Add HTML form entry point

7 years ago · eecea8c661
parent ffdfe3985c
commit eecea8c661
7 changed files with 131 additions and 164 deletions
--- a/app/controllers/api.py
+++ b/app/controllers/api.py
@ -89,69 +89,3 @@ def new_comment():
        abort(400)

    return "OK"
-
-
-@app.route("/report", methods=['GET'])
-def report():
-
-    try:
-        token = request.args.get('token', '')
-        secret = request.args.get('secret', '')
-
-        if secret != config.SECRET:
-            logger.warn('Unauthorized request')
-            abort(401)
-
-        site = Site.select().where(Site.token == token).get()
-        if site is None:
-            logger.warn('Unknown site %s' % token)
-            abort(404)
-
-        processor.enqueue({'request': 'report', 'data': token})
-
-
-    except:
-        logger.exception("report failure")
-        abort(500)
-
-    return "OK"
-
-
-@app.route("/accept", methods=['GET'])
-def accept_comment():
-
-    try:
-        id = request.args.get('comment', '')
-        secret = request.args.get('secret', '')
-
-        if secret != config.SECRET:
-            logger.warn('Unauthorized request')
-            abort(401)
-
-        processor.enqueue({'request': 'late_accept', 'data': id})
-
-    except:
-        logger.exception("accept failure")
-        abort(500)
-
-    return "PUBLISHED"
-
-
-@app.route("/reject", methods=['GET'])
-def reject_comment():
-
-    try:
-        id = request.args.get('comment', '')
-        secret = request.args.get('secret', '')
-
-        if secret != config.SECRET:
-            logger.warn('Unauthorized request')
-            abort(401)
-
-        processor.enqueue({'request': 'late_reject', 'data': id})
-
-    except:
-        logger.exception("reject failure")
-        abort(500)
-
-    return "REJECTED"
--- a/app/controllers/form.py
+++ b/app/controllers/form.py
@ -0,0 +1,41 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import logging
+import config
+from flask import request, jsonify, abort
+from app import app
+from app.models.site import Site
+from app.models.comment import Comment
+from app.helpers.hashing import md5
+from app.services import processor
+
+logger = logging.getLogger(__name__)
+
+@app.route("/newcomment", methods=['POST'])
+def new_form_comment():
+
+    try:
+        data = request.form
+        logger.info(data)
+
+        # validate token: retrieve site entity
+        token = data.get('token', '')
+        site = Site.select().where(Site.token == token).get()
+        if site is None:
+            logger.warn('Unknown site %s' % token)
+            abort(400)
+
+        # honeypot for spammers
+        captcha = data.get('captcha', '')
+        if captcha:
+            logger.warn('discard spam: data %s' % data)
+            abort(400)
+
+        processor.enqueue({'request': 'new_comment', 'data': data})
+
+    except:
+        logger.exception("new comment failure")
+        abort(400)
+
+    return "OK"
--- a/app/controllers/report.py
+++ b/app/controllers/report.py
@ -0,0 +1,78 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import logging
+import config
+from flask import request, jsonify, abort
+from app import app
+from app.models.site import Site
+from app.models.comment import Comment
+from app.helpers.hashing import md5
+from app.services import processor
+
+logger = logging.getLogger(__name__)
+
+@app.route("/report", methods=['GET'])
+def report():
+
+    try:
+        token = request.args.get('token', '')
+        secret = request.args.get('secret', '')
+
+        if secret != config.SECRET:
+            logger.warn('Unauthorized request')
+            abort(401)
+
+        site = Site.select().where(Site.token == token).get()
+        if site is None:
+            logger.warn('Unknown site %s' % token)
+            abort(404)
+
+        processor.enqueue({'request': 'report', 'data': token})
+
+
+    except:
+        logger.exception("report failure")
+        abort(500)
+
+    return "OK"
+
+
+@app.route("/accept", methods=['GET'])
+def accept_comment():
+
+    try:
+        id = request.args.get('comment', '')
+        secret = request.args.get('secret', '')
+
+        if secret != config.SECRET:
+            logger.warn('Unauthorized request')
+            abort(401)
+
+        processor.enqueue({'request': 'late_accept', 'data': id})
+
+    except:
+        logger.exception("accept failure")
+        abort(500)
+
+    return "PUBLISHED"
+
+
+@app.route("/reject", methods=['GET'])
+def reject_comment():
+
+    try:
+        id = request.args.get('comment', '')
+        secret = request.args.get('secret', '')
+
+        if secret != config.SECRET:
+            logger.warn('Unauthorized request')
+            abort(401)
+
+        processor.enqueue({'request': 'late_reject', 'data': id})
+
+    except:
+        logger.exception("reject failure")
+        abort(500)
+
+    return "REJECTED"
--- a/app/run.py
+++ b/app/run.py
@ -20,6 +20,8 @@ import config
 from app.services import database
 from app.services import processor
 from app.controllers import api
+from app.controllers import form
+from app.controllers import report
 from app.controllers import mail
 from app.controllers import reader
 from app import app
--- a/go-http/config.json
+++ b/go-http/config.json
@ -1,5 +0,0 @@
-{
-  "HostPort":"127.0.0.1:8101",
-  "Stacosys":"http://127.0.0.1:8100",
-  "CorsOrigin":"blogduyax.madyanne.fr"
-}
--- a/go-http/httpfastcache.go
+++ b/go-http/httpfastcache.go
@ -1,85 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"flag"
-	"fmt"
-	"github.com/patrickmn/go-cache"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"time"
-)
-
-// ConfigType represents config info
-type ConfigType struct {
-	HostPort   string
-	Stacosys   string
-	CorsOrigin string
-}
-
-var config ConfigType
-var countCache = cache.New(5*time.Minute, 10*time.Minute)
-
-func die(format string, v ...interface{}) {
-	fmt.Fprintln(os.Stderr, fmt.Sprintf(format, v...))
-	os.Exit(1)
-}
-
-func commentsCount(w http.ResponseWriter, r *http.Request) {
-
-	// only GET method is supported
-	if r.Method != "GET" {
-		http.NotFound(w, r)
-		return
-	}
-
-	// set header
-	w.Header().Add("Content-Type", "application/json")
-	w.Header().Add("Access-Control-Allow-Origin", config.CorsOrigin)
-
-	// get cached value
-	cachedBody, found := countCache.Get(r.URL.String())
-	if found {
-		//fmt.Printf("return cached value")
-		w.Write([]byte(cachedBody.(string)))
-		return
-	}
-
-	// relay request to stacosys
-	response, err := http.Get(config.Stacosys + r.URL.String())
-	if err != nil {
-		http.NotFound(w, r)
-		return
-	}
-	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
-	if err != nil {
-		http.NotFound(w, r)
-		return
-	}
-
-	// cache body and return response
-	countCache.Set(r.URL.String(), string(body), cache.DefaultExpiration)
-	//fmt.Printf(string(body))
-	w.Write(body)
-}
-
-func main() {
-	pathname := flag.String("config", "", "config pathname")
-	flag.Parse()
-	if *pathname == "" {
-		die("%s --config <pathname>", os.Args[0])
-	}
-	// read config File
-	file, e := ioutil.ReadFile(*pathname)
-	if e != nil {
-		die("File error: %v", e)
-	}
-	json.Unmarshal(file, &config)
-	fmt.Printf("config: %s\n", string(file))
-
-	//http.HandleFunc("/comments/count/", commentsCount)
-	http.HandleFunc("/comments/count", commentsCount)
-	http.ListenAndServe(config.HostPort, nil)
-}
--- a/requirements.txt
+++ b/requirements.txt
@ -1,14 +1,16 @@
+certifi==2017.11.5
+chardet==3.0.4
 click==6.7
-clize==2.4
 Flask==0.12.2
 Flask-Cors==3.0.3
+idna==2.6
 itsdangerous==0.24
-Jinja2==2.7.3
-Markdown==2.6.2
-MarkupSafe==0.23
-peewee==2.6.0
-PyMySQL==0.6.6
+Jinja2==2.10
+Markdown==2.6.9
+MarkupSafe==1.0
+peewee==2.10.2
 PyRSS2Gen==1.1
-requests==2.7.0
-six==1.9.0
+requests==2.18.4
+six==1.11.0
+urllib3==1.22
 Werkzeug==0.12.2