splent-feature-cloudflare 0.1.0__tar.gz

splent_feature_cloudflare-0.1.0/MANIFEST.in

@@ -0,0 +1,8 @@
+# Compiled frontend bundles
+recursive-include src/splent_io/splent_feature_cloudflare/assets/dist *.js *.css *.map
+
+# Jinja templates (feature views + hook fragments)
+recursive-include src/splent_io/splent_feature_cloudflare/templates *.html
+
+# Alembic migration config and scripts
+recursive-include src/splent_io/splent_feature_cloudflare/migrations *.py *.ini *.mako

splent_feature_cloudflare-0.1.0/PKG-INFO

@@ -0,0 +1,5 @@
+Metadata-Version: 2.4
+Name: splent_feature_cloudflare
+Version: 0.1.0
+Requires-Python: >=3.13
+Description-Content-Type: text/markdown

splent_feature_cloudflare-0.1.0/pyproject.toml

@@ -0,0 +1,52 @@
+[build-system]
+requires = ["setuptools>=80.3.1", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "splent_feature_cloudflare"
+version = "0.1.0"
+readme = "README.md"
+requires-python = ">=3.13"
+
+dependencies = [
+
+]
+
+[tool.setuptools]
+package-dir = { "" = "src" }
+include-package-data = true
+
+[tool.setuptools.packages.find]
+where = ["src"]
+exclude = ["*.tests", "*.tests.*"]
+
+[tool.splent]
+cli_version = "1.11.0"
+
+# ── Feature Contract (auto-generated) ────────────────────────────────────────
+# Do not edit manually — re-run `splent feature:contract --write` to refresh.
+[tool.splent.contract]
+description = "cloudflare feature"
+
+[tool.splent.contract.provides]
+routes     = ["/admin/captcha"]
+blueprints = []
+models     = []
+commands   = ["hello"]
+hooks      = ["layout.authenticated_sidebar"]
+services   = []
+signals    = []
+translations = []
+docker     = []
+
+[tool.splent.contract.requires]
+features = []
+env_vars = ["TURNSTILE_SECRET_KEY", "TURNSTILE_SITE_KEY"]
+signals  = ["comment-submitting", "contact-submitting"]
+
+[tool.splent.contract.extensible]
+services  = []
+templates = ["cloudflare/admin/settings.html"]
+models    = []
+hooks     = ["layout.authenticated_sidebar"]
+routes    = false

splent_feature_cloudflare-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

splent_feature_cloudflare-0.1.0/src/splent_feature_cloudflare.egg-info/PKG-INFO

@@ -0,0 +1,5 @@
+Metadata-Version: 2.4
+Name: splent_feature_cloudflare
+Version: 0.1.0
+Requires-Python: >=3.13
+Description-Content-Type: text/markdown

splent_feature_cloudflare-0.1.0/src/splent_feature_cloudflare.egg-info/SOURCES.txt

@@ -0,0 +1,14 @@
+MANIFEST.in
+pyproject.toml
+src/splent_feature_cloudflare.egg-info/PKG-INFO
+src/splent_feature_cloudflare.egg-info/SOURCES.txt
+src/splent_feature_cloudflare.egg-info/dependency_links.txt
+src/splent_feature_cloudflare.egg-info/top_level.txt
+src/splent_io/splent_feature_cloudflare/__init__.py
+src/splent_io/splent_feature_cloudflare/commands.py
+src/splent_io/splent_feature_cloudflare/config.py
+src/splent_io/splent_feature_cloudflare/hooks.py
+src/splent_io/splent_feature_cloudflare/routes.py
+src/splent_io/splent_feature_cloudflare/services.py
+src/splent_io/splent_feature_cloudflare/signals.py
+src/splent_io/splent_feature_cloudflare/templates/cloudflare/admin/settings.html

splent_feature_cloudflare-0.1.0/src/splent_feature_cloudflare.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

splent_feature_cloudflare-0.1.0/src/splent_feature_cloudflare.egg-info/top_level.txt

@@ -0,0 +1 @@
+splent_io

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/__init__.py

@@ -0,0 +1,26 @@
+from splent_framework.blueprints.base_blueprint import create_blueprint
+from splent_framework.services.service_locator import register_service, service_proxy
+
+from splent_io.splent_feature_cloudflare.services import CloudflareService
+
+cloudflare_bp = create_blueprint(__name__)
+
+
+def init_feature(app):
+    # Registered under the GENERIC "CaptchaService" name so consumers (e.g.
+    # comments) stay provider-agnostic. This is the Cloudflare Turnstile
+    # implementation of the 'captcha' alternative (recaptcha is the other).
+    register_service(app, "CaptchaService", CloudflareService)
+
+
+def inject_context_vars(app):
+    # Generic captcha helpers so templates work with any provider:
+    #   {{ captcha_script() }}  (once on the page)
+    #   {{ captcha_widget() }}  (inside the form)
+    def captcha_widget():
+        return service_proxy("CaptchaService").widget()
+
+    def captcha_script():
+        return service_proxy("CaptchaService").script_tag()
+
+    return {"captcha_widget": captcha_widget, "captcha_script": captcha_script}

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/commands.py

@@ -0,0 +1,21 @@
+"""
+CLI commands contributed by splent_feature_cloudflare.
+
+These commands are auto-discovered by the framework and exposed in the
+SPLENT CLI under the ``feature:cloudflare`` group.
+
+Usage::
+
+    splent feature:cloudflare hello
+"""
+
+import click
+
+
+@click.command("hello")
+def hello():
+    """Example command — replace with your own."""
+    click.echo("  Hello from splent_feature_cloudflare!")
+
+
+cli_commands = [hello]

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/config.py

@@ -0,0 +1,21 @@
+"""Cloudflare Turnstile configuration (a privacy-friendly anti-spam CAPTCHA).
+
+Set TURNSTILE_SITE_KEY / TURNSTILE_SECRET_KEY in the product's .env (dev/prod).
+Defaults are Cloudflare's official TEST keys (always pass), so development works
+out of the box — set real keys in production.
+"""
+
+import os
+
+# Cloudflare's documented test keys: always pass, safe for dev.
+_TEST_SITE_KEY = "1x00000000000000000000AA"
+_TEST_SECRET_KEY = "1x0000000000000000000000000000000AA"
+
+
+def inject_config(app):
+    app.config.update(
+        {
+            "TURNSTILE_SITE_KEY": os.getenv("TURNSTILE_SITE_KEY", _TEST_SITE_KEY),
+            "TURNSTILE_SECRET_KEY": os.getenv("TURNSTILE_SECRET_KEY", _TEST_SECRET_KEY),
+        }
+    )

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/hooks.py

@@ -0,0 +1,23 @@
+from flask import request, url_for
+
+from splent_framework.hooks.template_hooks import register_template_hook
+
+
+def cloudflare_admin_link():
+    """Sidebar entry for the Captcha (Cloudflare Turnstile) settings screen."""
+    active = (
+        "active"
+        if request.endpoint and request.endpoint.startswith("cloudflare.admin")
+        else ""
+    )
+    return (
+        f'<li class="sidebar-item {active}">'
+        f'<a class="sidebar-link" href="{url_for("cloudflare.admin_settings")}">'
+        '<i class="align-middle" data-feather="shield"></i> '
+        '<span class="align-middle">Captcha</span>'
+        "</a>"
+        "</li>"
+    )
+
+
+register_template_hook("layout.authenticated_sidebar", cloudflare_admin_link)

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/routes.py

@@ -0,0 +1,26 @@
+from flask import flash, redirect, render_template, request, url_for
+from flask_login import login_required
+
+from splent_io.splent_feature_cloudflare import cloudflare_bp
+from splent_framework.services.service_locator import service_proxy
+
+
+# =====================================================================
+# ADMIN — Captcha (Cloudflare Turnstile) settings
+# =====================================================================
+@cloudflare_bp.route("/admin/captcha", methods=["GET", "POST"])
+@login_required
+def admin_settings():
+    """Edit the Turnstile keys from the admin (runtime, no .env edit needed)."""
+    if request.method == "POST":
+        site_key = (request.form.get("site_key") or "").strip()
+        secret_key = (request.form.get("secret_key") or "").strip()
+        service_proxy("SettingsService").set_many(
+            {
+                "turnstile_site_key": site_key,
+                "turnstile_secret_key": secret_key,
+            }
+        )
+        flash("Captcha settings saved.", "success")
+        return redirect(url_for("cloudflare.admin_settings"))
+    return render_template("cloudflare/admin/settings.html")

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/services.py

@@ -0,0 +1,76 @@
+import requests
+from flask import current_app
+from markupsafe import Markup
+
+from splent_framework.services.service_locator import service_proxy
+
+VERIFY_URL = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+
+
+class CloudflareService:
+    """Cloudflare Turnstile — a CAPTCHA that protects forms from spam.
+
+    A utility service with no DB model. Registered under the generic
+    ``CaptchaService`` name so consumers stay provider-agnostic. Templates use
+    the captcha_widget()/captcha_script() helpers; routes call
+    ``verify(token, remoteip)`` before accepting a submission.
+
+    Keys are read from the admin-editable SettingsService first (so they can be
+    changed at runtime from the admin panel), falling back to the product's
+    config/.env (TURNSTILE_SITE_KEY / TURNSTILE_SECRET_KEY).
+    """
+
+    def _setting(self, key):
+        """Read an admin-editable setting, tolerating an absent SettingsService."""
+        try:
+            return service_proxy("SettingsService").get(key, None)
+        except Exception:
+            return None
+
+    def site_key(self):
+        return self._setting("turnstile_site_key") or current_app.config.get(
+            "TURNSTILE_SITE_KEY", ""
+        )
+
+    def secret_key(self):
+        return self._setting("turnstile_secret_key") or current_app.config.get(
+            "TURNSTILE_SECRET_KEY", ""
+        )
+
+    def enabled(self):
+        return bool(self.site_key())
+
+    def widget(self):
+        """The Turnstile widget markup to drop inside a form."""
+        key = self.site_key()
+        if not key:
+            return Markup("")
+        return Markup(f'<div class="cf-turnstile" data-sitekey="{key}"></div>')
+
+    def script_tag(self):
+        """The Turnstile JS, to include once on a page that renders the widget."""
+        if not self.enabled():
+            return Markup("")
+        return Markup(
+            '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js"'
+            " async defer></script>"
+        )
+
+    def verify(self, token, remoteip=None):
+        """Validate a Turnstile token with Cloudflare. Returns True/False.
+
+        If no secret is configured, returns True (does not block submissions).
+        """
+        secret = self.secret_key()
+        if not secret:
+            return True
+        if not token:
+            return False
+        try:
+            data = {"secret": secret, "response": token}
+            if remoteip:
+                data["remoteip"] = remoteip
+            resp = requests.post(VERIFY_URL, data=data, timeout=10)
+            return bool(resp.json().get("success"))
+        except Exception:
+            return False

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/signals.py

@@ -0,0 +1,24 @@
+"""Anti-spam: validate submitted comments with Cloudflare Turnstile.
+
+Listens to the comments feature's ``comment-submitting`` signal. There is NO
+hard dependency on comments — if comments isn't installed the signal is never
+defined and this handler is simply skipped.
+"""
+
+from splent_framework.signals.signal_utils import connect_signal
+
+
+@connect_signal("comment-submitting", "splent_feature_cloudflare")
+def validate_turnstile(sender, form=None, remoteip=None, **kwargs):
+    from splent_io.splent_feature_cloudflare.services import CloudflareService
+
+    token = form.get("cf-turnstile-response") if form else None
+    return CloudflareService().verify(token, remoteip)
+
+
+@connect_signal("contact-submitting", "splent_feature_cloudflare")
+def validate_turnstile_contact(sender, form=None, remoteip=None, **kwargs):
+    from splent_io.splent_feature_cloudflare.services import CloudflareService
+
+    token = form.get("cf-turnstile-response") if form else None
+    return CloudflareService().verify(token, remoteip)

splent_feature_cloudflare-0.1.0/src/splent_io/splent_feature_cloudflare/templates/cloudflare/admin/settings.html

@@ -0,0 +1,45 @@
+{% extends "base_template.html" %}
+
+{% block title %}Captcha{% endblock %}
+
+{% block content %}
+<div class="d-flex flex-column align-items-start gap-2 mb-4">
+    <div>
+        <h1 class="h3 mb-0">Captcha — Cloudflare Turnstile</h1>
+        <p class="text-muted mb-0">Keys used to protect forms from spam. Editable here, no .env edit needed.</p>
+    </div>
+</div>
+
+{% with messages = get_flashed_messages(with_categories=true) %}
+    {% for category, message in messages %}
+        <div class="alert alert-{{ 'danger' if category == 'danger' else 'success' }} py-2">{{ message }}</div>
+    {% endfor %}
+{% endwith %}
+
+<form method="POST" class="card">
+    <div class="card-body">
+        <div class="row g-3">
+            <div class="col-12">
+                <label class="form-label" for="site_key">Site key</label>
+                <input id="site_key" name="site_key" class="form-control" value="{{ setting('turnstile_site_key', '') }}" placeholder="1x00000000000000000000AA">
+                <div class="form-text">Public key, rendered in the page next to the widget.</div>
+            </div>
+            <div class="col-12">
+                <label class="form-label" for="secret_key">Secret key</label>
+                <input id="secret_key" name="secret_key" type="password" class="form-control" value="{{ setting('turnstile_secret_key', '') }}" placeholder="1x0000000000000000000000000000000AA">
+                <div class="form-text">Private key, used server-side to verify submissions. Keep it secret.</div>
+            </div>
+            <div class="col-12">
+                <div class="alert alert-info mb-0 py-2">
+                    Cloudflare's official <strong>test keys</strong> are used by default, so development works out of the box (they always pass).
+                    Get real keys for production from your
+                    <a href="https://dash.cloudflare.com/?to=/:account/turnstile" target="_blank" rel="noopener">Cloudflare Turnstile dashboard</a>.
+                </div>
+            </div>
+        </div>
+    </div>
+    <div class="card-footer text-end">
+        <button class="btn btn-primary" type="submit">Save</button>
+    </div>
+</form>
+{% endblock %}