rethoth 0.4.1

data/lib/thoth/controller/post.rb

@@ -0,0 +1,310 @@
+#--
+# Copyright (c) 2017 John Pagonis <john@pagonis.org>
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+  class PostController < Controller
+    map '/post'
+    helper :cache, :pagination, :wiki
+
+    cache_action(:method => :atom, :ttl => 120)
+
+    def index(name = nil)
+      error_404 unless name && @post = Post.get(name)
+
+      # Permanently redirect id-based URLs to name-based URLs to reduce search
+      # result dupes and improve pagerank.
+      raw_redirect(@post.url, :status => 301) if name =~ /^\d+$/
+
+      cache_key = "comments_#{@post.id}_#{auth_key_valid?.to_s}"
+
+      if request.post? && @post.allow_comments && Config.site['enable_comments']
+        # Dump the request if the robot traps were triggered.
+        error_404 unless request['captcha'].empty? && request['comment'].empty?
+
+        # Create a new comment.
+        comment = Comment.new do |c|
+          c.post_id      = @post.id
+          c.author       = request[:author]
+          c.author_email = request[:author_email]
+          c.author_url   = request[:author_url]
+          c.title        = ''
+          c.body         = request[:body]
+          c.ip           = request.ip
+        end
+
+        # Set cookies.
+        expire = Time.now + 5184000 # two months from now
+
+        response.set_cookie(:thoth_author, :expires => expire, :path => '/',
+            :value => comment.author)
+        response.set_cookie(:thoth_author_email, :expires => expire,
+            :path => '/', :value => comment.author_email)
+        response.set_cookie(:thoth_author_url, :expires => expire, :path => '/',
+            :value => comment.author_url)
+
+        if comment.valid? && request[:action] == 'Post Comment'
+          begin
+            raise unless comment.save
+          rescue => e
+            @comment_error = 'There was an error posting your comment. ' <<
+                'Please try again later.'
+          else
+            flash[:success] = 'Comment posted.'
+            cache_value.delete(cache_key)
+            redirect(rs(@post.name).to_s + "#comment-#{comment.id}")
+          end
+        end
+
+        @author       = comment.author
+        @author_email = comment.author_email
+        @author_url   = comment.author_url
+        @preview      = comment
+      elsif @post.allow_comments && Config.site['enable_comments']
+        @author       = cookie(:thoth_author, '')
+        @author_email = cookie(:thoth_author_email, '')
+        @author_url   = cookie(:thoth_author_url, '')
+      end
+
+      @title = @post.title
+
+      if Config.site['enable_comments']
+        @comment_action = r(:/, @post.name).to_s + '#post-comment'
+
+        # Since repeated calls to render_view are very expensive, we pre-render
+        # the comments here and cache them to speed up future pageviews.
+        unless @comments_rendered = cache_value[cache_key]
+          @comments_rendered = ''
+
+          @post.comments.all.each do |comment|
+            @comments_rendered << CommentController.render_view(:comment,
+                :comment => comment)
+          end
+
+          cache_value.store(cache_key, @comments_rendered, :ttl => 300)
+        end
+
+        @feeds = [{
+          :href  => @post.atom_url,
+          :title => 'Comments on this post',
+          :type  => 'application/atom+xml'
+        }]
+      end
+
+      @show_post_edit = true
+    end
+
+    def atom(name = nil)
+      error_404 unless name && post = Post.get(name)
+
+      # Permanently redirect id-based URLs to name-based URLs to reduce search
+      # result dupes and improve pagerank.
+      raw_redirect(post.atom_url, :status => 301) if name =~ /^\d+$/
+
+      response['Content-Type'] = 'application/atom+xml'
+
+      comments = post.comments.reverse_order.limit(20)
+      updated  = comments.count > 0 ? comments.first.created_at.xmlschema :
+          post.created_at.xmlschema
+
+      x = Builder::XmlMarkup.new(:indent => 2)
+      x.instruct!
+
+      x.feed(:xmlns => 'http://www.w3.org/2005/Atom') {
+        x.id       post.url
+        x.title    "Comments on \"#{post.title}\" - #{Config.site['name']}"
+        x.updated  updated
+        x.link     :href => post.url
+        x.link     :href => post.atom_url, :rel => 'self'
+
+        comments.all do |comment|
+          x.entry {
+            x.id        comment.url
+            x.title     comment.title
+            x.published comment.created_at.xmlschema
+            x.updated   comment.updated_at.xmlschema
+            x.link      :href => comment.url, :rel => 'alternate'
+            x.content   comment.body_rendered, :type => 'html'
+
+            x.author {
+              x.name comment.author
+
+              if comment.author_url && !comment.author_url.empty?
+                x.uri comment.author_url
+              end
+            }
+          }
+        end
+      }
+
+      throw(:respond, x.target!)
+    end
+
+    def delete(id = nil)
+      require_auth
+
+      error_404 unless id && @post = Post[id]
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        if request[:confirm] == 'yes'
+          @post.destroy
+          Ramaze::Cache.action.clear
+          flash[:success] = 'Blog post deleted.'
+          redirect(MainController.r())
+        else
+          redirect(@post.url)
+        end
+      end
+
+      @title          = "Delete Post: #{@post.title}"
+      @show_post_edit = true
+    end
+
+    def edit(id = nil)
+      require_auth
+
+      unless @post = Post[id]
+        flash[:error] = 'Invalid post id.'
+        redirect(rs(:new))
+      end
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        if request[:name] && !request[:name].empty?
+          @post.name = request[:name]
+        end
+
+        @post.title          = request[:title]
+        @post.body           = request[:body]
+        @post.tags           = request[:tags]
+        @post.allow_comments = !!request[:allow_comments]
+
+        @post.is_draft = @post.is_draft ? request[:action] != 'Publish' :
+            request[:action] == 'Unpublish & Save as Draft'
+
+        @post.created_at = Time.now if @post.is_draft
+
+        if @post.valid? && (@post.is_draft || request[:action] == 'Publish')
+          begin
+            Thoth.db.transaction do
+              raise unless @post.save && @post.tags = request[:tags]
+            end
+          rescue => e
+            @post_error = "There was an error saving your post: #{e}"
+          else
+            if @post.is_draft
+              flash[:success] = 'Draft saved.'
+              redirect(rs(:edit, @post.id))
+            else
+              Ramaze::Cache.action.clear
+              flash[:success] = 'Blog post published.'
+              redirect(rs(@post.name))
+            end
+          end
+        end
+      end
+
+      @title          = "Edit blog post - #{@post.title}"
+      @form_action    = rs(:edit, id)
+      @show_post_edit = true
+    end
+
+    def list(page = 1)
+      require_auth
+
+      page = page.to_i
+
+      @columns  = [:id, :title, :created_at, :updated_at]
+      @order    = (request[:order] || :desc).to_sym
+      @sort     = (request[:sort]  || :created_at).to_sym
+      @sort     = :created_at unless @columns.include?(@sort)
+      @sort_url = rs(:list, page)
+      
+      @posts = Post.filter(:is_draft => false).paginate(page, 20).order(
+                @order == :desc ? Sequel.desc(@sort) : @sort)
+
+      if page == 1
+        @drafts = Post.filter(:is_draft => true).order(
+            @order == :desc ? Sequel.desc(@sort) : @sort)
+      end
+
+      @title = "Blog Posts (page #{page} of #{[@posts.page_count, 1].max})"
+      @pager = pager(@posts, rs(:list, '__page__', :sort => @sort, :order => @order))
+    end
+
+    def new
+      require_auth
+
+      @title       = "New blog post - Untitled"
+      @form_action = rs(:new)
+
+      if request.post?
+        error_403 unless form_token_valid?
+
+        @post = Post.new do |p|
+          if request[:name] && !request[:name].empty?
+            p.name = request[:name]
+          end
+
+          p.title          = request[:title]
+          p.body           = request[:body]
+          p.tags           = request[:tags]
+          p.allow_comments = !!request[:allow_comments]
+          p.is_draft       = request[:action] == 'Save & Preview'
+        end
+
+        if @post.valid?
+          begin
+            Thoth.db.transaction do
+              raise unless @post.save && @post.tags = request[:tags]
+            end
+          rescue => e
+            @post.is_draft = true
+            @post_error    = "There was an error saving your post: #{e}"
+          else
+            if @post.is_draft
+              flash[:success] = 'Draft saved.'
+              redirect(rs(:edit, @post.id))
+            else
+              Ramaze::Cache.action.clear
+              flash[:success] = 'Blog post published.'
+              redirect(rs(@post.name))
+            end
+          end
+        else
+          @post.is_draft = true
+        end
+
+        @title = "New blog post - #{@post.title}"
+      end
+    end
+  end
+end

data/lib/thoth/controller/search.rb

@@ -0,0 +1,86 @@
+#--
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+  class SearchController < Controller
+    map '/search'
+    helper :cache, :ysearch
+
+    cache_action(:method => :index, :ttl => 300) do
+      auth_key_valid?.to_s + request[:q] + (request[:start] || '') +
+          (request[:count] || '')
+    end
+
+    def index
+      redirect_referrer if request[:q].nil? || request[:q].empty?
+      @query = request[:q].strip
+      redirect_referrer if @query.empty?
+
+      count  = request[:count] ? request[:count].strip.to_i : 10
+      start  = request[:start] ? request[:start].strip.to_i : 1
+
+      count = 5   if count < 5
+      count = 100 if count > 100
+      start = 1   if start < 1
+      start = 990 if start > 990
+
+      @title = "Search results for #{@query}"
+
+      @data = yahoo_search(
+        "#{@query} -inurl:/tag -inurl:/archive -inurl:/search",
+        :adult_ok => 1,
+        :results  => count,
+        :site     => Config.site['url'].gsub(/^https?:\/\/([^\/]+)\/?$/i){$1},
+        :start    => start
+      )
+
+      # Set up pagination links.
+      if @data[:available] > @data[:returned]
+        if @data[:start] > 1
+          prev_start = start - count
+          prev_start = 1 if prev_start < 1
+
+          @prev_url = "#{rs()}?q=#{u(@query)}&count=#{count}&start=" <<
+              prev_start.to_s
+        end
+
+        if @data[:available] > (@data[:start] + @data[:returned])
+          next_start = start + @data[:returned]
+          next_start = 1001 - count if next_start > (1001 - count)
+
+          @next_url = "#{rs()}?q=#{u(@query)}&count=#{count}&start=" <<
+              next_start.to_s
+        end
+      end
+
+    rescue SearchError => e
+      @error = e.message
+      @data  = {:results => []}
+    end
+  end
+end

data/lib/thoth/controller/tag.rb

@@ -0,0 +1,107 @@
+#--
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+  class TagController < Controller
+    map '/tag'
+    helper :cache, :pagination
+
+    cache_action(:method => :index, :ttl => 120) { auth_key_valid? }
+    cache_action(:method => :atom,  :ttl => 120)
+
+    def index(name = nil, page = 1)
+      error_404 unless name && @tag = Tag[:name => name.strip.downcase]
+
+      page = page.to_i
+      page = 1 unless page >= 1
+
+      @posts = @tag.posts.paginate(page, 10)
+
+      if page > @posts.page_count && @posts.page_count > 0
+        page   = @posts.page_count
+        @posts = @tag.posts.paginate(page, 10)
+      end
+
+      @title = "Posts tagged with \"#{@tag.name}\" (page #{page} of " <<
+          "#{@posts.page_count > 0 ? @posts.page_count : 1})"
+
+      @pager = pager(@posts, rs(:/, name, '__page__'))
+
+      @feeds = [{
+        :href  => @tag.atom_url,
+        :title => 'Posts with this tag',
+        :type  => 'application/atom+xml'
+      }]
+    end
+
+    def atom(name = nil)
+      error_404 unless name && tag = Tag[:name => name.strip.downcase]
+
+      response['Content-Type'] = 'application/atom+xml'
+
+      posts   = tag.posts.limit(10)
+      updated = posts.count > 0 ? posts.first.created_at.xmlschema :
+          Time.at(0).xmlschema
+
+      x = Builder::XmlMarkup.new(:indent => 2)
+      x.instruct!
+
+      x.feed(:xmlns => 'http://www.w3.org/2005/Atom') {
+        x.id       tag.url
+        x.title    "Posts tagged with \"#{tag.name}\" - #{Config.site['name']}"
+        x.updated  updated
+        x.link     :href => tag.url
+        x.link     :href => tag.atom_url, :rel => 'self'
+
+        x.author {
+          x.name  Config.admin['name']
+          x.email Config.admin['email']
+          x.uri   Config.site['url']
+        }
+
+        posts.all do |post|
+          x.entry {
+            x.id        post.url
+            x.title     post.title
+            x.published post.created_at.xmlschema
+            x.updated   post.updated_at.xmlschema
+            x.link      :href => post.url, :rel => 'alternate'
+            x.content   post.body_rendered, :type => 'html'
+
+            post.tags.each do |tag|
+              x.category :term => tag.name, :label => tag.name,
+                  :scheme => tag.url
+            end
+          }
+        end
+      }
+
+      throw(:respond, x.target!)
+    end
+  end
+end

data/lib/thoth/controller.rb

@@ -0,0 +1,48 @@
+#--
+# Copyright (c) 2017 John Pagonis <john@pagonis.org>
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+  class Controller < Ramaze::Controller
+    helper :admin, :cookie, :error
+
+    engine :Erubis
+    layout :default
+    map_layouts '/'
+    
+    # Displays a custom 404 error when a nonexistent action is requested.
+    def self.action_missing(path)
+      return if path == '/error_404'
+      try_resolve('/error_404')
+    end
+
+  end
+
+  Thoth.acquire(File.join(LIB_DIR, 'controller', '*'))
+  Thoth.acquire(File.join(LIB_DIR, 'controller', 'api', '*'))
+end

data/lib/thoth/errors.rb

@@ -0,0 +1,35 @@
+#--
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth
+
+  class Error < StandardError; end
+  class ConfigError < Error; end
+  class SchemaError < Error; end
+
+end

data/lib/thoth/helper/admin.rb

@@ -0,0 +1,86 @@
+#--
+# Copyright (c) 2017 John Pagonis <john@pagonis.org>
+# Copyright (c) 2009 Ryan Grove <ryan@wonko.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#   * Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright notice,
+#     this list of conditions and the following disclaimer in the documentation
+#     and/or other materials provided with the distribution.
+#   * Neither the name of this project nor the names of its contributors may be
+#     used to endorse or promote products derived from this software without
+#     specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#++
+
+module Thoth; module Helper
+
+  # The Admin helper provides methods for checking for or requiring
+  # authorization from within other actions and views.
+  module Admin
+    # Generates and returns an auth key suitable for storage in a client-side
+    # auth cookie. The key is an SHA256 hash of the following elements:
+    #
+    #   - Thoth HOME_DIR path
+    #   - user's IP address
+    #   - AUTH_SEED from Thoth config
+    #   - ADMIN_USER from Thoth config
+    #   - ADMIN_PASS from Thoth config
+    def auth_key
+      Digest::SHA256.hexdigest(HOME_DIR + request.ip + Config.admin['seed'] +
+          Config.admin['user'] + Config.admin['pass'])
+    end
+
+    # Validates the auth cookie and returns +true+ if the user is authenticated,
+    # +false+ otherwise.
+    def auth_key_valid?
+      return false unless thoth_auth = cookie(:thoth_auth)
+      thoth_auth == auth_key
+    end
+
+    # Returns a String that can be included in a hidden form field and used on
+    # submission to verify that the form was not submitted by an unauthorized
+    # third party.
+    def form_token
+      cookie_token = cookie(:thoth_token)
+      return cookie_token if cookie_token
+
+      chaos = [srand, rand, Time.now.to_f, HOME_DIR].join
+      cookie_token = Digest::SHA256.hexdigest(chaos)
+
+      response.set_cookie(:thoth_token,
+          :path  => '/',
+          :value => cookie_token
+        )
+
+      cookie_token
+    end
+
+    # Checks the form token specified by _name_ and returns +true+ if it's
+    # valid, +false+ otherwise.
+    def form_token_valid?(name = 'token')
+      request[name] == form_token
+    end
+
+    # Checks the auth cookie and redirects to the login page if the user is not
+    # authenticated.
+    def require_auth
+      redirect(AdminController.r()) unless auth_key_valid?
+    end
+  end
+
+end; end