arno/isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

delete comments via mail

Browse Source
This commit is contained in:
Martin Zimmermann 2013-10-21 17:40:03 +02:00
parent f6e190d341
commit 4f5b247ed1
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
isso/__init__.py
View File

@ -63,6 +63,7 @@ rules = Map([
Rule('/', methods=['GET'], endpoint=views.comment.fetch),
Rule('/count', methods=['GET'], endpoint=views.comment.count),
Rule('/delete/<string:auth>', endpoint=views.comment.delete),
Rule('/activate/<string:auth>', endpoint=views.comment.activate),
Rule('/admin/', endpoint=views.admin.index),

9
isso/notify.py
View File

@ -1,11 +1,13 @@
# -*- encoding: utf-8 -*-
from __future__ import unicode_literals
from smtplib import SMTP, SMTP_SSL
from email.header import Header
from email.mime.text import MIMEText
def format(comment, permalink, remote_addr, activation_key=None):
def format(comment, permalink, remote_addr, deletion_key, activation_key=None):
rv = []
rv.append("%s schrieb:" % (comment["author"] or "Jemand"))
@ -19,8 +21,11 @@ def format(comment, permalink, remote_addr, activation_key=None):
rv.append("IP Adresse: %s" % remote_addr)
rv.append("Link zum Kommentar: %s" % permalink)
rv.append("")
rv.append("---")
rv.append("Kommentar löschen: %s" % deletion_key)
if activation_key:
rv.append("")
rv.append("Kommentar freischalten: %s" % activation_key)
return u'\n'.join(rv)

21
isso/views/comment.py
View File

@ -86,12 +86,15 @@ def new(app, environ, request, uri):
host = app.conf.get('general', 'host').rstrip("/")
href = host + uri + "#isso-%i" % rv["id"]
auth = None
deletion = host + environ["SCRIPT_NAME"] + "/delete/" + app.sign(str(rv["id"]))
activation = None
if app.conf.getboolean('general', 'moderated'):
auth = host + environ["SCRIPT_NAME"] + "/activate/" + app.sign(str(rv["id"]))
activation = host + environ["SCRIPT_NAME"] + "/activate/" + app.sign(str(rv["id"]))
app.notify(title, notify.format(rv, href, utils.anonymize(str(request.remote_addr)), auth))
app.notify(title, notify.format(rv, href, utils.anonymize(str(request.remote_addr)),
activation_key=activation, deletion_key=deletion))
# save checksum of text into cookie, so mallory can't modify/delete a comment, if
# he add a comment, then removed it but not the signed cookie.
@ -234,6 +237,18 @@ def activate(app, environ, request, auth):
return Response("Yo", 200)
def delete(app, environ, request, auth):
try:
id = app.unsign(auth, max_age=2**32)
except (BadSignature, SignatureExpired):
abort(403)
with app.lock:
app.db.comments.delete(id)
return Response("%s successfully removed" % id)
def checkip(app, env, req):
return Response(utils.anonymize(str(req.remote_addr)), 200)