the_comments_ruby 2.3.3

data/app/assets/stylesheets/the_comments.css.scss

@@ -0,0 +1,248 @@
+.comments_tree, .comments_list{
+  font-family: Arial;
+
+  margin:0;
+  padding:0;
+  margin-bottom: 30px;
+
+  *{ margin: 0; padding: 0; font-size: inherit; }
+
+  a{ text-decoration: none; }
+  a:hover{ text-decoration: underline; }
+
+  ol{
+    margin: 0;
+    padding: 0 0 0 20px;
+    list-style: none outside none;
+  }
+  li{
+    margin-bottom: 5px;
+    position: relative;
+    list-style: none outside none;
+  }
+}
+
+.action_btns a{ margin-right: 15px; }
+
+.comments, .comments_tree{
+  font-family: Arial;
+  font-size: 13px;
+
+  h3{ font-size: 1.6em; }
+
+  .error_notifier{
+    background-color: #F2DEDE;
+    border: 1px solid #B94A48;
+    color: #B94A48;
+
+    border-radius: 4px;
+    margin: 0 0 15px 0;
+    padding: 10px 10px 0 10px;
+    overflow: hidden;
+
+    p{ margin: 0 0 10px 0; }
+  }
+  form{
+
+    background: #e0e4f5;
+
+    border: 1px solid #c6cff5;
+    border-radius: 5px;
+    padding: 10px;
+
+    p{ margin: 0 0 10px 0; }
+
+    input[type=text]{
+      border: 1px solid gray;
+      padding: 4px;
+      width: 75%;
+    }
+    label{ font-size: 15px; }
+    textarea{
+      border: 1px solid gray;
+      font-family: Arial;
+      font-size: 13px;
+      height: 150px;
+      padding: 4px;
+      width: 75%;
+    }
+    .trap{
+      margin: 0; padding: 0;
+      filter: alpha(opacity=0.001);
+      height: 0.1px;
+      opacity: 0.001;
+      overflow: hidden;
+    }
+  }
+}
+
+.comments_tree{
+  .nested_set{
+    border-left: 1px dotted lightGray;
+  }
+
+  li{
+    .comment.draft{
+      border: 1px solid gray;
+      background: #eff5f3;
+      padding: 10px;
+    }
+  }
+
+  .form_holder{ margin-left: 40px; }
+
+  .edit, .delete{
+    margin-bottom: 3px;
+    text-align:center;
+    line-height: 130%;
+    background: #336;
+    color: white;
+    padding: 1px;
+  }
+  .delete{ background: gray; }
+
+  .comment{
+    overflow: hidden; zoom: 1;
+
+    .userpic{
+      overflow: hidden; zoom: 1;
+      float: left;
+      width: 50px;
+
+      img{ margin-bottom: 10px; width: 42px; height: 42px; }
+    }
+    .userbar, .cbody{
+      margin: 0 0 5px 55px;
+      padding: 3px;
+    }
+    .userbar{
+      background: #eff5f3;
+      border-radius: 3px;
+      padding-left: 7px;
+    }
+    &.draft{
+      .userbar{ background: #ffa768; }
+      .to_draft{ display: none; }
+    }
+    &.published{
+      .to_published{ display: none; }
+    }
+    .cbody{
+      font-size: 15px;
+      border-bottom: 1px solid #eee;
+      padding-bottom: 10px;
+      line-height: 135%;
+      margin-bottom: 3px;
+      overflow: hidden;
+    }
+    .reply{
+      margin: 0 0 5px 55px;
+      font-size: 12px;
+    }
+  }
+
+  .controls{
+    position: absolute;
+    top: 53px; left: 5px;
+
+    a{
+      font-size:11px;
+      display:block;
+    }
+  }
+
+  .comment{
+    margin-bottom: 10px;
+
+    &.published, &.draft{
+      margin-bottom: 10px;
+      border-radius: 3px;
+      padding: 5px;
+    }
+    &.highlighted{ border: 1px dashed #ff6633 !important; }
+
+  }
+
+  .form_holder{
+    form{ margin: 10px 0; }
+  }
+}
+
+.new_comment{
+  .btn{
+    padding: 7px;
+    margin-top: 5px;
+    cursor: pointer;
+  }
+}
+
+.comments_list{
+  li{
+    margin-bottom: 20px;
+
+    .item{
+      border: 1px solid gray;
+      border-radius: 5px;
+      padding: 10px;
+    }
+
+    .draft{
+      border-left: 5px solid orange;
+
+      .controls{
+        a.to_draft{ display: none }
+      }
+    }
+    .published{
+      border-left: 5px solid green;
+
+      .controls{
+        a.to_published{ display: none; }
+      }
+    }
+
+    .deleted{
+      border-left: 5px solid red;
+
+      .controls{
+        a.to_deleted, a.to_spam{ display: none; }
+      }
+    }
+
+    .comment{
+      div{ margin: 0 0 10px 0; }
+
+      label{
+        width: 75px;
+        font-weight: bold;
+        display: inline-block;
+      }
+      input[type=text]{
+        width: 70%;
+        padding: 4px;
+      }
+      input[type=submit]{
+        padding: 5px;
+        cursor: pointer;
+      }
+      textarea{
+        width: 70%;
+        padding: 4px;
+        height: 150px;
+      }
+      .content{
+        line-height: 130%;
+        background: #ddd;
+        padding: 10px;
+      }
+      .commentable{
+        margin-bottom: 10px;
+      }
+      .controls{
+        background: lightgray;
+        padding: 3px;
+        a{ margin-right: 15px; }
+      }
+    }
+  }
+}

data/app/controllers/_templates_/comments_controller.rb

@@ -0,0 +1,44 @@
+class CommentsController < ApplicationController
+  # layout 'admin'
+
+  # Define your restrict methods and use them like this:
+  #
+  # before_action :user_required,  except: %w[index create]
+  # before_action :owner_required, except: %w[index create]
+  # before_action :admin_required, only:   %w[total_draft total_published total_deleted total_spam]
+  
+  include TheComments::Controller
+
+  # >>> include TheComments::Controller <<<
+  # (!) Almost all methods based on *current_user* method
+  #
+  # 1. Controller's public methods list:
+  # You can redifine it for your purposes
+  # public
+  # %w[ manage index create edit update ]
+  # %w[ my_comments my_draft my_published ]
+  # %w[ draft published deleted spam ]
+  # %w[ to_draft to_published to_deleted to_spam ]
+  # %w[ total_draft total_published total_deleted total_spam ]
+  #
+  #
+  # 2. Controller's private methods list:
+  # You can redifine it for your purposes
+  #
+  # private
+  # %w[ comment_template comment_partial ]
+  # %w[ denormalized_fields request_data_for_comment define_commentable ]
+  # %w[ comment_params patch_comment_params ]
+  # %w[ ajax_requests_required cookies_required ]
+  # %w[ empty_trap_required tolerance_time_required ]
+
+  # KAMINARI pagination:
+  # following methods based on gem "kaminari"
+  # You should redefine them if you use something else
+  #
+  # public
+  # %w[ manage index edit ]
+  # %w[ draft published deleted spam ]
+  # %w[ my_comments my_draft my_published ]
+  # %w[ total_draft total_published total_deleted total_spam ]
+end

data/app/controllers/concerns/the_comments/controller.rb

@@ -0,0 +1,197 @@
+module TheComments
+  # Base functionality of Comments Controller
+  # class CommentsController < ApplicationController
+  #   include TheComments::Controller
+  # end
+  module Controller
+    extend ActiveSupport::Concern
+
+    included do
+      include TheComments::ViewToken
+
+      # Attention! We should not set TheComments cookie before create
+      skip_before_action :set_the_comments_cookies, only: [:create]
+
+      # Spam protection
+      before_action -> { @errors = [] }, only: [:create]
+
+      before_action :ajax_requests_required,  only: [:create]
+      before_action :cookies_required,        only: [:create]
+
+      before_action :empty_trap_required,     only: [:create], if: -> { TheComments.config.empty_trap_protection }
+      before_action :tolerance_time_required, only: [:create], if: -> { TheComments.config.tolerance_time_protection }
+
+      # preparation
+      before_action :define_commentable, only: [:create]
+
+      # raise an errors
+      before_action -> { return render(json: { errors: @errors }) unless @errors.blank? }, only: [:create]
+    end
+
+    # App side methods (you can overwrite them)
+
+    def manage
+      @comments = current_user.comcoms.with_users.active.recent.page(params[:page])
+      render comment_template(:manage)
+    end
+
+    def my_comments
+      @comments = current_user.my_comments.with_users.active.recent.page(params[:page])
+      render comment_template(:manage)
+    end
+
+    # Methods based on *current_user* helper
+    # Methods for admin
+    %w[draft published deleted].each do |state|
+      define_method "#{state}" do
+        @comments = current_user.comcoms.with_users.with_state(state).recent.page(params[:page])
+        render comment_template(:manage)
+      end
+
+      define_method "total_#{state}" do
+        @comments = ::Comment.with_state(state).with_users.recent.page(params[:page])
+        render comment_template(:manage)
+      end
+
+      define_method "my_#{state}" do
+        @comments = current_user.my_comments.with_users.with_state(state).recent.page(params[:page])
+        render comment_template(:manage)
+      end
+    end
+
+    def spam
+      @comments = current_user.comcoms.with_users.where(spam: true).recent.page(params[:page])
+      render comment_template(:manage)
+    end
+
+    def my_spam
+      @comments = current_user.my_comments.with_users.where(spam: true).recent.page(params[:page])
+      render comment_template(:manage)
+    end
+
+    def total_spam
+      @comments = ::Comment.where(spam: true).with_users.recent.page(params[:page])
+      render comment_template(:manage)
+    end
+
+    # BASE METHODS
+
+    # Public methods
+
+    def create
+      @comment = @commentable.comments.new comment_params
+      if @comment.valid?
+        @comment.save
+        return render layout: false, partial: comment_partial(:comment), locals: { tree: @comment }
+      end
+      render json: { errors: @comment.errors }
+    end
+
+    # Restricted area
+
+    def edit
+      @comments = current_user.comcoms.where(id: params[:id]).page(params[:page])
+      render comment_template(:manage)
+    end
+
+    def update
+      comment = ::Comment.find(params[:id])
+      comment.update_attributes!(patch_comment_params)
+      render(layout: false, partial: comment_partial(:comment_body), locals: { comment: comment })
+    end
+
+    %w[draft published deleted].each do |state|
+      define_method "to_#{state}" do
+        ::Comment.find(params[:id]).try "to_#{state}"
+        render nothing: true
+      end
+    end
+
+    def to_spam
+      comment = ::Comment.find(params[:id])
+      comment.to_spam
+      comment.to_deleted
+      render nothing: true
+    end
+
+    private
+
+    def comment_template template
+      { template: "the_comments/#{TheComments.config.template_engine}/#{template}" }
+    end
+
+    def comment_partial partial
+      "the_comments/#{TheComments.config.template_engine}/#{partial}"
+    end
+
+    def denormalized_fields
+      title = @commentable.commentable_title
+      url   = @commentable.commentable_url
+      @commentable ? { commentable_title: title, commentable_url: url } : {}
+    end
+
+    def request_data_for_comment
+      r = request
+      { ip: r.ip, referer: CGI::unescape(r.referer  || 'direct_visit'), user_agent: r.user_agent }
+    end
+
+    def define_commentable
+      commentable_klass = params[:comment][:commentable_type].constantize
+      commentable_id    = params[:comment][:commentable_id]
+
+      @commentable = commentable_klass.find(commentable_id)
+      return render(json: { errors: [t('the_comments.undefined_commentable')] }) unless @commentable
+    end
+
+    def comment_params
+      params
+        .require(:comment)
+        .permit(:title, :contacts, :raw_content, :parent_id)
+        .merge(denormalized_fields)
+        .merge(request_data_for_comment)
+        .merge(tolerance_time: params[:tolerance_time].to_i)
+        .merge(user: current_user, view_token: comments_view_token)
+    end
+
+    def patch_comment_params
+      params
+        .require(:comment)
+        .permit(:title, :contacts, :raw_content, :parent_id)
+    end
+
+    # Protection hooks
+    def ajax_requests_required
+      unless request.xhr?
+        return render(text: t('the_comments.ajax_requests_required'))
+      end
+    end
+
+    def cookies_required
+      if cookies[:the_comment_cookies] != TheComments::COMMENTS_COOKIES_TOKEN
+        @errors << [t('the_comments.cookies'), t('the_comments.cookies_required')].join(': ')
+      end
+    end
+
+    # TODO:
+    # 1) inject ?
+    # 2) fields can be removed on client side
+    def empty_trap_required
+      is_human = true
+      params.slice(*TheComments.config.empty_inputs).values.each{|v| is_human = (is_human && v.blank?) }
+
+      if !is_human
+        @errors << [t('the_comments.trap'), t('the_comments.trap_message')].join(': ')
+      end
+    end
+
+    def tolerance_time_required
+      this_time = params[:tolerance_time].to_i
+      min_time  = TheComments.config.tolerance_time.to_i
+
+      if this_time < min_time
+        tdiff   = min_time - this_time
+        @errors << [t('the_comments.tolerance_time'), t('the_comments.tolerance_time_message', time: tdiff )].join(': ')
+      end
+    end
+  end
+end

data/app/controllers/concerns/the_comments/view_token.rb

@@ -0,0 +1,20 @@
+module TheComments
+  # Cookies and View token for spam protection
+  # include TheComments::ViewToken
+  module ViewToken
+    extend ActiveSupport::Concern
+
+    included { before_action :set_the_comments_cookies }
+
+    def comments_view_token
+      cookies[:comments_view_token]
+    end
+
+    private
+
+    def set_the_comments_cookies
+      cookies[:the_comment_cookies] = { value: TheComments::COMMENTS_COOKIES_TOKEN, expires: 1.year.from_now }
+      cookies[:comments_view_token] = { value: SecureRandom.hex, expires: 7.days.from_now } unless cookies[:comments_view_token]
+    end
+  end
+end

data/app/helpers/render_comments_tree_helper.rb

@@ -0,0 +1,111 @@
+# coding: UTF-8
+# DOC:
+# We use Helper Methods for tree building,
+# because it's faster than View Templates and Partials
+
+# SECURITY note
+# Prepare your data on server side for rendering
+# or use h.html_escape(node.content)
+# for escape potentially dangerous content
+module RenderCommentsTreeHelper
+  module Render 
+    class << self
+      attr_accessor :h, :options
+
+      # Main Helpers
+      def controller
+        @options[:controller]
+      end
+
+      def t str
+        controller.t str
+      end
+
+      # Render Helpers
+      def visible_draft?
+        controller.try(:comments_view_token) == @comment.view_token
+      end
+
+      def moderator?
+        controller.try(:current_user).try(:comments_moderator?, @comment)
+      end
+
+      # Render Methods
+      def render_node(h, options)
+        @h, @options = h, options
+        @comment     = options[:node]
+
+        @max_reply_depth = options[:max_reply_depth] || TheComments.config.max_reply_depth
+
+        if @comment.draft?
+          draft_comment
+        else @comment.published?
+          published_comment
+        end
+      end
+
+      def draft_comment
+        if visible_draft? || moderator?
+          published_comment
+        else
+          "<li class='draft'>
+            <div class='comment draft' id='comment_#{@comment.anchor}'>
+              #{ t('the_comments.waiting_for_moderation') }
+              #{ h.link_to '#', '#comment_' + @comment.anchor }
+            </div>
+            #{ children }
+          </li>"
+        end
+      end
+
+      def published_comment
+        "<li>
+          <div id='comment_#{@comment.anchor}' class='comment #{@comment.state}' data-comment-id='#{@comment.to_param}'>
+            <div>
+              #{ avatar }
+              #{ userbar }
+              <div class='cbody'>#{ @comment.content }</div>
+              #{ reply }
+            </div>
+          </div>
+
+          <div class='form_holder'></div>
+          #{ children }
+        </li>"
+      end
+
+      def avatar
+        "<div class='userpic'>
+          <img src='#{ @comment.avatar_url }' alt='userpic' />
+          #{ controls }
+        </div>"
+      end
+
+      def userbar
+        anchor = h.link_to('#', '#comment_' + @comment.anchor)
+        title  = @comment.title.blank? ? t('the_comments.guest_name') : @comment.title
+        "<div class='userbar'>#{ title } #{ anchor }</div>"
+      end
+
+      def moderator_controls
+        if moderator?
+          h.link_to(t('the_comments.edit'), h.edit_comment_url(@comment), class: :edit)
+        end
+      end
+
+      def reply
+        if @comment.depth < (@max_reply_depth - 1)
+          "<p class='reply'><a href='#' class='reply_link'>#{ t('the_comments.reply') }</a>"
+        end
+      end
+
+      def controls
+        "<div class='controls'>#{ moderator_controls }</div>"
+      end
+
+      def children
+        "<ol class='nested_set'>#{ options[:children] }</ol>"
+      end
+    end
+  end
+end

data/app/models/_templates_/comment.rb

@@ -0,0 +1,38 @@
+class Comment < ActiveRecord::Base
+  include TheComments::Comment
+  # ---------------------------------------------------
+  # Define comment's avatar url
+  # Usually we use Comment#user (owner of comment) to define avatar
+  # @blog.comments.includes(:user) <= use includes(:user) to decrease queries count
+  # comment#user.avatar_url
+  # ---------------------------------------------------
+
+  # public
+  # ---------------------------------------------------
+  # Simple way to define avatar url
+  #
+  # def avatar_url
+  #   src = id.to_s
+  #   src = title unless title.blank?
+  #   src = contacts if !contacts.blank? && /@/ =~ contacts
+  #   hash = Digest::MD5.hexdigest(src)
+  #   "https://2.gravatar.com/avatar/#{hash}?s=42&d=https://identicons.github.com/#{hash}.png"
+  # end
+  # ---------------------------------------------------
+
+  # private
+  # ---------------------------------------------------
+  # Define your content filters
+  # gem 'RedCloth'
+  # gem 'sanitize'
+  # gem 'MySmilesProcessor'
+  #
+  # def prepare_content
+  #   text = self.raw_content
+  #   text = RedCloth.new(text).to_html
+  #   text = MySmilesProcessor.new(text)
+  #   text = Sanitize.clean(text, Sanitize::Config::RELAXED)
+  #   self.content = text
+  # end
+  # ---------------------------------------------------
+end