commento/api/comment_list.go

package main

import (
	"database/sql"
	"net/http"
)

func commentList(commenterHex string, domain string, path string, includeUnapproved bool) ([]comment, map[string]commenter, error) {
	// path can be empty
	if commenterHex == "" || domain == "" {
		return nil, nil, errorMissingField
	}

	statement := `
		SELECT
			commentHex,
			commenterHex,
			markdown,
			html,
			parentHex,
			score,
			state,
			deleted,
			creationDate
		FROM comments
		WHERE
			comments.domain = $1 AND
			comments.path = $2
	`

	if !includeUnapproved {
		if commenterHex == "anonymous" {
			statement += `AND state = 'approved'`
		} else {
			statement += `AND (state = 'approved' OR commenterHex = $3)`
		}
	}

	statement += `;`

	var rows *sql.Rows
	var err error

	if !includeUnapproved && commenterHex != "anonymous" {
		rows, err = db.Query(statement, domain, path, commenterHex)
	} else {
		rows, err = db.Query(statement, domain, path)
	}

	if err != nil {
		logger.Errorf("cannot get comments: %v", err)
		return nil, nil, errorInternal
	}
	defer rows.Close()

	commenters := make(map[string]commenter)
	commenters["anonymous"] = commenter{CommenterHex: "anonymous", Email: "undefined", Name: "Anonymous", Link: "undefined", Photo: "undefined", Provider: "undefined"}

	comments := []comment{}
	for rows.Next() {
		c := comment{}
		if err = rows.Scan(
			&c.CommentHex,
			&c.CommenterHex,
			&c.Markdown,
			&c.Html,
			&c.ParentHex,
			&c.Score,
			&c.State,
			&c.Deleted,
			&c.CreationDate); err != nil {
			return nil, nil, errorInternal
		}

		if commenterHex != "anonymous" {
			statement = `
				SELECT direction
				FROM votes
				WHERE commentHex=$1 AND commenterHex=$2;
			`
			row := db.QueryRow(statement, c.CommentHex, commenterHex)

			if err = row.Scan(&c.Direction); err != nil {
				// TODO: is the only error here that there is no such entry?
				c.Direction = 0
			}
		}

		if commenterHex != c.CommenterHex {
			c.Markdown = ""
		}

		if !includeUnapproved {
			c.State = ""
		}

		comments = append(comments, c)

		if _, ok := commenters[c.CommenterHex]; !ok {
			commenters[c.CommenterHex], err = commenterGetByHex(c.CommenterHex)
			if err != nil {
				logger.Errorf("cannot retrieve commenter: %v", err)
				return nil, nil, errorInternal
			}
		}
	}

	return comments, commenters, nil
}

func commentListHandler(w http.ResponseWriter, r *http.Request) {
	type request struct {
		CommenterToken *string `json:"CommenterToken"`
		Domain         *string `json:"domain"`
		Path           *string `json:"path"`
	}

	var x request
	if err := bodyUnmarshal(r, &x); err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	domain := domainStrip(*x.Domain)
	path := *x.Path

	d, err := domainGet(domain)
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	p, err := pageGet(domain, path)
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	commenterHex := "anonymous"
	isModerator := false
	modList := map[string]bool{}

	if *x.CommenterToken != "anonymous" {
		c, err := commenterGetByCommenterToken(*x.CommenterToken)
		if err != nil {
			if err == errorNoSuchToken {
				commenterHex = "anonymous"
			} else {
				bodyMarshal(w, response{"success": false, "message": err.Error()})
				return
			}
		} else {
			commenterHex = c.CommenterHex
		}

		for _, mod := range d.Moderators {
			modList[mod.Email] = true
			if mod.Email == c.Email {
				isModerator = true
			}
		}
	} else {
		for _, mod := range d.Moderators {
			modList[mod.Email] = true
		}
	}

	domainViewRecord(domain, commenterHex)

	comments, commenters, err := commentList(commenterHex, domain, path, isModerator)
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	_commenters := map[string]commenter{}
	for commenterHex, cr := range commenters {
		if _, ok := modList[cr.Email]; ok {
			cr.IsModerator = true
		}
		cr.Email = ""
		_commenters[commenterHex] = cr
	}

	bodyMarshal(w, response{
		"success":               true,
		"domain":                domain,
		"comments":              comments,
		"commenters":            _commenters,
		"requireModeration":     d.RequireModeration,
		"requireIdentification": d.RequireIdentification,
		"isFrozen":              d.State == "frozen",
		"isModerator":           isModerator,
		"defaultSortPolicy":     d.DefaultSortPolicy,
		"attributes":            p,
		"configuredOauths": map[string]bool{
			"commento": d.CommentoProvider,
			"google":   googleConfigured && d.GoogleProvider,
			"twitter":  twitterConfigured && d.TwitterProvider,
			"github":   githubConfigured && d.GithubProvider,
			"authentik":   authentikConfigured && d.AuthentikProvider,
			"gitlab":   gitlabConfigured && d.GitlabProvider,
			"sso":      d.SsoProvider,
		},
	})
}
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`package main`

			`import (`
			`"database/sql"`
			`"net/http"`
			`)`

			`func commentList(commenterHex string, domain string, path string, includeUnapproved bool) ([]comment, map[string]commenter, error) {`
comment_list.go: allow empty path on new comments 2018-09-23 12:41:02 +08:00			`// path can be empty`
			`if commenterHex == "" \|\| domain == "" {`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return nil, nil, errorMissingField`
			`}`

			statement := `
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			`SELECT`
			`commentHex,`
			`commenterHex,`
			`markdown,`
			`html,`
			`parentHex,`
			`score,`
			`state,`
commento.js: don't recursively delete comments 2019-09-14 09:13:38 +08:00			`deleted,`
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			`creationDate`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`FROM comments`
			`WHERE`
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			`comments.domain = $1 AND`
			`comments.path = $2`
			`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00
			`if !includeUnapproved {`
			`if commenterHex == "anonymous" {`
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			statement += `AND state = 'approved'`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`} else {`
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			statement += `AND (state = 'approved' OR commenterHex = $3)`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`
			`}`

			statement += `;`

			`var rows *sql.Rows`
			`var err error`

			`if !includeUnapproved && commenterHex != "anonymous" {`
			`rows, err = db.Query(statement, domain, path, commenterHex)`
			`} else {`
			`rows, err = db.Query(statement, domain, path)`
			`}`

			`if err != nil {`
			`logger.Errorf("cannot get comments: %v", err)`
			`return nil, nil, errorInternal`
			`}`
			`defer rows.Close()`

			`commenters := make(map[string]commenter)`
			`commenters["anonymous"] = commenter{CommenterHex: "anonymous", Email: "undefined", Name: "Anonymous", Link: "undefined", Photo: "undefined", Provider: "undefined"}`

			`comments := []comment{}`
			`for rows.Next() {`
			`c := comment{}`
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			`if err = rows.Scan(`
			`&c.CommentHex,`
			`&c.CommenterHex,`
			`&c.Markdown,`
			`&c.Html,`
			`&c.ParentHex,`
			`&c.Score,`
			`&c.State,`
commento.js: don't recursively delete comments 2019-09-14 09:13:38 +08:00			`&c.Deleted,`
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			`&c.CreationDate); err != nil {`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return nil, nil, errorInternal`
			`}`

			`if commenterHex != "anonymous" {`
			statement = `
comment_list.go: refactor SQL statements 2019-05-02 06:45:14 +08:00			`SELECT direction`
			`FROM votes`
			`WHERE commentHex=$1 AND commenterHex=$2;`
			`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`row := db.QueryRow(statement, c.CommentHex, commenterHex)`

api: rename VoteDirection to Direction 2018-06-07 15:39:53 +08:00			`if err = row.Scan(&c.Direction); err != nil {`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`// TODO: is the only error here that there is no such entry?`
api: rename VoteDirection to Direction 2018-06-07 15:39:53 +08:00			`c.Direction = 0`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`
			`}`

comment_list.go: do not include markdown in most responses 2019-05-16 01:45:01 +08:00			`if commenterHex != c.CommenterHex {`
			`c.Markdown = ""`
			`}`

comment_list.go: do not leak state if not mod 2018-06-07 15:40:15 +08:00			`if !includeUnapproved {`
			`c.State = ""`
			`}`

api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`comments = append(comments, c)`

			`if _, ok := commenters[c.CommenterHex]; !ok {`
			`commenters[c.CommenterHex], err = commenterGetByHex(c.CommenterHex)`
			`if err != nil {`
			`logger.Errorf("cannot retrieve commenter: %v", err)`
			`return nil, nil, errorInternal`
			`}`
			`}`
			`}`

			`return comments, commenters, nil`
			`}`

			`func commentListHandler(w http.ResponseWriter, r *http.Request) {`
			`type request struct {`
everywhere: use different session cookie names If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49 2018-06-20 11:29:55 +08:00			CommenterToken *string `json:"CommenterToken"`
api: run go fmt 2018-06-20 11:50:11 +08:00			Domain *string `json:"domain"`
			Path *string `json:"path"`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`

			`var x request`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`if err := bodyUnmarshal(r, &x); err != nil {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

api: standardise strip fn names 2018-07-24 15:00:45 +08:00			`domain := domainStrip(*x.Domain)`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`path := *x.Path`

			`d, err := domainGet(domain)`
			`if err != nil {`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

api,db: add page attributes and thread locking 2018-07-05 13:06:52 +08:00			`p, err := pageGet(domain, path)`
			`if err != nil {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`

api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`commenterHex := "anonymous"`
comment_list.go: check for moderator status conditionally 2019-05-02 06:53:33 +08:00			`isModerator := false`
			`modList := map[string]bool{}`

			`if *x.CommenterToken != "anonymous" {`
			`c, err := commenterGetByCommenterToken(*x.CommenterToken)`
			`if err != nil {`
			`if err == errorNoSuchToken {`
			`commenterHex = "anonymous"`
			`} else {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`} else {`
comment_list.go: check for moderator status conditionally 2019-05-02 06:53:33 +08:00			`commenterHex = c.CommenterHex`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`

comment_list.go: check for moderator status conditionally 2019-05-02 06:53:33 +08:00			`for _, mod := range d.Moderators {`
			`modList[mod.Email] = true`
			`if mod.Email == c.Email {`
			`isModerator = true`
			`}`
			`}`
			`} else {`
			`for _, mod := range d.Moderators {`
			`modList[mod.Email] = true`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`
			`}`

			`domainViewRecord(domain, commenterHex)`

			`comments, commenters, err := commentList(commenterHex, domain, path, isModerator)`
			`if err != nil {`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

api, frontend: add moderator tag to mods in comments 2019-02-23 11:43:25 +08:00			`_commenters := map[string]commenter{}`
			`for commenterHex, cr := range commenters {`
			`if _, ok := modList[cr.Email]; ok {`
			`cr.IsModerator = true`
			`}`
			`cr.Email = ""`
			`_commenters[commenterHex] = cr`
			`}`

api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`bodyMarshal(w, response{`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`"success": true,`
			`"domain": domain,`
			`"comments": comments,`
api, frontend: add moderator tag to mods in comments 2019-02-23 11:43:25 +08:00			`"commenters": _commenters,`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`"requireModeration": d.RequireModeration,`
			`"requireIdentification": d.RequireIdentification,`
			`"isFrozen": d.State == "frozen",`
			`"isModerator": isModerator,`
api, frontend, db: add comment sorting Closes https://gitlab.com/commento/commento/issues/215 2019-12-05 10:50:50 +08:00			`"defaultSortPolicy": d.DefaultSortPolicy,`
api,db: add page attributes and thread locking 2018-07-05 13:06:52 +08:00			`"attributes": p,`
frontend, api: allow disabling login methods individually 2019-04-20 07:03:34 +08:00			`"configuredOauths": map[string]bool{`
			`"commento": d.CommentoProvider,`
			`"google": googleConfigured && d.GoogleProvider,`
			`"twitter": twitterConfigured && d.TwitterProvider,`
			`"github": githubConfigured && d.GithubProvider,`
feat: support authentik aouth2. 2022-10-11 00:01:30 +08:00			`"authentik": authentikConfigured && d.AuthentikProvider,`
frontend, api: allow disabling login methods individually 2019-04-20 07:03:34 +08:00			`"gitlab": gitlabConfigured && d.GitlabProvider,`
frontend, api, db: add single sign-on Closes https://gitlab.com/commento/commento/issues/90 2019-04-21 08:34:25 +08:00			`"sso": d.SsoProvider,`
frontend, api: allow disabling login methods individually 2019-04-20 07:03:34 +08:00			`},`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`})`
			`}`