delete comments via mail

isso/__init__.py

@@ -63,6 +63,7 @@ rules = Map([
 
     Rule('/', methods=['GET'], endpoint=views.comment.fetch),
     Rule('/count', methods=['GET'], endpoint=views.comment.count),
+    Rule('/delete/<string:auth>', endpoint=views.comment.delete),
     Rule('/activate/<string:auth>', endpoint=views.comment.activate),
     Rule('/admin/', endpoint=views.admin.index),
 

isso/notify.py

@@ -1,11 +1,13 @@
 # -*- encoding: utf-8 -*-
 
+from __future__ import unicode_literals
+
 from smtplib import SMTP, SMTP_SSL
 from email.header import Header
 from email.mime.text import MIMEText
 
 
-def format(comment, permalink, remote_addr, activation_key=None):
+def format(comment, permalink, remote_addr, deletion_key, activation_key=None):
 
     rv = []
     rv.append("%s schrieb:" % (comment["author"] or "Jemand"))
@@ -19,8 +21,11 @@ def format(comment, permalink, remote_addr, activation_key=None):
     rv.append("IP Adresse: %s" % remote_addr)
     rv.append("Link zum Kommentar: %s" % permalink)
 
+    rv.append("")
+    rv.append("---")
+    rv.append("Kommentar löschen: %s" % deletion_key)
+
     if activation_key:
-        rv.append("")
         rv.append("Kommentar freischalten: %s" % activation_key)
 
     return u'\n'.join(rv)

isso/views/comment.py

@@ -86,12 +86,15 @@ def new(app, environ, request, uri):
 
     host = app.conf.get('general', 'host').rstrip("/")
     href = host + uri + "#isso-%i" % rv["id"]
-    auth = None
+
+    deletion = host + environ["SCRIPT_NAME"] + "/delete/" + app.sign(str(rv["id"]))
+    activation = None
 
     if app.conf.getboolean('general', 'moderated'):
-        auth = host + environ["SCRIPT_NAME"] + "/activate/" + app.sign(str(rv["id"]))
+        activation = host + environ["SCRIPT_NAME"] + "/activate/" + app.sign(str(rv["id"]))
 
-    app.notify(title, notify.format(rv, href, utils.anonymize(str(request.remote_addr)), auth))
+    app.notify(title, notify.format(rv, href, utils.anonymize(str(request.remote_addr)),
+                                    activation_key=activation, deletion_key=deletion))
 
     # save checksum of text into cookie, so mallory can't modify/delete a comment, if
     # he add a comment, then removed it but not the signed cookie.
@@ -234,6 +237,18 @@ def activate(app, environ, request, auth):
 
     return Response("Yo", 200)
 
+def delete(app, environ, request, auth):
+
+    try:
+        id = app.unsign(auth, max_age=2**32)
+    except (BadSignature, SignatureExpired):
+        abort(403)
+
+    with app.lock:
+        app.db.comments.delete(id)
+
+    return Response("%s successfully removed" % id)
+
 
 def checkip(app, env, req):
     return Response(utils.anonymize(str(req.remote_addr)), 200)