saul365/commento
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: saul365:v1.8.0
Branches Tags
saul365:master
saul365:v1.8.0 saul365:v1.8.0-rc1 saul365:v1.7.0 saul365:v1.6.2 saul365:v1.6.1 saul365:v1.6.0 saul365:v1.5.0 saul365:v1.4.2 saul365:v1.4.1 saul365:v1.4.0 saul365:v1.3.1 saul365:v1.2.0 saul365:v1.1.3 saul365:v1.1.2 saul365:v1.1.1 saul365:v1.1.0 saul365:v1.0.0
..
compare: saul365:master
Branches Tags
saul365:master
saul365:v1.8.0 saul365:v1.8.0-rc1 saul365:v1.7.0 saul365:v1.6.2 saul365:v1.6.1 saul365:v1.6.0 saul365:v1.5.0 saul365:v1.4.2 saul365:v1.4.1 saul365:v1.4.0 saul365:v1.3.1 saul365:v1.2.0 saul365:v1.1.3 saul365:v1.1.2 saul365:v1.1.1 saul365:v1.1.0 saul365:v1.0.0

10 Commits
v1.8.0 ... master

Author SHA1 Message Date
Adhityaa Chandrasekar
a4c5cc8b9e commento.js: show comment 404 only hash is an ID 
Signed-off-by: Adhityaa Chandrasekar <adtac@adtac.in>
 2021-02-28 15:28:24 +05:30
Adhityaa Chandrasekar
fc83eed221 comment_new.go: simplify state logic 
Signed-off-by: Adhityaa Chandrasekar <adtac@adtac.in>
 2021-02-28 13:43:58 +05:30
Adhityaa Chandrasekar
18612933f6 commento.js: show error when comment link is 404 
Signed-off-by: Adhityaa Chandrasekar <adtac@adtac.in>
 2021-02-28 13:16:36 +05:30
Adhityaa Chandrasekar
aaa44a0bee api: log comment deleter and deletion date 
Signed-off-by: Adhityaa Chandrasekar <adtac@adtac.in>
 2021-02-28 12:46:43 +05:30
Drew Foehn
84bfd64e32 Dockerfile: Added build arg, RELEASE. 
This allows you to build a debug version of commento and deploy to docker. Useful when debugging a containered version of commento.
 2021-02-02 11:30:16 +05:30
Aaron
800902640b Update base images in Dockerfile 2021-02-02 11:26:57 +05:30
Souradip Mookerjee
5390c6f81c Fix twitter profile photo import bug 2021-01-16 00:26:17 +00:00
pawurb
326601394a commento.js: add lazy loading to avatar images 2020-05-22 16:21:49 -04:00
Wouter Groeneveld
3c3cf08656 utils.js: use global.origin in cookieSet() 2020-05-09 23:53:42 +00:00
Adhityaa Chandrasekar
e44ae1ce9d dashboard-main.scss: remove height from action buttons 2020-04-11 19:48:59 -04:00
12 changed files with 107 additions and 90 deletions
Expand all files Collapse all files

37
Dockerfile
View File

@@ -1,46 +1,51 @@
# backend build (api server) # backend build (api server)
FROM golang:1.14-alpine AS api-build FROM golang:1.15-alpine AS api-build
RUN apk add --no-cache --update bash dep make git curl g++ RUN apk add --no-cache --update bash dep make git curl g++
ARG RELEASE=prod
COPY ./api /go/src/commento/api/ COPY ./api /go/src/commento/api/
WORKDIR /go/src/commento/api WORKDIR /go/src/commento/api
RUN make prod -j$(($(nproc) + 1)) RUN make ${RELEASE} -j$(($(nproc) + 1))
# frontend build (html, js, css, images) # frontend build (html, js, css, images)
FROM node:10-alpine AS frontend-build FROM node:12-alpine AS frontend-build
RUN apk add --no-cache --update bash make python2 g++ RUN apk add --no-cache --update bash make python2 g++
ARG RELEASE=prod
COPY ./frontend /commento/frontend COPY ./frontend /commento/frontend
WORKDIR /commento/frontend/ WORKDIR /commento/frontend/
RUN make prod -j$(($(nproc) + 1)) RUN make ${RELEASE} -j$(($(nproc) + 1))
# templates and db build # templates and db build
FROM alpine:3.9 AS templates-db-build FROM alpine:3.13 AS templates-db-build
RUN apk add --no-cache --update bash make RUN apk add --no-cache --update bash make
ARG RELEASE=prod
COPY ./templates /commento/templates COPY ./templates /commento/templates
WORKDIR /commento/templates WORKDIR /commento/templates
RUN make prod -j$(($(nproc) + 1)) RUN make ${RELEASE} -j$(($(nproc) + 1))
COPY ./db /commento/db COPY ./db /commento/db
WORKDIR /commento/db WORKDIR /commento/db
RUN make prod -j$(($(nproc) + 1)) RUN make ${RELEASE} -j$(($(nproc) + 1))
# final image # final image
FROM alpine:3.7 FROM alpine:3.13
RUN apk add --no-cache --update ca-certificates RUN apk add --no-cache --update ca-certificates
COPY --from=api-build /go/src/commento/api/build/prod/commento /commento/commento ARG RELEASE=prod
COPY --from=frontend-build /commento/frontend/build/prod/js /commento/js
COPY --from=frontend-build /commento/frontend/build/prod/css /commento/css COPY --from=api-build /go/src/commento/api/build/${RELEASE}/commento /commento/commento
COPY --from=frontend-build /commento/frontend/build/prod/images /commento/images COPY --from=frontend-build /commento/frontend/build/${RELEASE}/js /commento/js
COPY --from=frontend-build /commento/frontend/build/prod/fonts /commento/fonts COPY --from=frontend-build /commento/frontend/build/${RELEASE}/css /commento/css
COPY --from=frontend-build /commento/frontend/build/prod/*.html /commento/ COPY --from=frontend-build /commento/frontend/build/${RELEASE}/images /commento/images
COPY --from=templates-db-build /commento/templates/build/prod/templates /commento/templates/ COPY --from=frontend-build /commento/frontend/build/${RELEASE}/fonts /commento/fonts
COPY --from=templates-db-build /commento/db/build/prod/db /commento/db/ COPY --from=frontend-build /commento/frontend/build/${RELEASE}/*.html /commento/
COPY --from=templates-db-build /commento/templates/build/${RELEASE}/templates /commento/templates/
COPY --from=templates-db-build /commento/db/build/${RELEASE}/db /commento/db/
EXPOSE 8080 EXPOSE 8080
WORKDIR /commento/ WORKDIR /commento/

4
api/Makefile
View File

@@ -26,11 +26,11 @@ clean:
devel-go: devel-go:
GO111MODULE=on go mod vendor GO111MODULE=on go mod vendor
GO111MODULE=on go build -mod=vendor -v -o $(GO_DEVEL_BUILD_BINARY) -ldflags "-X main.version=v1.8.0" GO111MODULE=on go build -mod=vendor -v -o $(GO_DEVEL_BUILD_BINARY) -ldflags "-X main.version=$(shell git describe --tags)"
prod-go: prod-go:
GO111MODULE=on go mod vendor GO111MODULE=on go mod vendor
GO111MODULE=on go build -mod=vendor -v -o $(GO_PROD_BUILD_BINARY) -ldflags "-X main.version=v1.8.0" GO111MODULE=on go build -mod=vendor -v -o $(GO_PROD_BUILD_BINARY) -ldflags "-X main.version=$(shell git describe --tags)"
test-go: test-go:
GO111MODULE=on go mod vendor GO111MODULE=on go mod vendor

17
api/comment_delete.go
View File

@@ -2,19 +2,26 @@ package main
import ( import (
"net/http" "net/http"
"time"
) )
func commentDelete(commentHex string) error { func commentDelete(commentHex string, deleterHex string) error {
if commentHex == "" { if commentHex == "" || deleterHex == "" {
return errorMissingField return errorMissingField
} }
statement := ` statement := `
UPDATE comments UPDATE comments
SET deleted = true, markdown = '[deleted]', html = '[deleted]', commenterHex = 'anonymous' SET
deleted = true,
markdown = '[deleted]',
html = '[deleted]',
commenterHex = 'anonymous',
deleterHex = $2,
deletionDate = $3
WHERE commentHex = $1; WHERE commentHex = $1;
` `
_, err := db.Exec(statement, commentHex) _, err := db.Exec(statement, commentHex, deleterHex, time.Now().UTC())
if err != nil { if err != nil {
// TODO: make sure this is the error is actually non-existant commentHex // TODO: make sure this is the error is actually non-existant commentHex
@@ -65,7 +72,7 @@ func commentDeleteHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
if err = commentDelete(*x.CommentHex); err != nil { if err = commentDelete(*x.CommentHex, c.CommenterHex); err != nil {
bodyMarshal(w, response{"success": false, "message": err.Error()}) bodyMarshal(w, response{"success": false, "message": err.Error()})
return return
} }

11
api/comment_delete_test.go
View File

@@ -8,15 +8,16 @@ import (
func TestCommentDeleteBasics(t *testing.T) { func TestCommentDeleteBasics(t *testing.T) {
failTestOnError(t, setupTestEnv()) failTestOnError(t, setupTestEnv())
commentHex, _ := commentNew("temp-commenter-hex", "example.com", "/path.html", "root", "**foo**", "approved", time.Now().UTC()) commenterHex := "temp-commenter-hex"
commentNew("temp-commenter-hex", "example.com", "/path.html", commentHex, "**bar**", "approved", time.Now().UTC()) commentHex, _ := commentNew(commenterHex, "example.com", "/path.html", "root", "**foo**", "approved", time.Now().UTC())
commentNew(commenterHex, "example.com", "/path.html", commentHex, "**bar**", "approved", time.Now().UTC())
if err := commentDelete(commentHex); err != nil { if err := commentDelete(commentHex, commenterHex); err != nil {
t.Errorf("unexpected error deleting comment: %v", err) t.Errorf("unexpected error deleting comment: %v", err)
return return
} }
c, _, _ := commentList("temp-commenter-hex", "example.com", "/path.html", false) c, _, _ := commentList(commenterHex, "example.com", "/path.html", false)
if len(c) != 0 { if len(c) != 0 {
t.Errorf("expected no comments found %d comments", len(c)) t.Errorf("expected no comments found %d comments", len(c))
@@ -27,7 +28,7 @@ func TestCommentDeleteBasics(t *testing.T) {
func TestCommentDeleteEmpty(t *testing.T) { func TestCommentDeleteEmpty(t *testing.T) {
failTestOnError(t, setupTestEnv()) failTestOnError(t, setupTestEnv())
if err := commentDelete(""); err == nil { if err := commentDelete("", "test-commenter-hex"); err == nil {
t.Errorf("expected error deleting comment with empty commentHex") t.Errorf("expected error deleting comment with empty commentHex")
return return
} }

46
api/comment_new.go
View File

@@ -82,61 +82,37 @@ func commentNewHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
// logic: (empty column indicates the value doesn't matter) var commenterHex, commenterName, commenterEmail, commenterLink string
// | anonymous | moderator | requireIdentification | requireModeration | moderateAllAnonymous | approved? | var isModerator bool
// |-----------+-----------+-----------------------+-------------------+----------------------+-----------|
// | yes | | | | no | yes |
// | yes | | | | yes | no |
// | no | yes | | | | yes |
// | no | no | | yes | | yes |
// | no | no | | no | | no |
var commenterHex string
var state string
if *x.CommenterToken == "anonymous" { if *x.CommenterToken == "anonymous" {
commenterHex = "anonymous" commenterHex, commenterName, commenterEmail, commenterLink = "anonymous", "Anonymous", "", ""
if isSpam(*x.Domain, getIp(r), getUserAgent(r), "Anonymous", "", "", *x.Markdown) {
state = "flagged"
} else {
if d.ModerateAllAnonymous || d.RequireModeration {
state = "unapproved"
} else {
state = "approved"
}
}
} else { } else {
c, err := commenterGetByCommenterToken(*x.CommenterToken) c, err := commenterGetByCommenterToken(*x.CommenterToken)
if err != nil { if err != nil {
bodyMarshal(w, response{"success": false, "message": err.Error()}) bodyMarshal(w, response{"success": false, "message": err.Error()})
return return
} }
commenterHex, commenterName, commenterEmail, commenterLink = c.CommenterHex, c.Name, c.Email, c.Link
// cheaper than a SQL query as we already have this information
isModerator := false
for _, mod := range d.Moderators { for _, mod := range d.Moderators {
if mod.Email == c.Email { if mod.Email == c.Email {
isModerator = true isModerator = true
break break
} }
} }
}
commenterHex = c.CommenterHex var state string
if isModerator { if isModerator {
state = "approved" state = "approved"
} else { } else if d.RequireModeration {
if isSpam(*x.Domain, getIp(r), getUserAgent(r), c.Name, c.Email, c.Link, *x.Markdown) { state = "unapproved"
} else if commenterHex == "anonymous" && d.ModerateAllAnonymous {
state = "unapproved"
} else if d.AutoSpamFilter && isSpam(*x.Domain, getIp(r), getUserAgent(r), commenterName, commenterEmail, commenterLink, *x.Markdown) {
state = "flagged" state = "flagged"
} else {
if d.RequireModeration {
state = "unapproved"
} else { } else {
state = "approved" state = "approved"
} }
}
}
}
commentHex, err := commentNew(commenterHex, domain, path, *x.ParentHex, *x.Markdown, state, time.Now().UTC()) commentHex, err := commentNew(commenterHex, domain, path, *x.ParentHex, *x.Markdown, state, time.Now().UTC())
if err != nil { if err != nil {

2
api/commenter_photo.go
View File

@@ -26,8 +26,6 @@ func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) {
} }
} else if c.Provider == "github" { } else if c.Provider == "github" {
url += "&s=38" url += "&s=38"
} else if c.Provider == "twitter" {
url += "?size=normal"
} else if c.Provider == "gitlab" { } else if c.Provider == "gitlab" {
url += "?width=38" url += "?width=38"
} }

56
api/email_moderate.go
View File

@@ -7,18 +7,7 @@ import (
func emailModerateHandler(w http.ResponseWriter, r *http.Request) { func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
unsubscribeSecretHex := r.FormValue("unsubscribeSecretHex") unsubscribeSecretHex := r.FormValue("unsubscribeSecretHex")
e, err := emailGetByUnsubscribeSecretHex(unsubscribeSecretHex)
if err != nil {
fmt.Fprintf(w, "error: %v", err.Error())
return
}
action := r.FormValue("action") action := r.FormValue("action")
if action != "delete" && action != "approve" {
fmt.Fprintf(w, "error: invalid action")
return
}
commentHex := r.FormValue("commentHex") commentHex := r.FormValue("commentHex")
if commentHex == "" { if commentHex == "" {
fmt.Fprintf(w, "error: invalid commentHex") fmt.Fprintf(w, "error: invalid commentHex")
@@ -26,23 +15,35 @@ func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
} }
statement := ` statement := `
SELECT domain SELECT domain, deleted
FROM comments FROM comments
WHERE commentHex = $1; WHERE commentHex = $1;
` `
row := db.QueryRow(statement, commentHex) row := db.QueryRow(statement, commentHex)
var domain string var domain string
if err = row.Scan(&domain); err != nil { var deleted bool
if err := row.Scan(&domain, &deleted); err != nil {
// TODO: is this the only error? // TODO: is this the only error?
fmt.Fprintf(w, "error: no such comment found (perhaps it has been deleted?)") fmt.Fprintf(w, "error: no such comment found (perhaps it has been deleted?)")
return return
} }
if deleted {
fmt.Fprintf(w, "error: that comment has already been deleted")
return
}
e, err := emailGetByUnsubscribeSecretHex(unsubscribeSecretHex)
if err != nil {
fmt.Fprintf(w, "error: %v", err.Error())
return
}
isModerator, err := isDomainModerator(domain, e.Email) isModerator, err := isDomainModerator(domain, e.Email)
if err != nil { if err != nil {
logger.Errorf("error checking if %s is a moderator: %v", e.Email, err) logger.Errorf("error checking if %s is a moderator: %v", e.Email, err)
fmt.Fprintf(w, "error checking if %s is a moderator: %v", e.Email, err) fmt.Fprintf(w, "error: %v", errorInternal)
return return
} }
@@ -51,10 +52,31 @@ func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
if action == "approve" { // Do not use commenterGetByEmail here because we don't know which provider
// should be used. This was poor design on multiple fronts on my part, but
// let's deal with that later. For now, it suffices to match the
// deleter/approver with any account owned by the same email.
statement = `
SELECT commenterHex
FROM commenters
WHERE email = $1;
`
row = db.QueryRow(statement, e.Email)
var commenterHex string
if err = row.Scan(&commenterHex); err != nil {
logger.Errorf("cannot retrieve commenterHex by email %q: %v", e.Email, err)
fmt.Fprintf(w, "error: %v", errorInternal)
return
}
switch action {
case "approve":
err = commentApprove(commentHex) err = commentApprove(commentHex)
} else { case "delete":
err = commentDelete(commentHex) err = commentDelete(commentHex, commenterHex)
default:
err = errorInvalidAction
} }
if err != nil { if err != nil {

1
api/errors.go
View File

@@ -52,3 +52,4 @@ var errorCannotDeleteOwnerWithActiveDomains = errors.New("You cannot delete your
var errorNoSuchOwner = errors.New("No such owner.") var errorNoSuchOwner = errors.New("No such owner.")
var errorCannotUpdateOauthProfile = errors.New("You cannot update the profile of an external account managed by third-party log in. Please use the appropriate platform to update your details.") var errorCannotUpdateOauthProfile = errors.New("You cannot update the profile of an external account managed by third-party log in. Please use the appropriate platform to update your details.")
var errorUnsupportedCommentoImportVersion = errors.New("Unsupported Commento import format version.") var errorUnsupportedCommentoImportVersion = errors.New("Unsupported Commento import format version.")
var errorInvalidAction = errors.New("Invalid action.")

2
db/20210228122203-comment-delete-log.sql Normal file
View File

@@ -0,0 +1,2 @@
ALTER TABLE comments ADD deleterHex TEXT;
ALTER TABLE comments ADD deletionDate TIMESTAMP;

8
frontend/js/commento.js
View File

@@ -314,6 +314,7 @@
} else { } else {
avatar = create("img"); avatar = create("img");
attrSet(avatar, "src", cdn + "/api/commenter/photo?commenterHex=" + commenter.commenterHex); attrSet(avatar, "src", cdn + "/api/commenter/photo?commenterHex=" + commenter.commenterHex);
attrSet(avatar, "loading", "lazy");
classAdd(avatar, "avatar-img"); classAdd(avatar, "avatar-img");
} }
@@ -2104,8 +2105,13 @@
function loadHash() { function loadHash() {
if (window.location.hash) { if (window.location.hash) {
if (window.location.hash.startsWith("#commento-")) { if (window.location.hash.startsWith("#commento-")) {
var el = $(ID_CARD + window.location.hash.split("-")[1]); var id = window.location.hash.split("-")[1];
var el = $(ID_CARD + id);
if (el === null) { if (el === null) {
if (id.length === 64) {
// A hack to make sure it's a valid ID before showing the user a message.
errorShow("The comment you're looking for no longer exists or was deleted.");
}
return; return;
} }

2
frontend/js/utils.js
View File

@@ -75,7 +75,7 @@
expires = "; expires=" + date.toUTCString(); expires = "; expires=" + date.toUTCString();
var cookieString = name + "=" + value + expires + "; path=/"; var cookieString = name + "=" + value + expires + "; path=/";
if (/^https:\/\//i.test(origin)) { if (/^https:\/\//i.test(global.origin)) {
cookieString += "; secure"; cookieString += "; secure";
} }

1
frontend/sass/dashboard-main.scss
View File

@@ -100,7 +100,6 @@ body {
.right { .right {
float: right; float: right;
height: 100%;
margin: auto; margin: auto;
} }
} }