the_comments 0.9.0

data/app/controllers/concerns/the_comments_controller.rb

@@ -0,0 +1,227 @@
+module TheCommentsController
+  COMMENTS_COOKIES_TOKEN = 'JustTheCommentsCookies'
+
+  # View token for Commentable controller
+  #
+  # class PagesController < ApplicationController
+  #   include TheCommentsController::ViewToken
+  # end
+  module ViewToken
+    def comments_view_token
+      cookies[:comments_view_token] = { :value => SecureRandom.hex, :expires => 7.days.from_now } unless cookies[:comments_view_token]
+      cookies[:comments_view_token]
+    end
+  end
+
+  # Cookies for spam protection
+  #
+  # class ApplicationController < ActionController::Base
+  #   include TheCommentsController::Cookies
+  # end
+  module Cookies
+    extend ActiveSupport::Concern
+    included { before_action :set_the_comments_cookies }
+
+    private
+
+    def set_the_comments_cookies
+      cookies[:the_comment_cookies] = { :value => TheCommentsController::COMMENTS_COOKIES_TOKEN, :expires => 1.year.from_now }
+    end
+  end
+
+  # Base functionality of Comments Controller
+  #
+  # class CommentsController < ApplicationController
+  #   include TheCommentsController::Base
+  # end
+  module Base
+    extend ActiveSupport::Concern
+
+    included do
+      include TheCommentsController::ViewToken
+
+      before_action -> { @errors = [] }
+
+      # Attention! We should not set TheComments cookie before create
+      skip_before_action :set_the_comments_cookies, only: [:create]
+
+      # Black lists
+      before_action :stop_black_ip,           only: [:create]
+      before_action :stop_black_user_agent,   only: [:create]
+
+      # Spam protection
+      before_action :ajax_requests_required,  only: [:create]
+      before_action :cookies_required,        only: [:create]
+      before_action :empty_trap_required,     only: [:create]
+      before_action :tolerance_time_required, only: [:create]
+
+      # preparation
+      before_action :define_commentable, only: [:create]
+    end
+
+    # App side methods (overwrite it)
+    def index
+      @comments = Comment.with_state(:published).order('created_at DESC').page(params[:page])
+      render template: 'the_comments/index'
+    end
+
+    # Methods based on *current_user* helper
+    def edit
+      @comments = current_user.comcoms.where(id: params[:id]).page(params[:page])
+      render template: 'the_comments/manage'
+    end
+
+    def my
+      @comments = current_user.comments.with_state(:draft, :published).order('created_at DESC').page(params[:page])
+      render template: 'the_comments/index'
+    end
+
+    def incoming
+      @comments = current_user.comcoms.with_state(:draft, :published).order('created_at DESC').page(params[:page])
+      render template: 'the_comments/manage'
+    end
+
+    def trash
+      @comments = current_user.comcoms.with_state(:deleted).order('created_at DESC').page(params[:page])
+      render template: 'the_comments/manage'
+    end
+
+    # Base methods
+
+    def update
+      comment = Comment.where(id: params[:id]).first
+      comment.update_attributes!(patch_comment_params)
+      render(layout: false, partial: 'the_comments/comment_body', locals: { comment: comment })
+    end
+
+    def create
+      @comment = @commentable.comments.new comment_params
+      if @comment.valid?
+        @comment.save
+        return render layout: false, partial: 'the_comments/comment', locals: { tree: @comment }
+      end
+      render json: { errors: @comment.errors.full_messages }
+    end
+
+    def to_published
+      Comment.where(id: params[:id]).first.to_published
+      render nothing: :true
+    end
+
+    def to_draft
+      Comment.where(id: params[:id]).first.to_draft
+      render nothing: :true
+    end
+
+    def to_spam
+      comment = Comment.where(id: params[:id]).first
+      IpBlackList.where(ip: comment.ip).first_or_create.increment!(:count)
+      UserAgentBlackList.where(user_agent: comment.user_agent).first_or_create.increment!(:count)
+      comment.to_deleted
+      render nothing: :true
+    end
+
+    def to_trash
+      Comment.where(id: params[:id]).first.to_deleted
+      render nothing: :true
+    end
+
+    private
+
+    def denormalized_fields
+      title = @commentable.commentable_title
+      url   = @commentable.commentable_url
+      @commentable ? { commentable_title: title, commentable_url: url } : {}
+    end
+
+    def request_data_for_black_lists
+      r = request
+      { ip: r.ip, referer: CGI::unescape(r.referer  || 'direct_visit'), user_agent: r.user_agent }
+    end
+
+    def define_commentable
+      commentable_klass = params[:comment][:commentable_type].constantize
+      commentable_id    = params[:comment][:commentable_id]
+
+      @commentable = commentable_klass.where(id: commentable_id).first
+      return render(json: { errors: ['Commentable object is undefined'] }) unless @commentable
+    end
+
+    def comment_params
+      params
+        .require(:comment)
+        .permit(:title, :contacts, :raw_content, :parent_id)
+        .merge(user: current_user, view_token: comments_view_token)
+        .merge(denormalized_fields)
+        .merge( tolerance_time: params[:tolerance_time].to_i )
+        .merge(request_data_for_black_lists)
+    end
+
+    def patch_comment_params
+      params
+        .require(:comment)
+        .permit(:title, :contacts, :raw_content, :parent_id)
+    end
+
+    # Protection tricks
+    def cookies_required
+      unless cookies[:the_comment_cookies] == TheCommentsController::COMMENTS_COOKIES_TOKEN
+        @errors << [t('the_comments.cookies'), t('the_comments.cookies_required')].join(' ')
+        return render(json: { errors: @errors })
+      end
+    end
+
+    def ajax_requests_required
+      unless request.xhr?
+        IpBlackList.where(ip: request.ip).first_or_create.increment!(:count)
+        UserAgentBlackList.where(user_agent: request.user_agent).first_or_create.increment!(:count)
+        return render(text: t('the_comments.ajax_requests_required'))
+      end
+    end
+
+    def empty_trap_required
+      # TODO: 1) inject ?, 2) fields can be removed on client site
+      is_user = true
+      params.slice(*TheComments.config.empty_inputs).values.each{|v| is_user = is_user && v.blank? }
+
+      unless is_user
+        IpBlackList.where(ip: request.ip).first_or_create.increment!(:count)
+        UserAgentBlackList.where(user_agent: request.user_agent).first_or_create.increment!(:count)
+        @errors << [t('the_comments.trap'), t('the_comments.trap_message')].join(' ')
+        return render(json: { errors: @errors })
+      end
+    end
+
+    def tolerance_time_required
+      min_time  = TheComments.config.tolerance_time
+      this_time = params[:tolerance_time].to_i
+      if this_time < min_time
+        @errors << [t('the_comments.tolerance_time'), t('the_comments.tolerance_time_message', time: min_time - this_time )].join(' ')
+        return render(json: { errors: @errors })
+      end
+    end
+
+    def stop_black_ip
+      if IpBlackList.where(ip: request.ip, state: :banned).first
+        @errors << [t('the_comments.black_ip'), t('the_comments.black_ip_message')].join(' ')
+        return render(json: { errors: @errors })
+      end
+    end
+
+    def stop_black_user_agent
+      if UserAgentBlackList.where(user_agent: request.user_agent, state: :banned).first
+        @errors << [t('the_comments.black_user_agent'), t('the_comments.black_user_agent_message')].join(' ')
+        return render(json: { errors: @errors })
+      end
+    end
+
+    def time_tolerance_required
+      if params[:time_tolerance].to_i < TheComments.config.tolerance_time
+        errors = {}
+        errors[t('the_comments.time_tolerance')] = [t('the_comments.time_tolerance_message')]
+        return render(json: { errors: errors })
+      end
+    end
+
+  end#Base
+end

data/app/controllers/concerns/the_comments_ip_controller.rb

@@ -0,0 +1,17 @@
+module TheCommentsIpController
+  extend ActiveSupport::Concern
+
+  included do
+    def index
+      @ip_black_lists = if params[:ip]
+        IpBlackList.where(ip: params[:ip])
+      else
+        IpBlackList.order('count DESC').page(params[:page])
+      end
+    end
+
+    def to_state
+      return render text: IpBlackList.where(id: params[:ip_black_list_id]).first.update!(state: params[:state])
+    end
+  end
+end

data/app/controllers/concerns/the_comments_user_agent_controller.rb

@@ -0,0 +1,17 @@
+module TheCommentsUserAgentController
+  extend ActiveSupport::Concern
+
+  included do
+    def index
+      @ip_black_lists = if params[:ip]
+        UserAgentBlackList.where(ip: params[:ip])
+      else
+        UserAgentBlackList.order('count DESC').page(params[:page])
+      end
+    end
+
+    def to_state
+      return render text: UserAgentBlackList.where(id: params[:user_agent_black_list_id]).first.update!(state: params[:state])
+    end
+  end
+end

data/app/helpers/render_comments_tree_helper.rb

@@ -0,0 +1,113 @@
+# coding: UTF-8
+# DOC:
+# We use Helper Methods for tree building,
+# because it's faster than View Templates and Partials
+
+# SECURITY note
+# Prepare your data on server side for rendering
+# or use h.html_escape(node.content)
+# for escape potentially dangerous content
+module RenderCommentsTreeHelper
+  module Render 
+    class << self
+      attr_accessor :h, :options
+
+      # Main Helpers
+      def controller
+        @options[:controller]
+      end
+
+      def t str
+        controller.t str
+      end
+
+      # Render Helpers
+      def visible_draft?
+        controller.try(:comments_view_token) == @comment.view_token
+      end
+
+      def moderator?
+        controller.try(:current_user).try(:comment_moderator?, @comment)
+      end
+
+      # Render Methods
+      def render_node(h, options)
+        @h, @options = h, options
+        @comment     = options[:node]
+
+        @max_reply_depth = options[:max_reply_depth] || TheComments.config.max_reply_depth
+
+        if @comment.draft?
+          draft_comment
+        elsif @comment.published?
+          published_comment
+        else
+          deleted_comment
+        end
+      end
+
+      def draft_comment
+        if visible_draft? || moderator?
+          published_comment
+        else
+          "<li class='draft'>
+            <div class='comment draft' id='comment_#{@comment.anchor}'>
+              #{ t('the_comments.waiting_for_moderation') }
+              #{ h.link_to '#', '#comment_' + @comment.anchor }
+            </div>
+            #{ children }
+          </li>"
+        end
+      end
+
+      def published_comment
+        "<li>
+          <div id='comment_#{@comment.anchor}' class='comment #{@comment.state}' data-comment-id='#{@comment.to_param}'>
+            <div>
+              #{ avatar }
+              #{ userbar }
+              <div class='cbody'>#{ @comment.content }</div>
+              #{ reply }
+            </div>
+          </div>
+
+          <div class='form_holder'></div>
+          #{ children }
+        </li>"
+      end
+
+      def avatar
+        "<div class='userpic'>
+          <img src='#{ @comment.avatar_url }' alt='userpic' />
+          #{ controls }
+        </div>"
+      end
+
+      def userbar
+        anchor = h.link_to('#', '#comment_' + @comment.anchor)
+        title  = @comment.title.blank? ? t('the_comments.guest_name') : @comment.title
+        "<div class='userbar'>#{ title } #{ anchor }</div>"
+      end
+
+      def moderator_controls
+        if moderator?
+          h.link_to t('the_comments.edit'),       h.edit_comment_url(@comment),     class: :edit
+        end
+      end
+
+      def reply
+        if @comment.depth < @max_reply_depth
+          "<p class='reply'><a href='#' class='reply_link'>#{ t('the_comments.reply') }</a>"
+        end
+      end
+
+      def controls
+        "<div class='controls'>#{ moderator_controls }</div>"
+      end
+
+      def children
+        "<ol class='nested_set'>#{ options[:children] }</ol>"
+      end
+    end
+  end
+end

data/app/models/concerns/the_comments_base.rb

@@ -0,0 +1,64 @@
+module TheCommentsBase
+  extend ActiveSupport::Concern
+
+  included do
+    # Nested Set
+    attr_accessible :parent_id
+    acts_as_nested_set scope: [:commentable_type, :commentable_id]
+
+    # Comments State Machine
+    include TheCommentsStates
+
+    # TheSortableTree
+    include TheSortableTree::Scopes
+
+    attr_accessible :user, :title, :contacts, :raw_content, :view_token, :state
+    attr_accessible :ip, :referer, :user_agent, :tolerance_time
+
+    validates :raw_content, presence: true
+
+    # relations
+    belongs_to :user
+    belongs_to :holder, class_name: :User
+    belongs_to :commentable, polymorphic: true
+
+    # callbacks
+    before_create :define_holder, :define_anchor, :denormalize_commentable
+    after_create  :update_cache_counters
+    before_save   :prepare_content
+
+    def avatar_url
+      src = id.to_s
+      src = title unless title.blank?
+      src = contacts if !contacts.blank? && /@/ =~ contacts
+      hash = Digest::MD5.hexdigest(src)
+      "http://www.gravatar.com/avatar/#{hash}?s=40&d=identicon"
+    end
+
+    private
+
+    def define_anchor
+      self.anchor = SecureRandom.hex[0..5]
+    end
+
+    def define_holder
+      self.holder = self.commentable.user
+    end
+
+    def denormalize_commentable
+      self.commentable_title = self.commentable.try :commentable_title
+      self.commentable_url   = self.commentable.try :commentable_url
+      self.commentable_state = self.commentable.try :state
+    end
+
+    def prepare_content
+      self.content = self.raw_content
+    end
+
+    def update_cache_counters
+      self.user.try        :increment!, :draft_comments_count
+      self.holder.try      :increment!, :draft_comcoms_count
+      self.commentable.try :increment!, :draft_comments_count
+    end
+  end
+end

data/app/models/concerns/the_comments_black_ip.rb

@@ -0,0 +1,10 @@
+module TheCommentsBlackIp
+  extend ActiveSupport::Concern
+  
+  included do
+    attr_accessible :ip, :state
+
+    validates :ip, presence:   true
+    validates :ip, uniqueness: true
+  end
+end

data/app/models/concerns/the_comments_black_user_agent.rb

@@ -0,0 +1,10 @@
+module TheCommentsBlackUserAgent
+  extend ActiveSupport::Concern
+
+  included do
+    attr_accessible :ip, :state
+
+    validates :user_agent, presence:   true
+    validates :user_agent, uniqueness: true
+  end  
+end

data/app/models/concerns/the_comments_commentable.rb

@@ -0,0 +1,50 @@
+module TheCommentsCommentable
+  extend ActiveSupport::Concern
+
+  included do
+    has_many :comments, as: :commentable
+    
+    # TODO: update requests reduction
+    # *define_denormalize_flags* - should be placed before
+    # title or url builder filters
+    before_validation :define_denormalize_flags
+    after_save        :denormalize_for_comments
+
+    def commentable_title
+      try(:title) || 'Undefined title'
+    end
+
+    def commentable_url
+      # /pages/1
+      ['', self.class.to_s.tableize, self.to_param].join('/')
+    end
+
+    def comments_sum
+      published_comments_count + draft_comments_count
+    end
+
+    def recalculate_comments_counters
+      self.draft_comments_count     = comments.with_state(:draft).count
+      self.published_comments_count = comments.with_state(:published).count
+      self.deleted_comments_count   = comments.with_state(:deleted).count
+      save
+    end
+
+    private
+
+    def define_denormalize_flags
+      @_commentable_title = commentable_title
+      @_commentable_url   = commentable_url
+    end
+
+    def denormalize_for_comments
+      title_changed = @_commentable_title != commentable_title
+      url_changed   = @_commentable_url   != commentable_url
+      cstate = try(:state_changed?) ? { commentable_state: state } : {}
+
+      if title_changed || url_changed || !cstate.blank?
+        comments.update_all({ commentable_title: commentable_title, commentable_url: commentable_url}.merge(cstate))
+      end
+    end
+  end
+end

data/app/models/concerns/the_comments_states.rb

@@ -0,0 +1,64 @@
+module TheCommentsStates
+  extend ActiveSupport::Concern
+
+  included do
+    # :draft | :published | :deleted
+    state_machine :state, :initial => :draft do
+
+      # events
+      event :to_draft do
+        transition all - :draft => :draft
+      end
+
+      event :to_published do
+        transition all - :published => :published
+      end
+
+      event :to_deleted do
+        transition any - :deleted => :deleted
+      end
+
+      # transition callbacks
+      after_transition any => any do |comment|
+        @comment     = comment
+        @owner       = comment.user
+        @holder      = comment.holder
+        @commentable = comment.commentable
+      end
+
+      # between draft and published
+      after_transition [:draft, :published] => [:draft, :published] do |comment, transition|
+        from = transition.from_name
+        to   = transition.to_name
+
+        @holder.try :increment!, :"#{to}_comcoms_count"
+        @holder.try :decrement!, :"#{from}_comcoms_count"
+
+        [@owner, @commentable].each do |obj|
+          obj.try :increment!, "#{to}_comments_count"
+          obj.try :decrement!, "#{from}_comments_count"
+        end
+      end
+
+      # to deleted (cascade like query)
+      after_transition [:draft, :published] => :deleted do |comment|
+        ids = comment.self_and_descendants.map(&:id)
+        Comment.where(id: ids).update_all(state: :deleted)
+        [@holder, @owner, @commentable].each{|o| o.try :recalculate_comments_counters }
+      end
+
+      # from deleted
+      after_transition :deleted => [:draft, :published] do |comment, transition|
+        to = transition.to_name
+
+        @holder.try :decrement!, :deleted_comcoms_count
+        @holder.try :increment!, "#{to}_comcoms_count"
+
+        [@owner, @commentable].each do |obj|
+          obj.try :decrement!, :deleted_comments_count
+          obj.try :increment!, "#{to}_comments_count"
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/the_comments_user.rb

@@ -0,0 +1,25 @@
+module TheCommentsUser
+  extend ActiveSupport::Concern
+
+  included do
+    has_many :comments
+    has_many :comcoms, class_name: :Comment, foreign_key: :holder_id
+
+    def recalculate_comments_counters
+      [:comments, :comcoms].each do |name|
+        send "draft_#{name}_count=",     send(name).with_state(:draft).count
+        send "published_#{name}_count=", send(name).with_state(:published).count
+        send "deleted_#{name}_count=",   send(name).with_state(:deleted).count
+      end
+      save
+    end
+
+    def comments_sum
+      published_comments_count + draft_comments_count
+    end
+
+    def comcoms_sum
+      published_comcoms_count + draft_comcoms_count
+    end
+  end
+end

data/app/views/ip_black_lists/index.html.haml

@@ -0,0 +1,17 @@
+- unless @ip_black_lists.blank?
+  %ol.black_list
+    - @ip_black_lists.each do |black|
+      %li{ class: black.state }
+        %p
+          %b ip:
+          = black.ip
+          %b count:
+          = black.count
+          %b state:
+          %span.state= black.state
+        %p
+          %b action: 
+          = link_to :warning, ip_black_list_to_state_path(black, state: :warning), remote: true, method: :patch, class: :to_warning
+          = link_to :banned,  ip_black_list_to_state_path(black, state: :banned),  remote: true, method: :patch, class: :to_banned
+- else
+  %p= t('the_comments.item_not_found')

data/app/views/the_comments/_comment.html.haml

@@ -0,0 +1 @@
+= build_server_tree(tree, render_module: RenderCommentsTreeHelper, controller: controller)

data/app/views/the_comments/_comment_body.html.haml

@@ -0,0 +1,30 @@
+.comment
+  .commentable
+    = comment.commentable_type
+    →
+    = link_to comment.commentable_title, comment.commentable_url
+    = comment.try(:commentable_state) ? "(#{comment.try(:commentable_state)})" : nil
+  .title
+    %label from:
+    = comment.title.blank? ? t('the_comments.guest_name') : comment.title
+  .contacts
+    %label contacts:
+    = comment.contacts
+  .content
+    = comment.content
+  .params
+    %b tolerance time:
+    = comment.tolerance_time || 'none'
+    \|
+    %b ip:
+    = link_to(comment.ip, ip_black_lists_url(ip: comment.ip)) || 'none'
+    \|
+    %b UA:
+    = link_to(comment.user_agent, user_agent_black_lists_url(agent: comment.user_agent)) || 'none'
+    \|
+    %b referer:
+    = comment.referer || 'none'
+
+  .controls
+    = link_to :Edit, '#', class: :edit
+    = render partial: 'the_comments/manage_controls', locals: { comment: comment }

data/app/views/the_comments/_form.html.haml

@@ -0,0 +1,25 @@
+%h3
+  = link_to 'New Comment', '#', id: :new_root_comment
+
+= form_for Comment.new, remote: true, authenticity_token: true do |f|
+  .error_notifier{ style: "display:none" }
+  %label title:
+  %p= f.text_field :title
+
+  %label contacts:
+  %p= f.text_field :contacts
+
+  %label content*:
+  %p= f.text_area :raw_content
+
+  %p.trap
+    - TheComments.config.empty_inputs.each do |name|
+      = text_field_tag name, nil, autocomplete: :off, tabindex: -1, id: nil
+  
+  = hidden_field_tag :tolerance_time, 0, id: nil, class: :tolerance_time
+
+  = f.hidden_field :commentable_type, value: commentable.class
+  = f.hidden_field :commentable_id,   value: commentable.id
+  = f.hidden_field :parent_id, class: :parent_id
+
+  %p= f.submit 'Create Comment', class: :btn

data/app/views/the_comments/_manage_controls.html.haml

@@ -0,0 +1,4 @@
+= link_to t('the_comments.to_published'), to_published_comment_url(comment), remote: true, class: :to_published, method: :post
+= link_to t('the_comments.to_draft'),     to_draft_comment_url(comment),     remote: true, class: :to_draft,     method: :post
+= link_to t('the_comments.to_spam'),      to_spam_comment_url(comment),      remote: true, class: :to_spam,      method: :post
+= link_to t('the_comments.to_deleted'),   to_trash_comment_url(comment),     remote: true, class: :to_deleted,   method: :delete, data: { confirm: t('the_comments.delete_confirm') }