radiant-comments-extension 0.0.6

data/app/controllers/comments_controller.rb

@@ -0,0 +1,59 @@
+class CommentsController < ApplicationController
+  
+  no_login_required
+  skip_before_filter :verify_authenticity_token
+  before_filter :find_page
+  before_filter :set_host
+
+  def index
+    @page.selected_comment = @page.comments.find_by_id(flash[:selected_comment])
+    @page.request = request
+    render :text => @page.render
+  end
+  
+  def create
+    comment = @page.comments.build(params[:comment])
+    comment.request = request
+    comment.request = @page.request = request
+    comment.save!
+    
+    clear_single_page_cache(comment)
+    if Radiant::Config['comments.notification'] == "true"
+      if comment.approved? || Radiant::Config['comments.notify_unapproved'] == "true"
+        CommentMailer.deliver_comment_notification(comment)
+      end
+    end
+    
+    flash[:selected_comment] = comment.id
+    redirect_to "#{@page.url}comments#comment-#{comment.id}"
+  rescue ActiveRecord::RecordInvalid
+    @page.last_comment = comment
+    render :text => @page.render
+ # rescue Comments::MollomUnsure
+    #flash, en render :text => @page.render
+  end
+  
+  private
+  
+    def find_page
+      url = params[:url]
+      url.shift if defined?(SiteLanguage) && SiteLanguage.count > 1
+      @page = Page.find_by_url(url.join("/"))
+    end
+    
+    def set_host
+      CommentMailer.default_url_options[:host] = request.host_with_port
+    end
+    
+    def clear_single_page_cache(comment)
+      if comment && comment.page
+        unless defined?(ResponseCache)
+          Radiant::Cache::EntityStore.new.purge(comment.page.url)
+          Radiant::Cache::MetaStore.new.purge(comment.page.url)
+        else
+          ResponseCache.instance.clear
+        end
+      end
+    end
+  
+end

data/app/helpers/admin/comments_helper.rb

@@ -0,0 +1,7 @@
+module Admin::CommentsHelper
+  def link_or_span_unless_current(text, url, options={})
+    link_to_unless_current(text,url, options) do
+      content_tag(:span, text)
+    end
+  end
+end

data/app/models/akismet_spam_filter.rb

@@ -0,0 +1,37 @@
+class AkismetSpamFilter < SpamFilter
+  def message
+    'Protected by <a href="http://akismet.com/">Akismet</a>'
+  end
+  
+  def configured?
+    !Radiant::Config['comments.akismet_key'].blank? &&
+    !Radiant::Config['comments.akismet_url'].blank?
+  end
+
+  def approved?(comment)
+    (akismet.valid? && ham?(comment)) || raise(SpamFilter::Spam)
+  rescue
+    # Spam and anything raised by Net::HTTP, e.g. Errno, Timeout stuff
+    false
+  end
+
+  def akismet
+    @akismet ||= Akismet.new(Radiant::Config['comments.akismet_key'], Radiant::Config['comments.akismet_url'])
+  end
+
+  private
+  def ham?(comment)
+    !akismet.commentCheck(
+      comment.author_ip,            # remote IP
+      comment.user_agent,           # user agent
+      comment.referrer,             # http referer
+      comment.page.url,             # permalink
+      'comment',                    # comment type
+      comment.author,               # author name
+      comment.author_email,         # author email
+      comment.author_url,           # author url
+      comment.content,              # comment text
+      {}                            # other
+    )
+  end
+end

data/app/models/comment.rb

@@ -0,0 +1,121 @@
+require 'digest/md5'
+class Comment < ActiveRecord::Base
+  belongs_to :page, :counter_cache => true
+
+  named_scope :unapproved, :conditions => {:approved_at => nil}
+  named_scope :approved, :conditions => 'approved_at IS NOT NULL'
+  named_scope :recent, :order => 'created_at DESC'
+
+  validate :check_for_spam
+  validates_presence_of :author, :author_email, :content
+
+  before_save :auto_approve
+  before_save :apply_filter
+  before_save :canonicalize_url
+
+  attr_accessor :valid_spam_answer, :spam_answer
+  attr_accessible :author, :author_email, :author_url, :filter_id, :content, :valid_spam_answer, :spam_answer
+
+  def self.per_page
+    count = Radiant::Config['comments.per_page'].to_i.abs
+    count > 0 ? count : 50
+  end
+
+  def self.spam_filter
+    @spam_filter ||= SpamFilter.select
+  end
+
+  def self.simple_spam_filter_enabled?
+    spam_filter == SimpleSpamFilter && spam_filter.required?
+  end
+  
+  def request=(request)
+    self.author_ip = request.remote_ip
+    self.user_agent = request.env['HTTP_USER_AGENT']
+    self.referrer = request.env['HTTP_REFERER']
+  end
+
+  def auto_approve?
+    Radiant::Config['comments.auto_approve'] == "true" && spam_filter.approved?(self)
+  end
+
+  def unapproved?
+    !approved?
+  end
+
+  def approved?
+    !approved_at.nil?
+  end
+
+  def ap_status
+    if approved?
+      "approved"
+    else
+      "unapproved"
+    end
+  end
+
+  def approve!
+    self.update_attribute(:approved_at, Time.now)
+  end
+
+  def unapprove!
+    self.update_attribute(:approved_at, nil)
+    spam_filter.spam!(self)
+  end
+
+  def check_for_spam
+    spam_filter && spam_filter.valid?(self)
+  end
+
+  private
+    def spam_filter
+      self.class.spam_filter
+    end
+    
+    def auto_approve
+      self.approved_at = Time.now if auto_approve?
+    end
+
+    def apply_filter
+      cleaner_type = defined?(COMMENT_SANITIZE_OPTION) ? COMMENT_SANITIZE_OPTION : Sanitize::Config::RELAXED
+      sanitized_content = Sanitize.clean(content, cleaner_type)
+      self.content_html = filter.filter(sanitized_content)
+    end
+
+    def canonicalize_url
+      self.author_url = CGI.escapeHTML(author_url =~ /\Ahttps?:\/\//i ? author_url : "http://#{author_url}") unless author_url.blank?
+    end
+
+    def filter
+      if filtering_enabled? && filter_from_form
+        filter_from_form
+      else
+        SimpleFilter.new
+      end
+    end
+
+    def filter_from_form
+      unless filter_id.blank?
+        TextFilter.descendants.find { |f| f.filter_name == filter_id }
+      else
+        nil
+      end
+    end
+
+    def filtering_enabled?
+      Radiant::Config['comments.filters_enabled'] == "true"
+    end
+
+  class SimpleFilter
+    include ERB::Util
+    include ActionView::Helpers::TextHelper
+    include ActionView::Helpers::TagHelper
+
+    def filter(content)
+      simple_format(escape_once(content))
+    end
+  end
+
+  class AntispamWarning < StandardError; end
+end

data/app/models/comment_mailer.rb

@@ -0,0 +1,24 @@
+class CommentMailer < ActionMailer::Base
+  def comment_notification(comment, sent_at = Time.now)
+    notify_creator_config = Radiant::Config['comments.notify_creator']
+    notify_updater_config = Radiant::Config['comments.notify_updater']
+    notification_to_config = Radiant::Config['comments.notification_to']
+    
+    receivers = []
+    receivers << notification_to_config unless notification_to_config.blank?
+    receivers << comment.page.created_by.email unless notify_creator_config == "false"
+    if notify_updater_config == "true" && comment.page.updated_by != comment.page.created_by
+      receivers << comment.page.updated_by.email
+    end
+    
+    page_url  = root_url(:host => default_url_options[:host], :port => default_url_options[:port])[0..-2] + comment.page.url
+    site_name = Radiant::Config['comments.notification_site_name']
+    
+    subject    "[#{site_name}] New #{comment.ap_status} comment posted"
+    recipients receivers.join(',')
+    from       Radiant::Config['comments.notification_from']
+    sent_on    sent_at
+    
+    body :site_name => site_name, :comment => comment, :page_url => page_url
+  end
+end

data/app/models/mollom_spam_filter.rb

@@ -0,0 +1,52 @@
+class MollomSpamFilter < SpamFilter
+  def message
+    'Protected by <a href="http://mollom.com">Mollom</a>'
+  end
+  
+  def configured?
+    !Radiant::Config['comments.mollom_privatekey'].blank? &&
+    !Radiant::Config['comments.mollom_publickey'].blank?
+  end
+
+  def approved?(comment)
+    (mollom.key_ok? && ham?(comment)) || raise(SpamFilter::Spam)
+  rescue Mollom::Error, SpamFilter::Spam
+    false
+  end
+
+  def spam!(comment)
+    begin
+      if mollom.key_ok? and !comment.mollom_id.empty?
+        mollom.send_feedback :session_id => comment.mollom_id, :feedback => 'spam'
+      end
+    rescue Mollom::Error => e
+      raise Comment::AntispamWarning.new(e.to_s)
+    end
+  end
+
+  def mollom
+    @mollom ||= Mollom.new(:private_key => Radiant::Config['comments.mollom_privatekey'], :public_key => Radiant::Config['comments.mollom_publickey']).tap do |m|
+      unless Rails.cache.read('MOLLOM_SERVER_CACHE').blank?
+        m.server_list = YAML::load(Rails.cache.read('MOLLOM_SERVER_CACHE'))
+      end
+    end
+  end
+
+  private
+  def ham?(comment)
+    response = mollom.check_content(
+      :author_name => comment.author,            # author name
+      :author_mail => comment.author_email,         # author email
+      :author_url => comment.author_url,           # author url
+      :post_body => comment.content              # comment text
+      )
+    comment.mollom_id = response.session_id
+    save_mollom_servers
+    response.ham?
+  end
+
+  def save_mollom_servers
+    Rails.cache.write('MOLLOM_SERVER_CACHE', mollom.server_list.to_yaml) if mollom.key_ok?
+  rescue Mollom::Error #TODO: something with this error...
+  end
+end

data/app/models/simple_spam_filter.rb

@@ -0,0 +1,38 @@
+# A simple challenge-response spam filter
+class SimpleSpamFilter < SpamFilter
+  def message
+    if required?
+      'Comments are protected from spam by a simple challenge/response field.  For more robust spam filtering, try <a href="http://mollom.com">Mollom</a> or <a href="http://akismet.com/">Akismet</a>.'
+    else
+      'You have 3 built-in options for spam protection although currently comments are not automatically protected. Install <a href="http://mollom.com">Mollom</a> or <a href="http://akismet.com/">Akismet</a> to protect against comment spam through an external service, or use the &lt;r:comments:spam_answer_tag /&gt;. Instructions may be found in the README.'
+    end
+  end
+  
+  def configured?
+    true
+  end
+
+  # Instead of filtering at the approval stage, the simple spam filter requires 
+  # the user to give the correct answer before saving the record.
+  def valid?(comment)
+    if !required? || comment.valid_spam_answer == hashed_spam_answer(comment)
+      true
+    else
+      comment.errors.add :spam_answer, "is not correct."
+      false
+    end
+  end
+  
+  def approved?(comment)
+    true
+  end
+
+  def required?
+    Radiant::Config['comments.simple_spam_filter_required?']
+  end
+
+  private
+  def hashed_spam_answer(comment)
+    Digest::MD5.hexdigest(comment.spam_answer.to_s.to_slug)
+  end
+end

data/app/models/spam_filter.rb

@@ -0,0 +1,43 @@
+unless Array.instance_methods.include?('without')
+  class Array
+    def without(object)
+      self.dup.tap do |new_array|
+        new_array.delete(object)
+      end
+    end
+  end
+end
+
+class SpamFilter
+  include Simpleton
+  
+  def message
+    raise NotImplementedError, 'spam filter subclasses should implement this method'
+  end
+  
+  def select
+    # Make sure Simple filter comes last, as a fallback
+    filters = SpamFilter.descendants.without(SimpleSpamFilter) << SimpleSpamFilter
+    filters.find {|filter| filter.try(:configured?) }
+  end
+  
+  def approved?(comment)
+    raise NotImplementedError, "spam filter subclasses should implement this method"
+  end
+  
+  def spam!(comment)
+    # This is only implemented in filters that accept feedback like Mollom
+  end
+  
+  def configured?
+    false
+  end
+  
+  # By default, let comments save to the database.  Then they can be approved
+  # manually or auto-approved by the filter.
+  def valid?(comment)
+    true
+  end
+  
+  class Spam < ::StandardError; end
+end

data/app/views/admin/comments/_comment.rhtml

@@ -0,0 +1,34 @@
+<tr id="<%= dom_id(comment) %>" class="comment<%= " approved" if comment.approved? %>">
+  <td class="content" <% if comment.content.size >= 70 -%>title="Click to toggle complete text"<% end-%>>
+    <blockquote class="short"><%= escape_once(truncate(comment.content, :length => 70)) %></blockquote>
+    <% if comment.content.size >= 70 %>
+    <blockquote class="expanded" style="display:none"><%= escape_once(comment.content) %></blockquote>
+    <% end %>
+  </td>
+  <td class="date">
+    <%= comment.created_at.strftime("%b %e, %Y at %I:%M%p") %>
+  </td>
+  <td class="author">
+    by <%= escape_once(comment.author) %>
+    <% unless comment.author_email.blank? %><%= mail_to(comment.author_email, image_tag("admin/email.png"))%><% end %>
+    <% unless comment.author_url.blank? %><%= link_to(image_tag("admin/link.png"), comment.author_url) %><% end %>
+  </td>
+  <% unless @page %>
+    <td class="page">
+      on
+      <%= link_to truncate(comment.page.title, :length => 40), comment.page.url, :class => 'view-page' %>
+      <%= link_to image_tag("admin/page_white_edit.png"),
+                    edit_admin_page_path(comment.page), :title => "Edit page" %>
+    </td>
+  <% end %>
+  <td class="controls">
+    <%= link_to(image_tag('admin/accept.png'), approve_admin_comment_path(comment),
+          :title => "Approve comment", :method => :put) unless comment.approved? %>
+    <%= link_to(image_tag('admin/error.png'), unapprove_admin_comment_path(comment),
+          :method => :put, :title => "Unapprove comment") if comment.approved? %>
+    <%= link_to image_tag("admin/delete.png"), admin_comment_path(comment),
+          :method => :delete, :confirm => "Are you sure you want to delete this comment?", :title => "Delete comment" %>
+    <%= link_to image_tag("admin/comment_edit.png"), edit_admin_comment_path(comment),
+          :title => "Edit comment" %>
+  </td>
+</tr>

data/app/views/admin/comments/_form.rhtml

@@ -0,0 +1,36 @@
+<% if Comment.spam_filter == SimpleSpamFilter %>
+  <div style="display:none">
+    <%= f.hidden_field :spam_answer, :value => "hemidemisemiquaver" %>
+    <%= f.hidden_field :valid_spam_answer, :value => Digest::MD5.hexdigest("hemidemisemiquaver") %>
+  </div>
+<% end %>
+<div id="comment_form_container" class="form-area">
+  <div class="row">
+    <p>
+      <label for="comment_author">Author</label><br/>
+      <%= f.text_field :author %>
+    </p>
+    <p>
+      <label for="comment_author_url">URL</label><br/>
+      <%= f.text_field :author_url %>
+    </p>
+  </div>
+  <br style="clear: both" />
+  <p>
+    <label for="comment_author_email">Email</label><br/>
+    <%= f.text_field :author_email %>
+  </p>
+  <p>
+    <label for="comment_content">Comment</label><br />
+    <%= f.text_area :content, :rows => 10, :cols => 72, :class => "textarea"%>
+  </p>
+  <p>
+    <label for="comment_filter_id">Filter</label>
+    <%= f.select :filter_id, [['<none>', '']] + TextFilter.descendants.map { |s| s.filter_name }.sort %>
+  </p>
+</div>
+<p class="buttons">
+  <%= save_model_button(@comment) %>
+  or
+  <%= link_to "Cancel", :back %>
+</p>