""); err == nil {
t.Errorf("expected error deleting comment with empty commentHex") t.Errorf("expected error deleting comment with empty commentHex")
return return
} }

46
api/comment_new.go
View File

@@ -82,37 +82,61 @@ func commentNewHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
var commenterHex, commenterName, commenterEmail, commenterLink string // logic: (empty column indicates the value doesn't matter)
var isModerator bool // | anonymous | moderator | requireIdentification | requireModeration | moderateAllAnonymous | approved? |
// |-----------+-----------+-----------------------+-------------------+----------------------+-----------|
// | yes | | | | no | yes |
// | yes | | | | yes | no |
// | no | yes | | | | yes |
// | no | no | | yes | | yes |
// | no | no | | no | | no |
var commenterHex string
var state string
if *x.CommenterToken == "anonymous" { if *x.CommenterToken == "anonymous" {
commenterHex, commenterName, commenterEmail, commenterLink = "anonymous", "Anonymous", "", "" commenterHex = "anonymous"
if isSpam(*x.Domain, getIp(r), getUserAgent(r), "Anonymous", "", "", *x.Markdown) {
state = "flagged"
} else {
if d.ModerateAllAnonymous || d.RequireModeration {
state = "unapproved"
} else {
state = "approved"
}
}
} else { } else {
c, err := commenterGetByCommenterToken(*x.CommenterToken) c, err := commenterGetByCommenterToken(*x.CommenterToken)
if err != nil { if err != nil {
bodyMarshal(w, response{"success": false, "message": err.Error()}) bodyMarshal(w, response{"success": false, "message": err.Error()})
return return
} }
commenterHex, commenterName, commenterEmail, commenterLink = c.CommenterHex, c.Name, c.Email, c.Link
// cheaper than a SQL query as we already have this information
isModerator := false
for _, mod := range d.Moderators { for _, mod := range d.Moderators {
if mod.Email == c.Email { if mod.Email == c.Email {
isModerator = true isModerator = true
break break
} }
} }
}
var state string commenterHex = c.CommenterHex
if isModerator { if isModerator {
state = "approved" state = "approved"
} else if d.RequireModeration { } else {
state = "unapproved" if isSpam(*x.Domain, getIp(r), getUserAgent(r), c.Name, c.Email, c.Link, *x.Markdown) {
} else if commenterHex == "anonymous" && d.ModerateAllAnonymous {
state = "unapproved"
} else if d.AutoSpamFilter && isSpam(*x.Domain, getIp(r), getUserAgent(r), commenterName, commenterEmail, commenterLink, *x.Markdown) {
state = "flagged" state = "flagged"
} else {
if d.RequireModeration {
state = "unapproved"
} else { } else {
state = "approved" state = "approved"
} }
}
}
}
commentHex, err := commentNew(commenterHex, domain, path, *x.ParentHex, *x.Markdown, state, time.Now().UTC()) commentHex, err := commentNew(commenterHex, domain, path, *x.ParentHex, *x.Markdown, state, time.Now().UTC())
if err != nil { if err != nil {

2
api/commenter_photo.go
View File

@@ -26,6 +26,8 @@ func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) {
} }
} else if c.Provider == "github" { } else if c.Provider == "github" {
url += "&s=38" url += "&s=38"
} else if c.Provider == "twitter" {
url += "?size=normal"
} else if c.Provider == "gitlab" { } else if c.Provider == "gitlab" {
url += "?width=38" url += "?width=38"
} }

56
api/email_moderate.go
View File

@@ -7,7 +7,18 @@ import (
func emailModerateHandler(w http.ResponseWriter, r *http.Request) { func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
unsubscribeSecretHex := r.FormValue("unsubscribeSecretHex") unsubscribeSecretHex := r.FormValue("unsubscribeSecretHex")
e, err := emailGetByUnsubscribeSecretHex(unsubscribeSecretHex)
if err != nil {
fmt.Fprintf(w, "error: %v", err.Error())
return
}
action := r.FormValue("action") action := r.FormValue("action")
if action != "delete" && action != "approve" {
fmt.Fprintf(w, "error: invalid action")
return
}
commentHex := r.FormValue("commentHex") commentHex := r.FormValue("commentHex")
if commentHex == "" { if commentHex == "" {
fmt.Fprintf(w, "error: invalid commentHex") fmt.Fprintf(w, "error: invalid commentHex")
@@ -15,35 +26,23 @@ func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
} }
statement := ` statement := `
SELECT domain, deleted SELECT domain
FROM comments FROM comments
WHERE commentHex = $1; WHERE commentHex = $1;
` `
row := db.QueryRow(statement, commentHex) row := db.QueryRow(statement, commentHex)
var domain string var domain string
var deleted bool if err = row.Scan(&domain); err != nil {
if err := row.Scan(&domain, &deleted); err != nil {
// TODO: is this the only error? // TODO: is this the only error?
fmt.Fprintf(w, "error: no such comment found (perhaps it has been deleted?)") fmt.Fprintf(w, "error: no such comment found (perhaps it has been deleted?)")
return return
} }
if deleted {
fmt.Fprintf(w, "error: that comment has already been deleted")
return
}
e, err := emailGetByUnsubscribeSecretHex(unsubscribeSecretHex)
if err != nil {
fmt.Fprintf(w, "error: %v", err.Error())
return
}
isModerator, err := isDomainModerator(domain, e.Email) isModerator, err := isDomainModerator(domain, e.Email)
if err != nil { if err != nil {
logger.Errorf("error checking if %s is a moderator: %v", e.Email, err) logger.Errorf("error checking if %s is a moderator: %v", e.Email, err)
fmt.Fprintf(w, "error: %v", errorInternal) fmt.Fprintf(w, "error checking if %s is a moderator: %v", e.Email, err)
return return
} }
@@ -52,31 +51,10 @@ func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
// Do not use commenterGetByEmail here because we don't know which provider if action == "approve" {
// should be used. This was poor design on multiple fronts on my part, but
// let's deal with that later. For now, it suffices to match the
// deleter/approver with any account owned by the same email.
statement = `
SELECT commenterHex
FROM commenters
WHERE email = $1;
`
row = db.QueryRow(statement, e.Email)
var commenterHex string
if err = row.Scan(&commenterHex); err != nil {
logger.Errorf("cannot retrieve commenterHex by email %q: %v", e.Email, err)
fmt.Fprintf(w, "error: %v", errorInternal)
return
}
switch action {
case "approve":
err = commentApprove(commentHex) err = commentApprove(commentHex)
case "delete": } else {
err = commentDelete(commentHex, commenterHex) err = commentDelete(commentHex)
default:
err = errorInvalidAction
} }
if err != nil { if err != nil {

1
api/errors.go
View File

@@ -52,4 +52,3 @@ var errorCannotDeleteOwnerWithActiveDomains = errors.New("You cannot delete your
var errorNoSuchOwner = errors.New("No such owner.") var errorNoSuchOwner = errors.New("No such owner.")
var errorCannotUpdateOauthProfile = errors.New("You cannot update the profile of an external account managed by third-party log in. Please use the appropriate platform to update your details.") var errorCannotUpdateOauthProfile = errors.New("You cannot update the profile of an external account managed by third-party log in. Please use the appropriate platform to update your details.")
var errorUnsupportedCommentoImportVersion = errors.New("Unsupported Commento import format version.") var errorUnsupportedCommentoImportVersion = errors.New("Unsupported Commento import format version.")
var errorInvalidAction = errors.New("Invalid action.")

2
db/20210228122203-comment-delete-log.sql
View File

@@ -1,2 +0,0 @@
ALTER TABLE comments ADD deleterHex TEXT;
ALTER TABLE comments ADD deletionDate TIMESTAMP;

8
frontend/js/commento.js
View File

@@ -314,7 +314,6 @@
} else { } else {
avatar = create("img"); avatar = create("img");
attrSet(avatar, "src", cdn + "/api/commenter/photo?commenterHex=" + commenter.commenterHex); attrSet(avatar, "src", cdn + "/api/commenter/photo?commenterHex=" + commenter.commenterHex);
attrSet(avatar, "loading", "lazy");
classAdd(avatar, "avatar-img"); classAdd(avatar, "avatar-img");
} }
@@ -2105,13 +2104,8 @@
function loadHash() { function loadHash() {
if (window.location.hash) { if (window.location.hash) {
if (window.location.hash.startsWith("#commento-")) { if (window.location.hash.startsWith("#commento-")) {
var id = window.location.hash.split("-")[1]; var el = $(ID_CARD + window.location.hash.split("-")[1]);
var el = $(ID_CARD + id);
if (el === null) { if (el === null) {
if (id.length === 64) {
// A hack to make sure it's a valid ID before showing the user a message.
errorShow("The comment you're looking for no longer exists or was deleted.");
}
return; return;
} }

2
frontend/js/utils.js
View File

@@ -75,7 +75,7 @@
expires = "; expires=" + date.toUTCString(); expires = "; expires=" + date.toUTCString();
var cookieString = name + "=" + value + expires + "; path=/"; var cookieString = name + "=" + value + expires + "; path=/";
if (/^https:\/\//i.test(global.origin)) { if (/^https:\/\//i.test(origin)) {
cookieString += "; secure"; cookieString += "; secure";
} }

1
frontend/sass/dashboard-main.scss
View File

@@ -100,6 +100,7 @@ body {
.right { .right {
float: right; float: right;
height: 100%;
margin: auto; margin: auto;
} }
} }