commento/api/comment_new.go

package main

import (
	"net/http"
	"time"
)

// Take `creationDate` as a param because comment import (from Disqus, for
// example) will require a custom time.
func commentNew(commenterHex string, domain string, path string, parentHex string, markdown string, state string, creationDate time.Time) (string, error) {
	// path is allowed to be empty
	if commenterHex == "" || domain == "" || parentHex == "" || markdown == "" || state == "" {
		return "", errorMissingField
	}

	p, err := pageGet(domain, path)
	if err != nil {
		logger.Errorf("cannot get page attributes: %v", err)
		return "", errorInternal
	}

	if p.IsLocked {
		return "", errorThreadLocked
	}

	commentHex, err := randomHex(32)
	if err != nil {
		return "", err
	}

	html := markdownToHtml(markdown)

	if err = pageNew(domain, path); err != nil {
		return "", err
	}

	statement := `
		INSERT INTO
		comments (commentHex, domain, path, commenterHex, parentHex, markdown, html, creationDate, state)
		VALUES   ($1,         $2,     $3,   $4,           $5,        $6,       $7,   $8,           $9   );
	`
	_, err = db.Exec(statement, commentHex, domain, path, commenterHex, parentHex, markdown, html, creationDate, state)
	if err != nil {
		logger.Errorf("cannot insert comment: %v", err)
		return "", errorInternal
	}

	return commentHex, nil
}

func commentNewHandler(w http.ResponseWriter, r *http.Request) {
	type request struct {
		CommenterToken *string `json:"commenterToken"`
		Domain         *string `json:"domain"`
		Path           *string `json:"path"`
		ParentHex      *string `json:"parentHex"`
		Markdown       *string `json:"markdown"`
	}

	var x request
	if err := bodyUnmarshal(r, &x); err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	domain := domainStrip(*x.Domain)
	path := *x.Path

	d, err := domainGet(domain)
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	if d.State == "frozen" {
		bodyMarshal(w, response{"success": false, "message": errorDomainFrozen.Error()})
		return
	}

	if d.RequireIdentification && *x.CommenterToken == "anonymous" {
		bodyMarshal(w, response{"success": false, "message": errorNotAuthorised.Error()})
		return
	}

	// logic: (empty column indicates the value doesn't matter)
	// | anonymous | moderator | requireIdentification | requireModeration | moderateAllAnonymous | approved? |
	// |-----------+-----------+-----------------------+-------------------+----------------------+-----------|
	// |       yes |           |                       |                   |                   no |       yes |
	// |       yes |           |                       |                   |                  yes |        no |
	// |        no |       yes |                       |                   |                      |       yes |
	// |        no |        no |                       |               yes |                      |       yes |
	// |        no |        no |                       |                no |                      |        no |

	var commenterHex string
	var state string

	if *x.CommenterToken == "anonymous" {
		commenterHex = "anonymous"
		if isSpam(*x.Domain, getIp(r), getUserAgent(r), "Anonymous", "", "", *x.Markdown) {
			state = "flagged"
		} else {
			if d.ModerateAllAnonymous || d.RequireModeration {
				state = "unapproved"
			} else {
				state = "approved"
			}
		}
	} else {
		c, err := commenterGetByCommenterToken(*x.CommenterToken)
		if err != nil {
			bodyMarshal(w, response{"success": false, "message": err.Error()})
			return
		}

		// cheaper than a SQL query as we already have this information
		isModerator := false
		for _, mod := range d.Moderators {
			if mod.Email == c.Email {
				isModerator = true
				break
			}
		}

		commenterHex = c.CommenterHex

		if isModerator {
			state = "approved"
		} else {
			if isSpam(*x.Domain, getIp(r), getUserAgent(r), c.Name, c.Email, c.Link, *x.Markdown) {
				state = "flagged"
			} else {
				if d.RequireModeration {
					state = "unapproved"
				} else {
					state = "approved"
				}
			}
		}
	}

	commentHex, err := commentNew(commenterHex, domain, path, *x.ParentHex, *x.Markdown, state, time.Now().UTC())
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	// TODO: reuse html in commentNew and do only one markdown to HTML conversion?
	html := markdownToHtml(*x.Markdown)

	bodyMarshal(w, response{"success": true, "commentHex": commentHex, "state": state, "html": html})
	if smtpConfigured {
		go emailNotificationNew(d, path, commenterHex, commentHex, *x.ParentHex, state)
	}
}
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`package main`

			`import (`
			`"net/http"`
			`"time"`
			`)`

			// Take `creationDate` as a param because comment import (from Disqus, for
			`// example) will require a custom time.`
			`func commentNew(commenterHex string, domain string, path string, parentHex string, markdown string, state string, creationDate time.Time) (string, error) {`
			`// path is allowed to be empty`
			`if commenterHex == "" \|\| domain == "" \|\| parentHex == "" \|\| markdown == "" \|\| state == "" {`
			`return "", errorMissingField`
			`}`

api,db: add page attributes and thread locking 2018-07-05 13:06:52 +08:00			`p, err := pageGet(domain, path)`
			`if err != nil {`
			`logger.Errorf("cannot get page attributes: %v", err)`
			`return "", errorInternal`
			`}`

			`if p.IsLocked {`
			`return "", errorThreadLocked`
			`}`

api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`commentHex, err := randomHex(32)`
			`if err != nil {`
			`return "", err`
			`}`

			`html := markdownToHtml(markdown)`

comment_new.go: create page before inserting comment Fixes https://gitlab.com/commento/commento/issues/173 2019-05-09 13:28:20 +08:00			`if err = pageNew(domain, path); err != nil {`
			`return "", err`
			`}`

api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			statement := `
			`INSERT INTO`
			`comments (commentHex, domain, path, commenterHex, parentHex, markdown, html, creationDate, state)`
			`VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9 );`
			`
			`_, err = db.Exec(statement, commentHex, domain, path, commenterHex, parentHex, markdown, html, creationDate, state)`
			`if err != nil {`
			`logger.Errorf("cannot insert comment: %v", err)`
			`return "", errorInternal`
			`}`

			`return commentHex, nil`
			`}`

			`func commentNewHandler(w http.ResponseWriter, r *http.Request) {`
			`type request struct {`
everywhere: use different session cookie names If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49 2018-06-20 11:29:55 +08:00			CommenterToken *string `json:"commenterToken"`
api: run go fmt 2018-06-20 11:50:11 +08:00			Domain *string `json:"domain"`
			Path *string `json:"path"`
			ParentHex *string `json:"parentHex"`
			Markdown *string `json:"markdown"`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`

			`var x request`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`if err := bodyUnmarshal(r, &x); err != nil {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

api: standardise strip fn names 2018-07-24 15:00:45 +08:00			`domain := domainStrip(*x.Domain)`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`path := *x.Path`

			`d, err := domainGet(domain)`
			`if err != nil {`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

			`if d.State == "frozen" {`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`bodyMarshal(w, response{"success": false, "message": errorDomainFrozen.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

comment_new.go: enforce RequireIdentification when anonymous Yikes, I can't believe I forgot about this. 2019-02-19 00:07:16 +08:00			`if d.RequireIdentification && *x.CommenterToken == "anonymous" {`
			`bodyMarshal(w, response{"success": false, "message": errorNotAuthorised.Error()})`
			`return`
			`}`

api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`// logic: (empty column indicates the value doesn't matter)`
everywhere: improve anonymous comments logic 2019-01-23 13:26:22 +08:00			`// \| anonymous \| moderator \| requireIdentification \| requireModeration \| moderateAllAnonymous \| approved? \|`
			`// \|-----------+-----------+-----------------------+-------------------+----------------------+-----------\|`
			`// \| yes \| \| \| \| no \| yes \|`
			`// \| yes \| \| \| \| yes \| no \|`
			`// \| no \| yes \| \| \| \| yes \|`
			`// \| no \| no \| \| yes \| \| yes \|`
			`// \| no \| no \| \| no \| \| no \|`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00
			`var commenterHex string`
			`var state string`

everywhere: use different session cookie names If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49 2018-06-20 11:29:55 +08:00			`if *x.CommenterToken == "anonymous" {`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`commenterHex = "anonymous"`
api,frontend: add Akismet spam flagging integration 2018-12-20 11:57:02 +08:00			`if isSpam(x.Domain, getIp(r), getUserAgent(r), "Anonymous", "", "", x.Markdown) {`
			`state = "flagged"`
			`} else {`
comment_new.go: use RequireModeration in anonymous clause 2019-02-19 00:05:34 +08:00			`if d.ModerateAllAnonymous \|\| d.RequireModeration {`
everywhere: improve anonymous comments logic 2019-01-23 13:26:22 +08:00			`state = "unapproved"`
			`} else {`
			`state = "approved"`
			`}`
api,frontend: add Akismet spam flagging integration 2018-12-20 11:57:02 +08:00			`}`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`} else {`
everywhere: use different session cookie names If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49 2018-06-20 11:29:55 +08:00			`c, err := commenterGetByCommenterToken(*x.CommenterToken)`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`if err != nil {`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

			`// cheaper than a SQL query as we already have this information`
			`isModerator := false`
			`for _, mod := range d.Moderators {`
			`if mod.Email == c.Email {`
			`isModerator = true`
			`break`
			`}`
			`}`

			`commenterHex = c.CommenterHex`

			`if isModerator {`
			`state = "approved"`
			`} else {`
api,frontend: add Akismet spam flagging integration 2018-12-20 11:57:02 +08:00			`if isSpam(x.Domain, getIp(r), getUserAgent(r), c.Name, c.Email, c.Link, x.Markdown) {`
			`state = "flagged"`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`} else {`
api,frontend: add Akismet spam flagging integration 2018-12-20 11:57:02 +08:00			`if d.RequireModeration {`
			`state = "unapproved"`
			`} else {`
			`state = "approved"`
			`}`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`
			`}`
			`}`

			`commentHex, err := commentNew(commenterHex, domain, path, x.ParentHex, x.Markdown, state, time.Now().UTC())`
			`if err != nil {`
api: standardise marshal and unmarshal fn names 2018-07-24 14:58:43 +08:00			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`return`
			`}`

everywhere: add email notifications 2019-02-19 00:23:44 +08:00			`// TODO: reuse html in commentNew and do only one markdown to HTML conversion?`
			`html := markdownToHtml(*x.Markdown)`

			`bodyMarshal(w, response{"success": true, "commentHex": commentHex, "state": state, "html": html})`
			`if smtpConfigured {`
			`go emailNotificationNew(d, path, commenterHex, commentHex, *x.ParentHex, state)`
			`}`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`