pdnew/commenting.py

526 lines
16 KiB
Python

# builtins
import io
import random
import secrets
import datetime
# third-party
import PIL.Image, PIL.ImageDraw, PIL.ImageFont, PIL.ImageFilter # pillow, not built-in PIL
import markupsafe
import werkzeug
import flask
import peewee
# internals
from application import app
import util
import rendering
import form
import markdown
import admin
import tagging
class CommentCollection(admin.Administerable):
@werkzeug.utils.cached_property
def parent(self):
# find (and return) the Commentable instance using this CommentCollection, if any
# TODO: It should be possible to do this with one big JOINed statement
# NOTE: This is essentially a copy of TagCollection.parent
for cls in Commentable.__class_descendants__.values():
if cls not in app.models_abstract:
try:
return cls.select().where(cls.comment_collection == self).get()
except cls.DoesNotExist:
pass # continue to next loop iteration
return None
comment_markdown_help = """
Allows limited markdown, but no HTML.
**Emphasis:**
* `*italic*` → *italic*
* `**bold**` → **bold**
* `***bold italic***` → ***bold italic***
* `~~strikethrough~~` → ~~strikethrough~~
* `` `simple code` `` → `simple code`
**Blockquotes:**
*Input:*
```md
> This is a blockquote.
> It can span multiple lines and will appear indented.
```
*Output:*
> This is a blockquote.
> It can span multiple lines and will appear indented.
**Fenced code blocks:**
*Input:*
````md
```
def example(x):
if x >= 2:
do_stuff(x)
else:
do_thing(x)
```
````
*Output:*
```
def example(x):
if x >= 2:
do_stuff(x)
else:
do_thing(x)
```
"""
class Comment(admin.Administerable):
autoform_blacklist = ('id',)
collection = peewee.ForeignKeyField(CommentCollection, backref='items', null=False, on_delete='CASCADE')
reply_to = peewee.ForeignKeyField('self', null=True, on_delete='SET NULL', verbose_name='Reply to')
created = peewee.DateTimeField(default=datetime.datetime.utcnow, null=False)
captcha = peewee.CharField(null=False, default=util.random_string_light, verbose_name="Captcha", help_text="Case-sensitive")
captcha_passed = peewee.BooleanField(null=False, default=False, verbose_name="Passed captcha", help_text="Whether the comment passed the captcha challenge.")
moderation_passed = peewee.BooleanField(null=False, default=False, verbose_name="Passed moderation", help_text="Whether the comment passed moderation.")
nick = peewee.CharField(null=False, verbose_name='Your name')
text = markdown.SafeMarkdownTextField(verbose_name="Your message", help_text=comment_markdown_help)
@werkzeug.utils.cached_property
def replies(self):
# return replies that should be visible to visitors
return Comment.select().where(
(Comment.reply_to == self) &
(Comment.captcha_passed == True) &
(Comment.moderation_passed == True)
)
@werkzeug.utils.cached_property
def replies_all(self):
# ditto, but include replies that didn't pass captcha/moderation yet
return Comment.select().where(Comment.reply_to == self)
@werkzeug.utils.cached_property
def thread(self):
thread = {}
for reply in self.replies:
thread[reply] = reply.thread
return thread
@werkzeug.utils.cached_property
def thread_all(self):
thread = {}
for reply in self.replies_all:
thread[reply] = reply.thread_all
return thread
def reply_form(self):
commentable = self.collection.parent
comment = Comment(reply_to=self)
f = comment.form(
'create',
id=f'comment-reply-{self.id}',
action=flask.url_for('comment_post', type=commentable.__class__.__name__, name=commentable.name, reply_to_id=self.id)
)
f['collection_id'] = form.ValueField(value=self.collection_id)
f['reply_to_id'] = form.ValueField(value=self.id)
del f['created']
del f['captcha']
del f['captcha_passed']
del f['moderation_passed']
f['text'].id = f'comment-reply-{self.id}-text' # avoid id collision for help toggle
return f
@app.abstract
class Commentable(tagging.Taggable):
created = peewee.DateTimeField(default=datetime.datetime.utcnow, null=False)
published = peewee.BooleanField(null=False, default=False, verbose_name='Published')
comment_collection = peewee.ForeignKeyField(CommentCollection, null=True, on_delete='CASCADE')
comment_enabled = peewee.BooleanField(null=False, default=True, verbose_name="Activate commenting")
comment_moderated = peewee.BooleanField(null=False, default=False, verbose_name="Activate comment moderation")
autoform_blacklist = ('id', 'comment_collection_id')
@werkzeug.utils.cached_property
def comments(self):
# return all root-level comments that visitors should see.
# i.e. passed captcha and moderation (if any)
return Comment.select().where(
(Comment.collection == self.comment_collection) &
(Comment.reply_to == None) &
(Comment.captcha_passed == True) &
(Comment.moderation_passed == True)
)
@werkzeug.utils.cached_property
def comments_all(self):
# ditto, but includes comments that didn't pass captcha and/or moderation.
return Comment.select().where(
Comment.collection == self.comment_collection
)
@werkzeug.utils.cached_property
def comments_threaded(self):
# threaded representation of all comments that visitors should see.
comments_threaded = {}
for comment in self.comments:
comments_threaded[comment] = comment.thread
return comments_threaded
@werkzeug.utils.cached_property
def comments_threaded_all(self):
# ditto, but with comments that haven't passed captcha/moderation
comments_threaded = {}
for comment in self.comments_all:
comments_threaded[comment] = comment.thread_all
return comments_threaded
@classmethod
def list(cls):
return cls.select().where(cls.published == True).order_by(cls.created.desc())
def access(self, mode='full'):
if isinstance(flask.g.user, admin.User):
return True
# access allowed for anything but a list of "privileged" modes
return (mode not in ('create', 'edit', 'delete', 'admin-teaser')) and self.published
def render(self, mode='full', format='html'):
if not (self.published or flask.g.user):
return markupsafe.Markup('<div class="embed-error">Unpublished embedded content</div>')
return super().render(mode=mode, format=format)
def comment_form(self):
comment = Comment()
f = comment.form('create', action=flask.url_for('comment_post', type=self.__class__.__name__, name=self.name))
f['collection_id'] = form.ValueField(value=self.comment_collection_id)
f['reply_to_id'] = form.ValueField(value=None) # TODO: value
del f['created']
del f['captcha']
del f['captcha_passed']
del f['moderation_passed']
return f
@app.route('/comment/<string:type>/<string:name>/', methods=['GET', 'POST'])
@app.route('/comment/<string:type>/<string:name>/<int:reply_to_id>/', methods=['GET', 'POST'])
@rendering.page(cache_disable=True)
def comment_post(type, name, reply_to_id=None):
if not type in Commentable.__class_descendants__:
flask.abort(400)
cls = Commentable.__class_descendants__[type]
instance = cls.load(name)
# TODO: if not instance.published
if not instance.comment_enabled:
flask.abort(403)
collection = instance.comment_collection
if collection is None:
# if instance has no comment collection, create and assign it
collection = CommentCollection()
collection.save(force_insert=True)
instance.comment_collection = collection
instance.save()
if reply_to_id is not None:
comment = Comment.load(reply_to_id)
f = comment.reply_form()
else:
f = instance.comment_form()
if flask.request.method == 'POST':
f.handle()
if f.administerable.is_in_db: # successfully saved
return flask.redirect(flask.url_for('comment_captcha', type=type, name=name, id=f.administerable.id))
return f
@app.route('/comment/<string:type>/<string:name>/captcha/<int:id>/', methods=['GET', 'POST'])
@rendering.page(cache_disable=True)
def comment_captcha(type, name, id):
if not type in Commentable.__class_descendants__:
flask.abort(400)
cls = Commentable.__class_descendants__[type]
instance = cls.load(name)
if not instance.comment_enabled:
flask.abort(403)
comment = Comment.load(id)
if comment.captcha_passed:
flask.abort(400)
captcha_url = flask.url_for('serve_captcha', id=id)
f = form.Form()
f.intro = markupsafe.Markup(f'<img src="{captcha_url}" alt="Solve this captcha to continue" />')
f['captcha'] = form.Text(label='Captcha', help='Case-sensitive', required=True)
f.buttons['submit'] = form.Button(label='Continue')
if flask.request.method == 'POST':
f.handle() # binds and validates form
if f.valid:
if f['captcha'].value == comment.captcha:
comment.captcha_passed = True
if not instance.comment_moderated:
comment.moderation_passed = True
comment.save()
if instance.comment_moderated:
flask.flash("Your comment has been received and is awaiting moderation.", 'success')
else:
flask.flash("Your comment has been posted.", 'success')
return flask.redirect(instance.url('full'))
else:
flask.flash("You entered the captcha incorrectly. Make sure you enter the correct upper- and lowercase letters.", 'error')
return f
def font_getsize(font, text):
bbox = font.getbbox(text)
#return (bbox[2] - bbox[0], bbox[3] - bbox[1]) # old and naive, broken with most fonts
#return (bbox[2] - bbox[1], bbox[3] + 1) # https://stackoverflow.com/a/77999858 (+1 for subpixel stuff [i.e. clean AA]), works for most fonts
return (bbox[2], bbox[3] + 1) # most conservative solution, should work for every font
@app.route('/comment/captcha/<int:id>/')
def serve_captcha(id):
comment = Comment.load(id)
colors = [
(0,128,255),
(0,255,128),
(128,0,255),
(128,255,0),
(255,0,128),
(255,128,0)
]
font_path = 'themes/default/assets/fonts/Michroma/Michroma-Regular.ttf'
image = PIL.Image.new('RGBA', (320, 80), (255,255,255,0))
font = PIL.ImageFont.truetype(font_path, 42)
#x_jitter = ((image.width/10) * -1, 0)
#y_jitter = ((image.height/10) * -1, image.height/10)
x_jitter = (-5, 15)
y_jitter = (-15, 5)
textsize = font_getsize(font, ' '.join(comment.captcha))
centered = (image.width / 2 - textsize[0] / 2, image.height / 2 - textsize[1] / 2)
x = centered[0] + random.randint(x_jitter[0], x_jitter[1])
y = centered[1] + random.randint(y_jitter[0], y_jitter[1])
baseline = centered[1]
for char in comment.captcha:
c = colors[random.randint(0, len(colors) -1)]
c = tuple(list(c) + [random.randint(255,255)])
char_size = font_getsize(font, char)
char_wrapped = f' {char} '
char_wrapped_size = font_getsize(font, char_wrapped)
char_layer = PIL.Image.new('RGBA', char_wrapped_size, (255,255,255,0))
char_draw = PIL.ImageDraw.Draw(char_layer)
char_draw.text((0,0), char_wrapped, c, font=font)
char_layer = char_layer.rotate(random.randint(-15, 15), expand=True, resample=PIL.Image.BICUBIC)
image.paste(
char_layer,
(int(x), int(y)),
mask=char_layer
)
x += char_size[0] + random.randint(x_jitter[0], x_jitter[1])
y = baseline + random.randint(y_jitter[0], y_jitter[1])
shine = image.filter(PIL.ImageFilter.GaussianBlur(radius=8))
image = PIL.Image.alpha_composite(image, shine)
out = io.BytesIO()
image.save(out, format='PNG')
response = flask.Response(
out.getvalue(),
mimetype='image/png'
)
response.cache_control.no_cache = True
response.cache_control.private = None
response.cache_control.public = None
response.cache_control.max_age = 0
response.cache_control.s_maxage = 0
return response
class ModerationForm(form.Form):
def __init__(self, filter, **kwargs):
super().__init__(**kwargs)
comments = Comment.select().order_by(Comment.collection)
if filter == 'awaiting_moderation':
comments = comments.where((Comment.captcha_passed == True) & (Comment.moderation_passed == False))
elif filter == 'awaiting_captcha':
comments = comments.where(Comment.captcha_passed == False)
elif filter == 'public':
comments = comments.where((Comment.captcha_passed == True) & (Comment.moderation_passed == True))
elif filter == 'all':
pass
else:
raise ValueError("Invalid filter")
self.filters = rendering.Menu(
'comment-moderation-actions',
items=(
{
'endpoint': 'admin.comment_moderation',
'params': {'filter': 'awaiting_moderation'},
'label': 'Awaiting moderation',
},
{
'endpoint': 'admin.comment_moderation',
'params': {'filter': 'awaiting_captcha'},
'label': 'Awaiting Captcha',
},
{
'endpoint': 'admin.comment_moderation',
'params': {'filter': 'public'},
'label': 'Public',
},
{
'endpoint': 'admin.comment_moderation',
'params': {'filter': 'all'},
'label': 'All',
},
)
)
self.comments = form.MultiGroup(form.types.INT, 'comments', required=True)
for comment in comments:
fs = form.Fieldset(name=f'comment-{comment.id}')
fs[f'comment-preview-{comment.id}'] = form.RenderableField(comment, mode='inline')
fs[f'comment-{comment.id}'] = form.Checkbox(group=self.comments, value=comment.id)
self[fs.name] = fs
self.buttons['approve'] = form.Button(label='Approve')
self.buttons['delete'] = form.Button(label='Delete')
def process(self, submit):
if submit == 'approve':
count = Comment.update(
moderation_passed=True,
captcha_passed=True
).where(Comment.id << self.comments.values).execute()
flask.flash(f"Approved {count} comments.", 'success')
elif submit == 'delete':
count = Comment.delete().where(
Comment.id << self.comments.values
).execute()
flask.flash(f"Deleted {count} comments.", 'success')
return flask.redirect('')
@app.admin.route('/comment/moderation/', methods=['GET', 'POST'])
@app.admin.route('/comment/moderation/<string:filter>/', methods=['GET', 'POST'])
@rendering.page()
def comment_moderation(filter='awaiting_moderation'):
f = ModerationForm(filter)
if flask.request.method == 'POST':
redirect = f.handle()
if redirect:
return redirect
return f