From eecea8c66105d96240ca134459e275c920a9ddeb Mon Sep 17 00:00:00 2001 From: Yax <1949284+kianby@users.noreply.github.com> Date: Sat, 11 Nov 2017 07:33:21 +0100 Subject: [PATCH] Add HTML form entry point --- app/controllers/api.py | 66 ------------------------------ app/controllers/form.py | 41 +++++++++++++++++++ app/controllers/report.py | 78 +++++++++++++++++++++++++++++++++++ app/run.py | 2 + go-http/config.json | 5 --- go-http/httpfastcache.go | 85 --------------------------------------- requirements.txt | 18 +++++---- 7 files changed, 131 insertions(+), 164 deletions(-) create mode 100644 app/controllers/form.py create mode 100644 app/controllers/report.py delete mode 100644 go-http/config.json delete mode 100644 go-http/httpfastcache.go diff --git a/app/controllers/api.py b/app/controllers/api.py index 1879b6b..0facc42 100644 --- a/app/controllers/api.py +++ b/app/controllers/api.py @@ -89,69 +89,3 @@ def new_comment(): abort(400) return "OK" - - -@app.route("/report", methods=['GET']) -def report(): - - try: - token = request.args.get('token', '') - secret = request.args.get('secret', '') - - if secret != config.SECRET: - logger.warn('Unauthorized request') - abort(401) - - site = Site.select().where(Site.token == token).get() - if site is None: - logger.warn('Unknown site %s' % token) - abort(404) - - processor.enqueue({'request': 'report', 'data': token}) - - - except: - logger.exception("report failure") - abort(500) - - return "OK" - - -@app.route("/accept", methods=['GET']) -def accept_comment(): - - try: - id = request.args.get('comment', '') - secret = request.args.get('secret', '') - - if secret != config.SECRET: - logger.warn('Unauthorized request') - abort(401) - - processor.enqueue({'request': 'late_accept', 'data': id}) - - except: - logger.exception("accept failure") - abort(500) - - return "PUBLISHED" - - -@app.route("/reject", methods=['GET']) -def reject_comment(): - - try: - id = request.args.get('comment', '') - secret = request.args.get('secret', '') - - if secret != config.SECRET: - logger.warn('Unauthorized request') - abort(401) - - processor.enqueue({'request': 'late_reject', 'data': id}) - - except: - logger.exception("reject failure") - abort(500) - - return "REJECTED" diff --git a/app/controllers/form.py b/app/controllers/form.py new file mode 100644 index 0000000..3733793 --- /dev/null +++ b/app/controllers/form.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import logging +import config +from flask import request, jsonify, abort +from app import app +from app.models.site import Site +from app.models.comment import Comment +from app.helpers.hashing import md5 +from app.services import processor + +logger = logging.getLogger(__name__) + +@app.route("/newcomment", methods=['POST']) +def new_form_comment(): + + try: + data = request.form + logger.info(data) + + # validate token: retrieve site entity + token = data.get('token', '') + site = Site.select().where(Site.token == token).get() + if site is None: + logger.warn('Unknown site %s' % token) + abort(400) + + # honeypot for spammers + captcha = data.get('captcha', '') + if captcha: + logger.warn('discard spam: data %s' % data) + abort(400) + + processor.enqueue({'request': 'new_comment', 'data': data}) + + except: + logger.exception("new comment failure") + abort(400) + + return "OK" \ No newline at end of file diff --git a/app/controllers/report.py b/app/controllers/report.py new file mode 100644 index 0000000..c3467fd --- /dev/null +++ b/app/controllers/report.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import logging +import config +from flask import request, jsonify, abort +from app import app +from app.models.site import Site +from app.models.comment import Comment +from app.helpers.hashing import md5 +from app.services import processor + +logger = logging.getLogger(__name__) + +@app.route("/report", methods=['GET']) +def report(): + + try: + token = request.args.get('token', '') + secret = request.args.get('secret', '') + + if secret != config.SECRET: + logger.warn('Unauthorized request') + abort(401) + + site = Site.select().where(Site.token == token).get() + if site is None: + logger.warn('Unknown site %s' % token) + abort(404) + + processor.enqueue({'request': 'report', 'data': token}) + + + except: + logger.exception("report failure") + abort(500) + + return "OK" + + +@app.route("/accept", methods=['GET']) +def accept_comment(): + + try: + id = request.args.get('comment', '') + secret = request.args.get('secret', '') + + if secret != config.SECRET: + logger.warn('Unauthorized request') + abort(401) + + processor.enqueue({'request': 'late_accept', 'data': id}) + + except: + logger.exception("accept failure") + abort(500) + + return "PUBLISHED" + + +@app.route("/reject", methods=['GET']) +def reject_comment(): + + try: + id = request.args.get('comment', '') + secret = request.args.get('secret', '') + + if secret != config.SECRET: + logger.warn('Unauthorized request') + abort(401) + + processor.enqueue({'request': 'late_reject', 'data': id}) + + except: + logger.exception("reject failure") + abort(500) + + return "REJECTED" diff --git a/app/run.py b/app/run.py index fc8bd1a..073cea2 100644 --- a/app/run.py +++ b/app/run.py @@ -20,6 +20,8 @@ import config from app.services import database from app.services import processor from app.controllers import api +from app.controllers import form +from app.controllers import report from app.controllers import mail from app.controllers import reader from app import app diff --git a/go-http/config.json b/go-http/config.json deleted file mode 100644 index 61e7b52..0000000 --- a/go-http/config.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "HostPort":"127.0.0.1:8101", - "Stacosys":"http://127.0.0.1:8100", - "CorsOrigin":"blogduyax.madyanne.fr" -} diff --git a/go-http/httpfastcache.go b/go-http/httpfastcache.go deleted file mode 100644 index df48e8b..0000000 --- a/go-http/httpfastcache.go +++ /dev/null @@ -1,85 +0,0 @@ -package main - -import ( - "encoding/json" - "flag" - "fmt" - "github.com/patrickmn/go-cache" - "io/ioutil" - "net/http" - "os" - "time" -) - -// ConfigType represents config info -type ConfigType struct { - HostPort string - Stacosys string - CorsOrigin string -} - -var config ConfigType -var countCache = cache.New(5*time.Minute, 10*time.Minute) - -func die(format string, v ...interface{}) { - fmt.Fprintln(os.Stderr, fmt.Sprintf(format, v...)) - os.Exit(1) -} - -func commentsCount(w http.ResponseWriter, r *http.Request) { - - // only GET method is supported - if r.Method != "GET" { - http.NotFound(w, r) - return - } - - // set header - w.Header().Add("Content-Type", "application/json") - w.Header().Add("Access-Control-Allow-Origin", config.CorsOrigin) - - // get cached value - cachedBody, found := countCache.Get(r.URL.String()) - if found { - //fmt.Printf("return cached value") - w.Write([]byte(cachedBody.(string))) - return - } - - // relay request to stacosys - response, err := http.Get(config.Stacosys + r.URL.String()) - if err != nil { - http.NotFound(w, r) - return - } - defer response.Body.Close() - body, err := ioutil.ReadAll(response.Body) - if err != nil { - http.NotFound(w, r) - return - } - - // cache body and return response - countCache.Set(r.URL.String(), string(body), cache.DefaultExpiration) - //fmt.Printf(string(body)) - w.Write(body) -} - -func main() { - pathname := flag.String("config", "", "config pathname") - flag.Parse() - if *pathname == "" { - die("%s --config ", os.Args[0]) - } - // read config File - file, e := ioutil.ReadFile(*pathname) - if e != nil { - die("File error: %v", e) - } - json.Unmarshal(file, &config) - fmt.Printf("config: %s\n", string(file)) - - //http.HandleFunc("/comments/count/", commentsCount) - http.HandleFunc("/comments/count", commentsCount) - http.ListenAndServe(config.HostPort, nil) -} diff --git a/requirements.txt b/requirements.txt index cc8994e..311f04f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,14 +1,16 @@ +certifi==2017.11.5 +chardet==3.0.4 click==6.7 -clize==2.4 Flask==0.12.2 Flask-Cors==3.0.3 +idna==2.6 itsdangerous==0.24 -Jinja2==2.7.3 -Markdown==2.6.2 -MarkupSafe==0.23 -peewee==2.6.0 -PyMySQL==0.6.6 +Jinja2==2.10 +Markdown==2.6.9 +MarkupSafe==1.0 +peewee==2.10.2 PyRSS2Gen==1.1 -requests==2.7.0 -six==1.9.0 +requests==2.18.4 +six==1.11.0 +urllib3==1.22 Werkzeug==0.12.2