Commit Graph

693 Commits

Author SHA1 Message Date
Martin Zimmermann
14fac577df fix syntax 2014-05-27 14:27:35 +02:00
Martin Zimmermann
16663d44f8 hide avatar during editing 2014-05-27 14:27:19 +02:00
Martin Zimmermann
0211322915 remove avatar preview in postbox 2014-05-27 13:56:03 +02:00
Martin Zimmermann
7474be12f0 Merge branch 'add-website-field' 2014-05-27 13:44:45 +02:00
Martin Zimmermann
77d40a99eb border-radius only for first and last input 2014-05-27 13:42:07 +02:00
Martin Zimmermann
065460d78a add tests for website validation 2014-05-27 13:33:29 +02:00
Martin Zimmermann
5b0ce6471a add website input 2014-05-27 13:33:16 +02:00
Martin Zimmermann
fd8465eb1c warn about incorrect notification backends, fix #95
SMTP is now also recognized as `smtp`backend. You may use multiple
notification backends (separated by comma). Defaults to `stdout`.
2014-05-27 12:18:40 +02:00
Martin Zimmermann
b60dbd3e42 remove old template 'struct' 2014-05-26 15:50:45 +02:00
Martin Zimmermann
608119e8ce add r.js build optimization for jade plugin 2014-05-26 15:47:09 +02:00
Martin Zimmermann
ccf59fba2a initial support for jade
Replace Markup.js with Jade [1] for real templating (like expression
evaluation and sane syntax). Jade compiles directly to JavaScript which
makes it possible to only have Jade as build dependency with a tiny
runtime wrapper for the client (around 40% of Markup.js's size).

Templates are rewritten for Jade but do not use all features from Jade
(such as filters, mixins and includes) for now.

A simple requirejs-jade wrapper to compile Jade during runtime is
already included.

i18n
----

I also rewrote the i18n module and moved translation and pluralization
functions back into the module, thus decoupling it from the previous
markup language. The module now exposes:

  * i18n.translate(msgid) -> string
  * i18n.pluralize(msgid, n) -> string

I18n depends on app/config and thus has access to the user's prefered
language and exposes both function with `i18n.lang` already set. If the
msgid was not found, it returns "???" (like Markup.js).

The pluralization function replaces `{{ n }}` with the function argument
just like with Markup.js (to keep the diffs clean).

[1] http://jade-lang.com/
2014-05-25 23:46:26 +02:00
Martin Zimmermann
7c3bd52821 stub requirejs-text to save ~5kb 2014-05-25 14:59:09 +02:00
Martin Zimmermann
fcc4cd63b4 fix #93 2014-05-24 10:34:46 +02:00
Schoewilliam
dd14bb91db #49 : Comments thread and submission form now support data-isso-avatar="false" 2014-05-22 20:06:31 +04:00
Martin Zimmermann
4f98bca202 hide avatars with data-isso-avatar="false", part of #49 2014-05-21 20:38:29 +02:00
Schoewilliam
34a50910f2 Tweaking the submission form — making it responsive 2014-05-21 21:26:21 +04:00
Schoewilliam
c2dd9d3bb5 getting rid of SCSS 2014-05-21 18:19:11 +04:00
Martin Zimmermann
fb182ae93f Merge branch 'pr-83', closes #83 2014-05-17 11:07:51 +02:00
Martin Zimmermann
e6fdfb03eb do not limit From: field to email address-only, closes #87
You may now set a full From header, e.g.:

    [smtp]
    from = Foo Bar <spam@local>

If not, the old name "Ich schrei sonst!" is used.
2014-05-15 10:59:39 +02:00
Martin Zimmermann
5c91a84951 fix uWSGI spooling for Python3 2014-05-15 10:41:33 +02:00
Martin Zimmermann
d5e5e9c7e2 use numerical values in default configuration to match user-provided values 2014-05-03 12:00:46 +02:00
Martin Zimmermann
ed810cdf39 fetch all nested comments when set to 'inf' 2014-05-03 12:00:17 +02:00
Martin Zimmermann
324326c2ba translate Hidden to german and french 2014-05-03 11:58:09 +02:00
Martin Zimmermann
f3a7f65687 remove keyworded function arguments and fix JS hints 2014-05-03 11:23:15 +02:00
Martin Zimmermann
59bfde7c03 idiomatic python
* make "process_fetched_list" private
* rename fetch_args to args
* a few logic simplifications
2014-05-03 11:23:12 +02:00
Martin Zimmermann
123ea26ca9 handle WP's query-string "pages" and variable WXR namespaces
Site links such as /?p=1234 are imported *as is* and maybe do work in
Isso. Do not use a query-based URL structure as permalinks. Ever.

Also, depending on the pages you are going to export, WXR' XML namespace
may change from ../export/1.0/ to ../export/1.2/. Isso tries to import
any WXR 1.x
2014-05-03 00:16:54 +02:00
Srijan Choudhary
26d26ae71b Add i18n for "Hidden" 2014-05-03 01:37:28 +05:30
Srijan Choudhary
8879db59b8 Show all comments if limit/nested_limit set as inf 2014-05-03 01:17:11 +05:30
Srijan Choudhary
baef73f1e8 Change default values of config params 2014-05-03 01:16:47 +05:30
Srijan Choudhary
ab927e39d0 Add a reveal on click parameter 2014-05-03 01:16:03 +05:30
Srijan Choudhary
2e2fba89a6 Add some tests 2014-05-03 01:14:33 +05:30
Srijan Choudhary
abc0eaaf1d Handle limit/nested_limit zero
This returns zero comments now
2014-05-03 01:14:23 +05:30
Martin Zimmermann
346b60a9b3 disqus import imports anonymized IP address now 2014-05-02 11:43:13 +02:00
Martin Zimmermann
39101c2ac7 Disqus import uses Progressbar class as well 2014-05-02 11:40:16 +02:00
Martin Zimmermann
12f8af8434 add initial support to import WordPress comments 2014-04-30 18:57:17 +02:00
Martin Zimmermann
0154113c80 replace assert with assertEqual 2014-04-30 15:24:58 +02:00
Martin Zimmermann
910da2a6c0 refactor disqus migration code into a class 2014-04-30 15:07:11 +02:00
Srijan Choudhary
54b156844b Add max-comments limit for nested replies 2014-04-27 11:44:18 +05:30
Srijan Choudhary
f5da45e525 Correct total comments count 2014-04-26 22:54:55 +05:30
Srijan Choudhary
76d5dbc97f Take max comments to load from config.js 2014-04-25 01:07:40 +05:30
Srijan Choudhary
8dbf4d5337 Client side changes for new API
* Handle hierarchal comments data format
* New comments fetching parameters: limit, parent, after
* Link to load more comments
2014-04-25 00:09:48 +05:30
Srijan Choudhary
a5d8a0cfe1 Change in API: hidden_replies field instead of passed_replies 2014-04-25 00:09:48 +05:30
Srijan Choudhary
3c3e83b05c Bug in API: Reply count should also filter by the after value passed 2014-04-25 00:09:48 +05:30
Srijan Choudhary
8fdceeaafb Handle edge cases occuring in tests 2014-04-25 00:09:48 +05:30
Srijan Choudhary
71024cea70 API update - new comments format 2014-04-25 00:09:48 +05:30
Martin Zimmermann
a753efe42d add doctype and charset 2014-04-24 17:38:53 +02:00
Srijan Choudhary
cb0acc5ac0 Add a basic demo page 2014-04-24 01:22:30 +05:30
Martin Zimmermann
b9102b44e2 fix russian translation for "Anonymous" 2014-04-23 10:23:55 +02:00
Martin Zimmermann
344f94e5a0 rm forward (reference) arrow 2014-04-21 10:27:37 +02:00
Martin Zimmermann
1e5878bec3 auto-correct wrong/invalid parent to max nesting level of 1 2014-04-21 10:23:45 +02:00
Martin Zimmermann
ce14726f2f set parent to null if parent is not top-level comment 2014-04-20 18:24:00 +02:00
Martin Zimmermann
24adafa25b increase db version after migration 2014-04-20 16:38:13 +02:00
Martin Zimmermann
9ee0a1a2eb reply to comment now nests to max. level of 1, part of #79 2014-04-20 16:30:18 +02:00
Martin Zimmermann
5d2daa1244 add db migration, part of #79 2014-04-20 15:39:43 +02:00
Martin Zimmermann
f09b6b9bdb preserve line breaks when editing comments, finally closes #77 2014-04-09 10:34:13 +02:00
Martin Zimmermann
5ab3a7bed4 remove white-space: pre, closes #77 2014-03-29 18:47:02 +01:00
Martin Zimmermann
765a91fefb return first item of [general] -> host if origin is hidden
A minor regression introduced by the latest refactorings. A functional
test is now included. Only affects Firefox users that use non-SSL and
supress their HTTP Referer completely
2014-03-29 12:58:08 +01:00
Martin Zimmermann
c4430c857c add test for database migration 2014-03-28 13:20:43 +01:00
Martin Zimmermann
0233619d35 mv specs/ to tests/ 2014-03-28 12:20:37 +01:00
Martin Zimmermann
fb68f9a820 adjust coverage generation a bit 2014-03-28 12:18:44 +01:00
Martin Zimmermann
5166e69265 remove doctest-ignore-unicode dependency 2014-03-28 12:09:14 +01:00
Martin Zimmermann
4fa0f0d8ea fix server time offset calculation for IE10 2014-03-28 11:48:29 +01:00
Martin Zimmermann
e393711859 use HTTP_REFERER as fallback if HTTP_ORIGIN is not sent
Also refactor those function a bit and move doctests into a separate
module.
2014-03-28 11:48:26 +01:00
Martin Zimmermann
09451ff707 replace textarea with a content-editable div
Mainly because of the sluggish auto-resize "feature" which comes for
free when using a content-editable div.

If you use a custom CSS, make sure you replace textarea (element with
.textarea (class) and set `white-space: pre`.
2014-03-27 14:29:56 +01:00
Martin Zimmermann
638ddc6359 pass event through for $.on 2014-03-27 09:53:07 +01:00
Martin Zimmermann
dd0837c0f7 remove superscript extension from Markdown
Unexpected behavior for popular smileys like "^^" which does not render
properly and thus, needs to be escaped (like \^\^). If you want to
re-enable superscript, add

    [markup]
    options = superscript
    allowed-elements = sup

to your configuration.
2014-03-25 23:03:33 +01:00
Martin Zimmermann
78b34ecdd2 return only publicely visible comments on /count
A regression introduced by 5ce48de.
2014-03-25 19:01:07 +01:00
Martin Zimmermann
5ce48de94a add POST request to get comment counts for multiple URLs
The old way via `GET /count?uri=...` still works, but is now deprecated
and might be removed in future releases.
The new way is much more efficient especially fore multiple listings.

The internal implemention is improvable though.
2014-03-25 18:50:21 +01:00
Martin Zimmermann
da782654b2 remove warning when SMTP is not configured as notifcation backend 2014-03-20 17:07:42 +01:00
Martin Zimmermann
e4ad81cde0 exit if no website(s) are configured and remove default host 2014-03-20 17:07:38 +01:00
Martin Zimmermann
d69bfc2511 fix visual update up/downvote 2014-03-20 16:32:28 +01:00
Martin Zimmermann
0b816a0677 store session-key in database (once generated on db creation), #74
Store a random session key used to sign and verify comment ownership
once the database is initialized, not on every application startup.

Currently fixed session keys in [general] session-key are migrated into
the database on startup. The configuration parser will notice you about
the change and suggest you to remove this option.
2014-03-20 16:32:25 +01:00
Martin Zimmermann
8f293ad435 configurable avatar colors
* data-isso-avatar-bg="#f0f0f0" sets the background color
* data-isso-avatar-fg="#0abf99 #5698c4 etc." sets up to 8 different
  forground colors
2014-03-10 22:02:13 +01:00
Martin Zimmermann
c6e9c7eee4 Revert "run tests without depending on an already installed instance"
Breaks CLI (and probably other modules that use `dist.version`):

    [*]~/d/isso:master> isso -c sample.cfg run
    Traceback (most recent call last):
    File "/home/.../dev/isso/bin/isso", line 9, in <module>
        load_entry_point('isso==0.8.dev0', 'console_scripts', 'isso')()
    File "/home/.../dev/isso/isso/__init__.py", line 198, in main
        parser.add_argument('--version', action='version', version='%(prog)s ' + dist.version)
    AttributeError: 'module' object has no attribute 'version

This reverts commit 4e5e8c44f7.
2014-03-09 15:30:33 +01:00
Martin Zimmermann
a94472d062 add BSD license header to crypto.py 2014-03-09 12:18:15 +01:00
eroen
4e5e8c44f7 run tests without depending on an already installed instance 2014-03-08 22:32:21 +01:00
Martin Zimmermann
83361fbdac improve "time from now" helper, based on moment.js
http://momentjs.com/docs/#/displaying/fromnow/
2014-03-06 12:05:51 +01:00
Martin Zimmermann
ffd5882810 Merge branch 'fix-time-ago', closes #69 2014-03-06 12:05:05 +01:00
Martin Zimmermann
9a678e4691 an attempt to address #69
Add a global-like object that stores the delta from server time and
client time in a list and use the resulting average to "correct"
utils.ago diffs.
2014-03-06 11:44:33 +01:00
Martin Zimmermann
8540d45fae cumtime is only available in Python 2.7.4 or later 2014-03-06 11:32:25 +01:00
Martin Zimmermann
772730dbcd fix make_app logic 2014-03-06 11:05:22 +01:00
Martin Zimmermann
c4b80ff702 make CORS middleware more generic to use 2014-03-04 15:40:21 +01:00
Martin Zimmermann
3b248b293f set SMTP timeout to 10 seconds and make it configurable, ref 9a735e8 2014-03-04 09:47:54 +01:00
Martin Zimmermann
72c38c2312 set day_diff to 0 if negative, related to #69 2014-03-03 23:47:26 +01:00
Martin Zimmermann
9a735e8eac initial SMTP connection now timeouts after 5 seconds, closes #70 2014-03-03 23:42:35 +01:00
Martin Zimmermann
9272e7390f Merge branch 'feature/configurable-markdown', closes #62 2014-02-18 17:36:09 +01:00
Martin Zimmermann
1b0a74e188 expand db path, closes #68 2014-02-18 17:34:14 +01:00
Martin Zimmermann
d93d77c8c7 refactor markup and sanitization code
This commit introduces a new configuration section [markup] to refine
Misaka's Markdown extensions (by default strikethrough, superscript and
autolink).

Furthermore, you can set custom HTML elements/attributes that are
allowed, e.g. to enable images, set

  [markup]
  allowed-elements = img
  allowed-attributes = src

The refactorization separates HTML sanitization from Markdown -> HTML
and allows to include new markup languages such as BB Code or
reStructuredText.
2014-02-18 16:59:51 +01:00
Martin Zimmermann
6071a85787 add Config.getlist method 2014-02-18 16:51:04 +01:00
Martin Zimmermann
3d9665b523 remove now obsolete Makefile 2014-02-03 11:00:11 +01:00
Martin Zimmermann
1c3c826ada replace requirejs-domready with a (self-made) HTML5 idiom, #51
This commit removes yet another dependency. The provided domready
function is compatible with IE9, Firefox and Safari/Chrome.

Inspired by:

* http://stackoverflow.com/a/15580098
* https://github.com/requirejs/domReady/blob/master/domReady.js
2014-02-03 10:54:54 +01:00
Martin Zimmermann
f3e5d8dc1c add support for html5lib==0.95, fixes #60
The python-html5lib package in Debian Wheezy does not support
`etree` as tree builder (called `simpletree` back then).
2014-01-30 20:49:11 +01:00
Martin Zimmermann
14a2f82134 s/tls/starttls/ 2014-01-26 18:35:52 +01:00
Jocelyn Delande
cbf63f5a4e default smtp to port=587 and security=starttls 2014-01-26 17:17:09 +01:00
Martin Zimmermann
baff120800 fix french pluralform 2014-01-25 22:19:59 +01:00
Martin Zimmermann
cbd449dcd0 Merge branch 'transifex' 2014-01-16 12:01:04 +01:00
Martin Zimmermann
3a1f92b8bd use html5lib's sanitizer, supersedes 3713d5e
Python's HTMLParser is smart enough to filter malicious tags but fails
to repair invalid, user-inputted HTML. Instead of re-inventing the
wheel, Isso now uses html5lib's HTMLSanitizer with a whitelist of all
tags generated by Sundown.

Disallowed tags are discarded from the output to match the previous
unittests. This feature is only available for html5lib 0.99(9) and
later. Earlier releases just escape disallowed tags.
2014-01-13 19:11:59 +01:00
Martin Zimmermann
3713d5e8ee allow raw HTML markup for a few (whitelisted) tags
To be compatible with comments from Disqus (and users unfamiliar with
Markdown), Misaka no longer disables user-inputted HTML, but the
generated HTML is now post-processed and all "unsafe" tags (not
possible with Markdown) are discarded.

Whitelist: p, a, pre, blockquote, h1-h6, em, sub, sup, del, ins, math,
           dl, ol, ul, li

This commit also removes an unnecessary newline generated by
Misaka/Sundown.
2014-01-12 14:44:39 +01:00
Martin Zimmermann
36d702c7bc proper use of Misaka's HTML render flags (fix malicious HTML injection)
This commit now sanitizes *all* HTML tags written by the user (also
prevents auto-link to "unsafe" web protocols and images) as intended.

Fortunately because of Sundown's typography support, it did not affect
JS injection, but custom style tags and iframes.

PS: thanks to the anonymous submitter of a comment including a style tag
for 24pt, red font ;-)
2014-01-12 12:58:24 +01:00
Martin Zimmermann
dcd473967b Merge branch 'remove-q-lib' 2014-01-07 14:36:06 +01:00
Martin Zimmermann
6006a12778 fix wrong logic when vote counter stays at zero (e.g. self-vote) 2014-01-07 14:29:51 +01:00
Martin Zimmermann
306d2d9f9e log 5xx errors
Also, fix console.log usage.
2014-01-07 14:28:12 +01:00
Martin Zimmermann
a29393ee3f replace kriskowal/q with 50 LoC homebrew implementation, part of #51
As a result, it is no longer possible to chain promises
(then().then().then(etc.)), but that is actually not an issue for Isso.

The deferred/promise implementation is roughly based on
http://stackoverflow.com/a/17722683 and stackp/promisejs.
2014-01-07 14:28:10 +01:00
Martin Zimmermann
bfae158bde update translations from Transifex (initial pull) 2014-01-06 18:21:30 +01:00
Martin Zimmermann
9dd066c6a6 reflect security = ... in docs and print warning if used 2014-01-01 22:20:00 +01:00
Thomas Sileo
a322cf673a Bugfix 2013-12-26 22:22:48 +01:00
Thomas Sileo
e50ecc7811 Removed debug info 2013-12-26 19:22:55 +01:00
Thomas Sileo
08313c191c Added reply notification for commenter 2013-12-26 19:19:15 +01:00
Chimo
658e065f23 Adds STARTTLS support to SMTP notifications 2013-12-19 23:36:06 -05:00
Martin Zimmermann
85e637d017 simplify JSON response 2013-12-19 08:56:14 +01:00
Martin Zimmermann
905bd63eee CORS middleware must return bytes 2013-12-19 08:55:53 +01:00
Martin Zimmermann
82da63a81b check if hash is a base-16 string 2013-12-19 08:55:06 +01:00
Martin Zimmermann
e244227f41 convert proxy object to string before passing to urllib 2013-12-19 08:09:09 +01:00
Martin Zimmermann
cbee3f7b2e clarify copyright headers 2013-12-18 16:21:35 +01:00
Martin Zimmermann
a728d3e32d add doctest for IPv6 mapped IPv4 addresses 2013-12-18 13:08:57 +01:00
Martin Zimmermann
2a86b46893 add test for disqus import 2013-12-18 13:08:54 +01:00
Martin Zimmermann
f81b955aa5 use SHA1 instead of MD5 to verify comment owner 2013-12-18 13:01:09 +01:00
Martin Zimmermann
29a825b575 remove unused utility functions 2013-12-18 13:01:05 +01:00
Martin Zimmermann
65f260d0ba show session-key on application startup
Maybe useful to see that it really changes if unset. Also reduced key
size to 16 bytes form /dev/urandom (cosmetic reason, still enough).
2013-12-17 13:40:32 +01:00
Martin Zimmermann
a4213e4304 update docstrings for isso.db 2013-12-17 13:30:37 +01:00
Martin Zimmermann
c99fe3d583 remove unused SQLite3.mode attribute 2013-12-17 13:18:43 +01:00
Martin Zimmermann
fcd0a01de3 make_app uses threading.Lock now by default
Uses keyword arguments to use multiprocessing or uwsgi mixin. This
fixes an issue on exotic *BSDs such as NetBSD where Python comes not
with inter-process semaphores (issue 3307):

     mod_wsgi (pid=14365): Target WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi' cannot be loaded as Python module.
     mod_wsgi (pid=14365): Exception occurred processing WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi'.
     Traceback (most recent call last):
       File "/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi", line 8, in <module>
         application = make_app(Config.load("/var/www/vhosts/my.hostname.org/htdocs/isso.cfg"))
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 155, in make_app
         isso = App(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 91, in __init__
         super(Isso, self).__init__(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/core.py", line 223, in __init__
         self.lock = multiprocessing.Lock()
       File "/usr/pkg/lib/python2.7/multiprocessing/__init__.py", line 175, in Lock
         from multiprocessing.synchronize import Lock
       File "/usr/pkg/lib/python2.7/multiprocessing/synchronize.py", line 59, in <module>
         " function, see issue 3770.")
     ImportError: This platform lacks a functioning sem_open implementation, therefore, the required synchronization primitives needed will not function, see issue 3770.
2013-12-16 15:40:18 +01:00
Martin Zimmermann
9db762ad5e italian translation by alzeco 2013-12-12 17:30:40 +01:00
Martin Zimmermann
525b2db6f1 fix french pluralization 2013-12-12 17:29:26 +01:00
Martin Zimmermann
150726df13 Merge branch 'feature/27', override thread id 2013-12-12 13:07:57 +01:00
Martin Zimmermann
77df31d06f override thread discovery with data-isso-id="...", close #27 2013-12-12 13:04:29 +01:00
Martin Zimmermann
79112940e6 reduce heading size in comments, fix #26 2013-12-12 12:10:50 +01:00
Martin Zimmermann
c5daa66c82 remove old CSS rule 2013-12-12 12:10:02 +01:00
Martin Zimmermann
990688f6e0 Merge branch 'fix/multsite' 2013-12-08 19:20:46 +01:00
Martin Zimmermann
adc722359d move application export to isso.run
When using Gunicorn or uWSGI to run `isso.dispatch` it would
automatically initialize and a default Isso instance (and cause
several logging messages), although never used.

If you use uWSGI or Gunicorn, you have to change the module from
`isso` to `isso.run`.
2013-12-08 19:15:08 +01:00
Martin Zimmermann
b15f17738e isso.dispatch now dispatches multiple sites based on relative URLs
The previous approach using a custom X-Custom header did work for the
client-side, but not for activation and deletion links. Now, you need
to add a `name = foo` option to the general section. `isso.dispatch`
then binds this configuration to /foo and can distinguish all API
calls without a special HTTP header.
2013-12-08 19:09:56 +01:00
Martin Zimmermann
ac74418179 move dispatch into isso package 2013-12-08 17:41:07 +01:00
Martin Zimmermann
fc984bb656 add Date header, close #42 2013-12-07 13:17:56 +01:00
Martin Zimmermann
232e2fb474 another approach to fix #40 (return 403 on false Content-Type)
When an attacker uses a <form> to downvote a comment, the browser
*should* add a `Content-Type: ...` header with three possible values:

    * application/x-www-form-urlencoded
    * multipart/form-data
    * text/plain

If the header is not sent or requests `application/json`, the
request is not forged (XHR is restricted by CORS separately).
2013-12-04 23:36:48 +01:00
Martin Zimmermann
1db06bbf39 Revert "HTTP Origin is only sent on cross-origin requests in Firefox"
Revert "use Referer instead of Origin when using IE"
Revert "fix unittests"
Revert "check if Origin matches Host to mitigate CSRF, part of #40"

This reverts commit 9376511485c70deaf908aa67bcdc8f0c9a0b003e.
This reverts commit 9a03cca793.
This reverts commit 4c16ba76cc.
This reverts commit 32e4b70510.
2013-12-04 17:09:22 +01:00
Martin Zimmermann
b839b2be31 HTTP Origin is only sent on cross-origin requests in Firefox
Therefore, only raise Forbidden if Origin (or Referer for MSIE) is sent
(which is a protected header and all modern browsers (except IE)).

Also add a basic unit test which asserts the failure for false origins.
2013-12-04 17:09:22 +01:00
Laurent Arnoud
02db978308 Add check with blank text 2013-12-04 00:35:09 +01:00
Martin Zimmermann
6f504ee8f5 show modal dialog before delete or activate comments, close #36
The URL sent in the email returns a short HTML document where
JS creates a modal dialog. If continued, the browser sends a
POST request to the same URL.
2013-12-02 13:07:11 +01:00
Martin Zimmermann
83b48d5db6 use el.getAttribute instead of el.dataset to support IE10 m( 2013-12-02 12:14:26 +01:00
Martin Zimmermann
9a03cca793 use Referer instead of Origin when using IE
* IE10 (and 11) do not send HTTP_ORIGIN when requesting a URL no in
    the same origin, although recommended by WHATWG [1]
  * if IE10 is used, use the referer. If this header is supressed by the
    user, it won't work (and I don't care).

IE10 needs to die, seriously:

> We have a long-standing interoperability difference with other browsers
> where we treat different ports as same-origin whereas other browsers
> treat them as cross-origin.

via https://connect.microsoft.com/IE/feedback/details/781303/origin-header-is-not-added-to-cors-requests-to-same-domain-but-different-port

[1] http://tools.ietf.org/html/draft-abarth-origin-09
2013-12-02 12:12:21 +01:00
Martin Zimmermann
4c16ba76cc fix unittests 2013-12-01 13:40:11 +01:00
Martin Zimmermann
32e4b70510 check if Origin matches Host to mitigate CSRF, part of #40 2013-12-01 13:40:08 +01:00
Martin Zimmermann
6e31111554 add application object into ns only when using uwsgi and gunicorn 2013-11-29 14:22:21 +01:00
Martin Zimmermann
baabd30e74 more descriptive logging 2013-11-29 14:21:43 +01:00
Martin Zimmermann
ce950259b4 show traceback when smtp connection failed 2013-11-25 17:02:04 +01:00
Martin Zimmermann
896b4f5e33 support for gunicorn (and other pre-forking wsgi servers) 2013-11-25 13:51:11 +01:00
Martin Zimmermann
aa65873fa6 uWSGI works also with multiprocessing.Lock 2013-11-25 13:50:43 +01:00
Martin Zimmermann
6405f258f3 replace nested middleware calls with reduce and partials 2013-11-25 13:38:51 +01:00
Martin Zimmermann
c9c0df229a Merge branch 'feature/info' 2013-11-21 11:17:24 +01:00
Martin Zimmermann
8dac5375b6 add /info view for debugging purposes 2013-11-21 11:09:33 +01:00
Martin Zimmermann
5449b0cea4 add route for comment activation 2013-11-21 10:17:42 +01:00
Martin Zimmermann
63a7df1099 translate deletion and activation links 2013-11-21 10:17:29 +01:00
Martin Zimmermann
598b08bd1c add russian translation
http://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html
2013-11-18 11:00:33 +01:00
Martin Zimmermann
8196f3f465 remove unnecessary imports 2013-11-17 15:49:25 +01:00
Martin Zimmermann
17aa3e6fc5 use english text for mail notifications 2013-11-17 15:44:40 +01:00
Martin Zimmermann
b9158a660c move SocketHTTPServer to isso/wsgi.py 2013-11-17 11:57:41 +01:00
Martin Zimmermann
9c94e66702 add fr.js to i18n module, appendum to #38 2013-11-17 11:28:24 +01:00
Martin Zimmermann
aeb7c35d8f override useragent's language with data-isso-lang 2013-11-17 11:27:48 +01:00
Martin Zimmermann
2e9c21db15 add X-Origin to GET requests, so isso.dispatch works on a single host 2013-11-17 11:16:46 +01:00
Martin Zimmermann
b21e216b06 mv app/fancy to /app/lib/fancy 2013-11-16 23:41:52 +01:00
Martin Zimmermann
edafc5f88f client configuration for reply-to-self
also: move data-isso-* configuration to app/config
2013-11-16 22:21:00 +01:00
Martin Zimmermann
64c0d770c6 remove edit and remove buttons when comment is marked as deleted 2013-11-16 21:42:11 +01:00
Martin Zimmermann
519112a8fc add some documentation 2013-11-16 21:41:54 +01:00
Martin Zimmermann
320cb7313f upgrade notifications for old configuration values 2013-11-16 20:54:21 +01:00
Martin Zimmermann
2446e6ac6a Merge pull request #38 from sploinga/master
French translation
2013-11-16 11:36:56 -08:00
Sploinga
5a20a4a4bf French translation 2013-11-16 20:32:21 +01:00
Martin Zimmermann
5e7ee3dffd use <link> tag to extract the relative post url, fixes #37
The <id> tag does not necessarily contains the full URL, but also
relative URLs:

    <id>http://example.com/foo/bar.html</id>
    <id>/foo/bar.html</id>
    <id>foo/bar.html</id>
2013-11-16 20:30:48 +01:00
Martin Zimmermann
0be3c69e1d Merge branch 'fix/spam-guard' 2013-11-13 21:30:23 +01:00
Martin Zimmermann
d4e7ee134d add option reply-to-self, defaults to false 2013-11-13 21:20:32 +01:00
Martin Zimmermann
9f2062a900 fix #35
Also add an option `direct-reply` to control the number of comments
on a thread without referencing a child (to avoid a simple while loop
that `curl -XPOST ...` the url).

Defaults to 3, that means a /24 (or /48 for IPv6) address can only post
3 direct responses on a thread at all.
2013-11-13 20:42:56 +01:00
Martin Zimmermann
5cbda11158 Merge branch 'fix/bloomfilter' 2013-11-13 20:08:08 +01:00
Martin Zimmermann
6178e93348 add database migration
Clear voters bloomfilter and initialize with an (almost) empty one.
2013-11-13 20:07:23 +01:00
Martin Zimmermann
58645ca945 do not reference bytearray in a method definition, fixes #5
This is a severe issue which makes the current voters bloomfilter
completely useless. Functions are first-class objects in Python, which
lead to interesting "issues" like:

    >>> def foo(x=[]):
    ...     x.append(1)
    ...     print x
    ...

    >>> foo()
    [1]

    >>> foo()
    [1, 1]

For Isso, this means the bloomfilter, which is usually only initialized
with the author's IP address, is now initialized with pretty much all
ip addresses from previous authors, thus makes it impossible for the
author to vote on other's people comments.
2013-11-13 20:07:18 +01:00
Martin Zimmermann
dfed955f23 Merge branch 'feature/migration' 2013-11-11 12:10:42 +01:00
Martin Zimmermann
d4f2123b58 Merge branch 'tmp/refactorization'
Conflicts:
	isso/utils/__init__.py
2013-11-11 12:10:29 +01:00
Martin Zimmermann
6e85c54a2e refactor views and introduce an API for notifications
Keep Isso modular, not monolithic. Make it easy to integrate a
web interface or add XMPP notifications.

This refactorization includes minor bugfixes and changes:

* CORS middleware did not work properly due to wrong unit tests
* more type checks on JSON input
* new detection for origin and public url, closes #28
* new activation and delete url (no redirect for old urls, but you can
  convert the old urls: copy hash after `/activate/` (or delete) and
  open `/id/<id of comment>/activate/<hash>`
* move crypto.py to utils/

With this commit, SMTP is no longer automatically configured: add
`notify = smtp` to the `[general]` section to use SMTP.
2013-11-11 12:09:19 +01:00
Martin Zimmermann
162fe78aa6 ask to continue import if DB is not empty 2013-11-11 12:02:49 +01:00
Martin Zimmermann
5ca3137ddd add --dry-run option to import command 2013-11-11 11:57:31 +01:00
Martin Zimmermann
a8cd418b5e remove website todo, not a high priority 2013-11-11 11:45:12 +01:00
Martin Zimmermann
850b2b4bfb set mode to 4 (deleted) when isDeleted is true 2013-11-11 11:44:32 +01:00
Martin Zimmermann
8c0af3b10f show orphan comments after Disqus import (if any)
An orphan comment is exported by Disqus but its thread id is
non-existent (probably deleted, moved). Usually from the earlier
days (or WordPress migration).

It is not possible to get the thread without manual intervention (
aka SQLite insertions).
2013-11-11 11:34:13 +01:00
Federico Ceratto
68be70af24 Support Python2 ipaddr library. 2013-11-09 15:32:25 +00:00
Martin Zimmermann
a442b8e0ee remove dead code 2013-11-08 19:03:08 +01:00
Martin Zimmermann
ab5d907172 move comments.requires to views package 2013-11-08 19:00:01 +01:00
Martin Zimmermann
1174259b27 mv comment -> comments 2013-11-08 18:55:02 +01:00
Martin Zimmermann
ac8d987392 don't monkeypatch if uwsgi is available 2013-11-06 18:10:09 +01:00
Martin Zimmermann
6f3a2d8072 add an option to prevent Isso from appending the default CSS, closes #29 2013-11-06 17:46:04 +01:00
Martin Zimmermann
c06c11aeca api.js parses custom data attributes for client configuration, part of #29
All data-attributes beginning with `data-isso-` are stored in
`api.config` (without leading data-isso-). Isso tries to parse
the values with JSON (e.g. `-isso-foo="false"` returns false)
and falls back for a simple string value.
2013-11-06 17:39:14 +01:00
Martin Zimmermann
4bb6e91f61 Isso can now listen on unix domain sockets, closes #25
This also changes the server configuration from `host` and `port`
to `listen = http://localhost:8080`.
2013-11-06 16:55:14 +01:00
Martin Zimmermann
6374d8a9e1 fix application profiling 2013-11-05 23:36:52 +01:00
Martin Zimmermann
0a247a7927 data-isso-prefix is now ony data-isso 2013-11-05 23:35:38 +01:00
Martin Zimmermann
33fb15e241 rename data-prefix to data-isso 2013-11-05 14:25:43 +01:00
Martin Zimmermann
af6695e935 lowercase MiddleWare and fix TypeError in Headers 2013-11-05 14:03:46 +01:00
Martin Zimmermann
4950e7dd4d add unittest for CORS headers 2013-11-05 13:08:21 +01:00
Martin Zimmermann
aa6665c8f0 fix endpoint detection when using require.js 2013-11-05 12:44:31 +01:00
Martin Zimmermann
8d1171df29 improve request decoding and json parsing 2013-11-05 12:44:16 +01:00
Martin Zimmermann
6691810316 handle cross-origin cookies with a custom header X-Set-Cookie, fix #24
Cookies set from a different domain can not be read by JS executed in
the current domain. As a workaround, Isso sends both a Set-Cookie and
X-Set-Cookie header. The former is used by the browser to make the
HTTP request to the API, the latter is read by `embed.min.js` to
determine if a comment can be edited or deleted.

When a comment is deleted, the server sends an expired cookies in
Set-Cookie and X-Set-Cookie.
2013-11-05 12:36:29 +01:00
Martin Zimmermann
05c8b571e2 requirejs-text now uses CORS XHR requests to static files 2013-11-05 01:11:53 +01:00
Martin Zimmermann
6126f0ec6f add CORS middleware to add CORS header to *all* requests 2013-11-05 01:11:28 +01:00
Martin Zimmermann
e14a04ab6c support for werkzeug 0.8 (Python2-only) 2013-11-04 01:13:29 +01:00
Martin Zimmermann
312578457b uwsgi can only cache bytes 2013-11-03 18:55:23 +01:00
Martin Zimmermann
cc2ac11850 inline CSS 2013-11-03 18:55:23 +01:00
Martin Zimmermann
d8a254c304 fix api endpoint detection 2013-11-03 18:55:20 +01:00
Martin Zimmermann
d59fc2ef8e handle OPTIONS request and return CORS headers 2013-11-03 15:18:04 +01:00
Martin Zimmermann
c581e0f05a cache email hash on comment creation 2013-11-03 12:39:51 +01:00
Martin Zimmermann
c567758d81 limit email length to 254 to avoid hash-DDoS 2013-11-03 12:35:33 +01:00
Martin Zimmermann
0473afe2db add profiling option to server configuration 2013-11-03 12:32:38 +01:00
Martin Zimmermann
3c193bef27 request remote_addr only when using the comment form 2013-11-02 18:41:00 +01:00
Martin Zimmermann
7e73986667 remove trailing slash from API endpoint, appendum to 8da9d0b 2013-11-02 18:39:40 +01:00
Martin Zimmermann
375b32a151 Merge branch 'feature/data-attributes' 2013-11-02 18:28:42 +01:00
Martin Zimmermann
8da9d0b13b override API location with data-prefix="..." 2013-11-02 18:26:33 +01:00
Martin Zimmermann
0d07515c18 override HTML title parsing with a data-title="... attribute
If you don't use a <h1> to markup your post's title (but h2), it
is no longer possible to reliable detect the site's title.

E.g. you have a single page with only one <h1> and that's the
*real* title of that page. But on the other hand, it is also
possible, that the <h1> tag is just your website's name and the
actual post title is marked up in <h2>.
2013-11-02 18:21:27 +01:00
Martin Zimmermann
fa496669e2 use lowercase [smtp] as written in the docs 2013-11-02 17:38:01 +01:00
Martin Zimmermann
54413dfcf3 add copyright header to embed.js (and it's MIT not BSD) 2013-11-02 15:31:17 +01:00
Martin Zimmermann
c5d52721c4 use cache.delete a) with an actual key and b) only on delete 2013-11-01 17:02:08 +01:00
Martin Zimmermann
2b7d263735 only create a reply box when needed
Previously this led to unnecessary object creation which impacted the
rendering time (on my machine 200 comments -> 1200ms) just to create
the postbox per comment (just the object initialization)).
2013-11-01 15:25:44 +01:00
Martin Zimmermann
cac4694f43 cache PBKDF2 hash, closes #18
Markdown conversion is not the reason for 2s per 100 comments response,
the hash function is. When using the email/remote_addr from cache, the
response time is pretty fast.

* when uWSGI is available, use their caching framework

* for multi-threaded environment (the default), use a simple cache
  shipped with werkzeug
2013-11-01 15:08:16 +01:00
Martin Zimmermann
74ab58167e replace abort(code) with proper exceptions and refactor request dispatch 2013-11-01 12:46:51 +01:00
Martin Zimmermann
2794734258 remove Jinja2 dependency 2013-11-01 12:26:39 +01:00
Martin Zimmermann
dea4c88162 remove admin interface fragments 2013-10-31 17:14:32 +01:00
Martin Zimmermann
2cac3f0567 detect Isso API endpoint when using *.dev.js script 2013-10-31 12:33:19 +01:00
Martin Zimmermann
e08e7be464 remove stale threads after all comments have been deleted 2013-10-31 11:08:00 +01:00
Martin Zimmermann
a658021f7e fix unittest for 1358fac and extend internal documentation 2013-10-31 10:44:46 +01:00
Martin Zimmermann
1358fac258 fix empty thread title due premature HTTP connection closing 2013-10-30 19:41:41 +01:00
Martin Zimmermann
55b6b283b8 use uWSGIs locking 2013-10-30 10:52:06 +01:00
Martin Zimmermann
9a8e0b524e build notify mail with first hostname 2013-10-30 10:06:28 +01:00
Martin Zimmermann
0c7a4e44f9 disable werkzeug connection log 2013-10-30 10:06:09 +01:00
Martin Zimmermann
1518bae5ba IE10 does not support classList on SVG elements m( 2013-10-30 00:24:32 +01:00
Martin Zimmermann
32f83160d6 config.js is not necessary in post.html 2013-10-29 23:12:44 +01:00
Martin Zimmermann
5689143c4a remove button no longer resets after 1.5s, part of #17 2013-10-29 18:46:08 +01:00
Martin Zimmermann
bbccfe9def include post.html in snapshot release and remove old css 2013-10-29 17:17:52 +01:00
Martin Zimmermann
876dd402a6 remove bootstrap 2013-10-29 17:07:25 +01:00
Martin Zimmermann
84da660ca9 update sample post 2013-10-29 17:06:46 +01:00
Martin Zimmermann
c3b6e0319e use SVG to render identicon so the browser can auto-resize the image
Temporary fix for websites with small width, where the identicon
overlaps with the textarea field.
2013-10-29 16:58:38 +01:00
Martin Zimmermann
b672dae624 allow multiple hosts, e.g. HTTP and HTTPS sites 2013-10-29 12:22:13 +01:00
Martin Zimmermann
cb40c7ca42 improve doctests and refactor title extraction 2013-10-29 12:01:45 +01:00
Martin Zimmermann
89b1ca8846 doctests for utils.anonymize(remote_addr) 2013-10-27 13:58:50 +01:00
Martin Zimmermann
527b349fbe use python's logging module 2013-10-27 13:40:18 +01:00
Martin Zimmermann
11293a504b utils.parse now returns a triple (host, port, ssl) 2013-10-27 12:48:34 +01:00
Martin Zimmermann
acbf42f89d fix SMTP connectivity test, appendum to a8d0670 2013-10-27 12:47:48 +01:00
Martin Zimmermann
94b1fef28e rewrite CONFIGURATION.md in reST and extend document 2013-10-27 12:44:59 +01:00
Martin Zimmermann
2db98d0d34 move http utils in separate module 2013-10-24 14:38:43 +02:00
Martin Zimmermann
48b4c9f9a5 purge comments in moderation queue after given time, closes #13 2013-10-24 14:38:40 +02:00
Martin Zimmermann
a8d0670db7 fix PEP-8 minors 2013-10-24 11:56:48 +02:00
Martin Zimmermann
4f5b247ed1 delete comments via mail 2013-10-21 17:40:03 +02:00
Martin Zimmermann
5b52cbdfa6 skip empty Disqus threads 2013-10-19 12:45:10 +02:00
Martin Zimmermann
66ade6df14 remove semantic article, header and footer tags to avoid CSS collisions 2013-10-19 11:38:16 +02:00
Martin Zimmermann
b691579bad test if #isso-thread exists 2013-10-13 23:33:06 +02:00
Martin Zimmermann
5d0cad4272 use proper email header encoding 2013-10-13 15:52:50 +02:00
Martin Zimmermann
e8d62e5db1 fix import regression from 11246f5 2013-10-13 15:34:26 +02:00
Martin Zimmermann
a2c3ecb131 remove behave.js 2013-10-13 15:06:43 +02:00
Martin Zimmermann
11246f51dc support for moderated comments, part of #13
* add moderated = true to your configuration (defaults to false)
* comment activation via email to the Isso owner
2013-10-13 15:02:42 +02:00
Martin Zimmermann
79f8c1157e show N days ago instead of previous week 2013-10-13 12:58:48 +02:00
Martin Zimmermann
61a486d2ea support for Python 3.3 2013-10-09 16:33:49 +02:00
Martin Zimmermann
f9133b984e use configparser backport to support python2.6 again 2013-10-09 15:49:12 +02:00
Martin Zimmermann
988d2032c5 replace blank identicon with ghosts 2013-10-09 15:33:31 +02:00
Martin Zimmermann
2557c02117 Merge branch 'feature/spam-guard' 2013-10-06 19:55:44 +02:00
Martin Zimmermann
1034d5016e document app/dom.js 2013-10-06 19:55:18 +02:00
Martin Zimmermann
8967fd733e hide reply button when it is not possible to reply 2013-10-06 19:46:04 +02:00
Martin Zimmermann
ab618ad898 add basic spam protection 2013-10-06 18:37:05 +02:00
Martin Zimmermann
6eab8ad5ca support for uWSGI
* naive uWSGI fallback which spawns one thread per request and
  one thread per mail notification
* uWSGI backend which utilize queues and spooling to handle
  simultanous requests and mail notifications

This also fixes a bug where N concurrent POSTs on a new topic
failed for N-1 requests (db integrity error).
2013-10-06 15:36:38 +02:00
Martin Zimmermann
9ce965440a toggle next state, when submit was succesful 2013-10-04 18:00:17 +02:00
Martin Zimmermann
0abb8ed658 remove edit and remove buttons when cookie is gone 2013-10-04 18:00:13 +02:00
Martin Zimmermann
0b8cac7f18 implement comment editing 2013-10-03 18:56:36 +02:00
Martin Zimmermann
6242d243c9 update cookie after editing a comment 2013-10-03 18:12:59 +02:00
Martin Zimmermann
75f172f4ae textarea auto resize 2013-10-03 14:17:09 +02:00
Martin Zimmermann
80e8ce7e25 more i18n 2013-10-03 13:50:30 +02:00
Martin Zimmermann
57a16acff4 use promise lib correctly 2013-10-03 13:50:30 +02:00
Martin Zimmermann
e4f9b53668 minor CSS improvement to input and submit fields 2013-10-03 13:50:27 +02:00
Martin Zimmermann
2f6f4bc338 stylesheet injection 2013-10-02 16:18:55 +02:00
Martin Zimmermann
de25af5467 exclude svgs from count.min.js 2013-10-02 16:18:35 +02:00
Martin Zimmermann
fd18ea9eab split i18n messages 2013-10-02 16:17:25 +02:00
Martin Zimmermann
ef463eb517 API endpoint detection for count.min.js 2013-10-02 16:16:08 +02:00
Martin Zimmermann
a7cc1cdf4d move scss to isso/css/ 2013-10-02 16:15:43 +02:00
Martin Zimmermann
b1e33bdce5 split 3rd-party packages to vendor and components
Then, use bower to fetch components and put libraries not
available as (web) component into vendor/.

Move crypto parts and identicon generation modules into app/lib.
2013-10-02 14:26:06 +02:00
Martin Zimmermann
b36e2fdb28 COMMIT ALL THE THINGS
* refactor JS (a lot)
* use a CSS framework (neat/bourbon), because CSS is hard
* up/downvote comments
* cleaner HTML
* HTML inclusion in JS
* SVG icons for reference, up and downvote
* basic i18n: english and german supported ootb
* lazy (because slow) client-side identicon generation (preview ability)
* removed website input field for no particular reason
* remove HTML.js in favour of a homebrew DOM manipulation tool
2013-10-01 14:47:01 +02:00
Martin Zimmermann
4f03b3faf9 re-license to MIT 2013-09-19 18:44:40 +02:00
Martin Zimmermann
560e73cc0a rewrite db backend 2013-09-19 18:44:37 +02:00
Martin Zimmermann
52f64dd26f improve url exists detection for new comment threads 2013-09-13 19:52:53 +02:00
Martin Zimmermann
30fa254023 connect to SMTP on-demand 2013-09-13 19:51:56 +02:00
Martin Zimmermann
98ab6d205a anonymize IP if passed as ::ffff.1.2.3.4 correctly 2013-09-13 18:30:51 +02:00
Martin Zimmermann
88a7d40bea send null instead of the empty string 2013-09-13 18:24:24 +02:00
Martin Zimmermann
b744e2fe39 use SSL for https:// 2013-09-13 18:12:32 +02:00
Martin Zimmermann
3eeb686d5f update stylesheet link 2013-09-13 16:15:14 +02:00
Martin Zimmermann
2ee47bd902 return 404 when creating a comment for a non-existing URI 2013-09-13 16:14:13 +02:00
Martin Zimmermann
021b672ee2 use only first 3 bytes from an IPv6 address 2013-09-13 16:13:45 +02:00
Martin Zimmermann
7ed5d6461e add ProxyFix WSGI middleware for real IP and remove dead code 2013-09-13 16:13:08 +02:00
Martin Zimmermann
adb3d40c03 send notification for new comments
This commit also introduces a new db which maps path to thread title.
The title is read by parsing the HTML for a related <h1> tag using
`html5lib`.

You can set up SMTP in your configuration (here the defaults):

    [SMTP]
    host = localhost
    port = 465
    ssl = on
    username =
    password =
    recipient =
    sender =

In short, by default Isso uses a local SMTP server using SSL without
any authentication. An email is send on comment creation to "recipient"
from "Ich schrei sonst <sender>".

This commit also uses a simple ANSI colorization module from my static
blog compiler project.

On server startup, Isso will connect to the SMTP server and fall back to
a null mailer. It also tries to connect to your website, so if that
doesn't work, you probably can't comment on your website either.
2013-09-13 15:21:18 +02:00
Martin Zimmermann
9edd34d079 fix typos 2013-09-12 19:20:31 +02:00
Martin Zimmermann
0f7516edb4 always announce CORS, fix 3218e16 2013-09-12 19:10:38 +02:00
Martin Zimmermann
27022af1e6 update README, added docs/API.md draft 2013-09-12 19:10:03 +02:00
Martin Zimmermann
5759513fcd remove old stuff and trim output from utils.heading 2013-09-12 17:28:44 +02:00
Martin Zimmermann
27ba6d795f extend utils.ago to handle dates beyond 31 days 2013-09-12 17:28:13 +02:00
Martin Zimmermann
63f03e1111 disqus import now sets the comment creation date correctly 2013-09-12 17:27:16 +02:00
Martin Zimmermann
3218e16532 add CORS support
Isso can now run on a separate domain such as comments.example.org
and still serve for blog.example.org using CORS.
2013-09-12 17:26:10 +02:00
Martin Zimmermann
45d4e18aef new /count?uri=path and count.js
A separate (minified) JS to load only the comment count for each
`<a href="...#isso-thread">...</a>` link. If there are no comments,
return a 404, otherwise return the number JSON formatted.

To built `count.ks`, run `r.js -o build.count.js`.
2013-09-12 17:22:37 +02:00
Martin Zimmermann
1105e3e016 don't shrink textarea on blur 2013-09-12 12:28:53 +02:00
Martin Zimmermann
10c65561ed mv /client to /js 2013-09-12 11:46:09 +02:00
Martin Zimmermann
83f7c0201f use almond.js for single file output 2013-09-09 14:44:04 +02:00
Martin Zimmermann
88b77ffa2d show markdown by default 2013-09-09 14:14:27 +02:00
Martin Zimmermann
b65b86d664 fix german utils.ago strings 2013-09-09 14:14:10 +02:00
Martin Zimmermann
9484a8fa6f add heading 'Kommentieren' etc. 2013-09-09 14:13:34 +02:00
Martin Zimmermann
18ebf6f95a disable threading, use processes 2013-09-09 14:13:05 +02:00
Martin Zimmermann
3037f5926d clean imports and remove old code 2013-09-09 13:37:57 +02:00
Martin Zimmermann
56ea90d7e0 JavaScript Identicons (awww), closes #8 2013-09-09 13:27:35 +02:00
Martin Zimmermann
bebda530b6 clear comment that still has references 2013-09-09 13:24:47 +02:00
Martin Zimmermann
413fb0c9a6 automatically update time(ago) every minute 2013-09-09 13:24:03 +02:00
Martin Zimmermann
fa277c98c1 disable scrollIntoView 2013-09-09 13:23:18 +02:00
Martin Zimmermann
20f82dcfcd fix disqus import 2013-09-08 17:37:26 +02:00
Martin Zimmermann
aecab5cf01 scoll into view 2013-09-08 17:24:54 +02:00
Martin Zimmermann
f0c1574c15 remove stale comments from DB, closes #9 2013-09-08 17:21:33 +02:00
Martin Zimmermann
f1ffe444bc don't remove root msg box on submit, but clear fields 2013-09-08 14:17:46 +02:00
Martin Zimmermann
449c838be3 REMOTE_ADDR is not unicode 2013-09-08 14:13:17 +02:00
Martin Zimmermann
5cad8fb8b5 clean db interface and comment model 2013-09-08 13:02:25 +02:00
Martin Zimmermann
c7ee35423b implement db backend for votes/likes #5 2013-09-06 17:19:25 +02:00
Martin Zimmermann
11c6e4d720 remove email column 2013-09-06 15:56:43 +02:00
Martin Zimmermann
59706815e7 add comment.hash to recognize user by email or ip fallback
also: fixed test_comment json.dumps(json.loads(json.dumps(...)))
madness.
2013-09-05 23:09:56 +02:00
Martin Zimmermann
35926037a6 fix tests 2013-09-05 21:13:33 +02:00
Martin Zimmermann
f6271e5cf6 commit work in progress
completely revamp JS client because JS sucks^W^W^W to feature AMD,
require.js, promises and HTML.js.

The comment listing is now more like Disqus and for now comment
retrieval, comment creation and deletion works. Form validation is
rudimentary implemented as well.

replaced Mako with Jinja2 (because... I forgot.), admin interface will
use Bootstrap™ but is not functional yet.

features a progress indicator in case you're sqlite db performs *really*
bad
2013-09-05 19:31:18 +02:00
Martin Zimmermann
7e6fa0438b use argparse and configparser 2013-09-03 13:40:40 +02:00
Martin Zimmermann
2d075f867a move code around™ 2013-09-03 12:15:43 +02:00
Martin Zimmermann
cb20f159fb add bootstrap 2.3.2 2013-09-02 14:58:07 +02:00
Martin Zimmermann
dd4ba9263a refactor all the things (use werkzeug instead of NIH to handle WSGI)
Also: use ?uri=%2Fpath%2F as path indicator.
2013-09-02 14:44:53 +02:00
Martin Zimmermann
76d6d46521 add progress bar to migration 2013-09-02 14:22:08 +02:00
Martin Zimmermann
57fa577e54 whatever I made there 2013-09-01 23:40:55 +02:00
posativ
26c74cb521 admin.js now used isso.js as API
JS is a horrible language. The more you try to modularize and DRY
it, the greater the LoC grows...
2012-12-17 00:06:46 +01:00
posativ
261f2fe18e introduce namespaces for JS and trying to escape the pyramid of doom 2012-12-16 23:29:07 +01:00
posativ
525a2828c5 fix Makefile and move utilities to js/utils.js 2012-12-16 20:29:18 +01:00
posativ
a753045f8b some documentation and move login to /admin/ 2012-12-16 19:54:56 +01:00
posativ
588a8c306b approved comments now move to recent comments 2012-12-16 18:13:03 +01:00
posativ
65c2fce636 better admin 'theme', 304 Not Modified support and minor improvements 2012-12-16 17:59:20 +01:00
posativ
eaaf1f4653 moar syntactic sugar 2012-12-16 13:38:24 +01:00
posativ
8e2e90ed4e add threaded WSGI server mixin to check URL existence on same host :> 2012-12-16 00:46:20 +01:00
posativ
63b990838d fix tests 2012-12-16 00:31:55 +01:00
posativ
a4514e1f91 rewrite using NIH 2012-12-16 00:14:30 +01:00
posativ
440787ff67 fix Augenkrebs in dashboard 2012-10-28 00:57:31 +02:00
posativ
28162d7ca9 edit comment works when comment is still pending 2012-10-28 00:50:09 +02:00
posativ
2e1831f609 show pending status, add some css 2012-10-28 00:39:23 +02:00
posativ
1bafe193ad approve comments 2012-10-28 00:39:22 +02:00
posativ
23232d4f0e fix admin.js 2012-10-28 00:39:22 +02:00
posativ
5d15ab0ea3 use highly sophisticated '2 weeks ago' dates including microformats 2012-10-28 00:39:20 +02:00
posativ
c7d4b5a071 use promise.js -> less code, less indentation, 2 kb less framework 2012-10-25 23:26:20 +02:00
posativ
6f4b02ab12 show deleted comments when they are referenced 2012-10-25 20:45:22 +02:00
posativ
35310300ac add 'edit comment' functionality. Use with care. 2012-10-25 20:09:12 +02:00
posativ
b4708fb284 modify can return plain text and marked up content 2012-10-25 20:08:28 +02:00
posativ
db32d1c7f0 refactor JS and add YUI compression. 2012-10-25 16:20:50 +02:00
posativ
66cc7911f5 limit to 20 by default 2012-10-24 23:56:52 +02:00
posativ
6bb7b8c8d9 admin interface can delete comments :> 2012-10-24 23:22:39 +02:00
posativ
15ead12683 I can't still remember what ASC and DESC means 2012-10-24 20:38:39 +02:00
posativ
7420e6a130 add path to comment class 2012-10-24 20:38:07 +02:00