arno/isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
535 Commits 14 Branches 38 Tags 5.8 MiB
baef73f1e8
Commit Graph

357 Commits

Author SHA1 Message Date
Laurent Arnoud
02db978308 Add check with blank text 2013-12-04 00:35:09 +01:00
Martin Zimmermann
6f504ee8f5 show modal dialog before delete or activate comments, close #36 
The URL sent in the email returns a short HTML document where
JS creates a modal dialog. If continued, the browser sends a
POST request to the same URL.
 2013-12-02 13:07:11 +01:00
Martin Zimmermann
83b48d5db6 use el.getAttribute instead of el.dataset to support IE10 m( 2013-12-02 12:14:26 +01:00
Martin Zimmermann
9a03cca793 use Referer instead of Origin when using IE 
* IE10 (and 11) do not send HTTP_ORIGIN when requesting a URL no in
    the same origin, although recommended by WHATWG [1]
  * if IE10 is used, use the referer. If this header is supressed by the
    user, it won't work (and I don't care).

IE10 needs to die, seriously:

> We have a long-standing interoperability difference with other browsers
> where we treat different ports as same-origin whereas other browsers
> treat them as cross-origin.

via https://connect.microsoft.com/IE/feedback/details/781303/origin-header-is-not-added-to-cors-requests-to-same-domain-but-different-port

[1] http://tools.ietf.org/html/draft-abarth-origin-09
 2013-12-02 12:12:21 +01:00
Martin Zimmermann
4c16ba76cc fix unittests 2013-12-01 13:40:11 +01:00
Martin Zimmermann
32e4b70510 check if Origin matches Host to mitigate CSRF, part of #40 2013-12-01 13:40:08 +01:00
Martin Zimmermann
6e31111554 add application object into ns only when using uwsgi and gunicorn 2013-11-29 14:22:21 +01:00
Martin Zimmermann
baabd30e74 more descriptive logging 2013-11-29 14:21:43 +01:00
Martin Zimmermann
ce950259b4 show traceback when smtp connection failed 2013-11-25 17:02:04 +01:00
Martin Zimmermann
896b4f5e33 support for gunicorn (and other pre-forking wsgi servers) 2013-11-25 13:51:11 +01:00
Martin Zimmermann
aa65873fa6 uWSGI works also with multiprocessing.Lock 2013-11-25 13:50:43 +01:00
Martin Zimmermann
6405f258f3 replace nested middleware calls with reduce and partials 2013-11-25 13:38:51 +01:00
Martin Zimmermann
c9c0df229a Merge branch 'feature/info' 2013-11-21 11:17:24 +01:00
Martin Zimmermann
8dac5375b6 add /info view for debugging purposes 2013-11-21 11:09:33 +01:00
Martin Zimmermann
5449b0cea4 add route for comment activation 2013-11-21 10:17:42 +01:00
Martin Zimmermann
63a7df1099 translate deletion and activation links 2013-11-21 10:17:29 +01:00
Martin Zimmermann
598b08bd1c add russian translation 
http://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html
 2013-11-18 11:00:33 +01:00
Martin Zimmermann
8196f3f465 remove unnecessary imports 2013-11-17 15:49:25 +01:00
Martin Zimmermann
17aa3e6fc5 use english text for mail notifications 2013-11-17 15:44:40 +01:00
Martin Zimmermann
b9158a660c move SocketHTTPServer to isso/wsgi.py 2013-11-17 11:57:41 +01:00
Martin Zimmermann
9c94e66702 add fr.js to i18n module, appendum to #38 2013-11-17 11:28:24 +01:00
Martin Zimmermann
aeb7c35d8f override useragent's language with data-isso-lang 2013-11-17 11:27:48 +01:00
Martin Zimmermann
2e9c21db15 add X-Origin to GET requests, so isso.dispatch works on a single host 2013-11-17 11:16:46 +01:00
Martin Zimmermann
b21e216b06 mv app/fancy to /app/lib/fancy 2013-11-16 23:41:52 +01:00
Martin Zimmermann
edafc5f88f client configuration for reply-to-self 
also: move data-isso-* configuration to app/config
 2013-11-16 22:21:00 +01:00
Martin Zimmermann
64c0d770c6 remove edit and remove buttons when comment is marked as deleted 2013-11-16 21:42:11 +01:00
Martin Zimmermann
519112a8fc add some documentation 2013-11-16 21:41:54 +01:00
Martin Zimmermann
320cb7313f upgrade notifications for old configuration values 2013-11-16 20:54:21 +01:00
Martin Zimmermann
2446e6ac6a Merge pull request #38 from sploinga/master 
French translation
 2013-11-16 11:36:56 -08:00
Sploinga
5a20a4a4bf French translation 2013-11-16 20:32:21 +01:00
Martin Zimmermann
5e7ee3dffd use <link> tag to extract the relative post url, fixes #37 
The <id> tag does not necessarily contains the full URL, but also
relative URLs:

    <id>http://example.com/foo/bar.html</id>
    <id>/foo/bar.html</id>
    <id>foo/bar.html</id>
 2013-11-16 20:30:48 +01:00
Martin Zimmermann
0be3c69e1d Merge branch 'fix/spam-guard' 2013-11-13 21:30:23 +01:00
Martin Zimmermann
d4e7ee134d add option reply-to-self, defaults to false 2013-11-13 21:20:32 +01:00
Martin Zimmermann
9f2062a900 fix #35 
Also add an option `direct-reply` to control the number of comments
on a thread without referencing a child (to avoid a simple while loop
that `curl -XPOST ...` the url).

Defaults to 3, that means a /24 (or /48 for IPv6) address can only post
3 direct responses on a thread at all.
 2013-11-13 20:42:56 +01:00
Martin Zimmermann
5cbda11158 Merge branch 'fix/bloomfilter' 2013-11-13 20:08:08 +01:00
Martin Zimmermann
6178e93348 add database migration 
Clear voters bloomfilter and initialize with an (almost) empty one.
 2013-11-13 20:07:23 +01:00
Martin Zimmermann
58645ca945 do not reference bytearray in a method definition, fixes #5 
This is a severe issue which makes the current voters bloomfilter
completely useless. Functions are first-class objects in Python, which
lead to interesting "issues" like:

    >>> def foo(x=[]):
    ...     x.append(1)
    ...     print x
    ...

    >>> foo()
    [1]

    >>> foo()
    [1, 1]

For Isso, this means the bloomfilter, which is usually only initialized
with the author's IP address, is now initialized with pretty much all
ip addresses from previous authors, thus makes it impossible for the
author to vote on other's people comments.
 2013-11-13 20:07:18 +01:00
Martin Zimmermann
dfed955f23 Merge branch 'feature/migration' 2013-11-11 12:10:42 +01:00
Martin Zimmermann
d4f2123b58 Merge branch 'tmp/refactorization' 
Conflicts:
	isso/utils/__init__.py
 2013-11-11 12:10:29 +01:00
Martin Zimmermann
6e85c54a2e refactor views and introduce an API for notifications 
Keep Isso modular, not monolithic. Make it easy to integrate a
web interface or add XMPP notifications.

This refactorization includes minor bugfixes and changes:

* CORS middleware did not work properly due to wrong unit tests
* more type checks on JSON input
* new detection for origin and public url, closes #28
* new activation and delete url (no redirect for old urls, but you can
  convert the old urls: copy hash after `/activate/` (or delete) and
  open `/id/<id of comment>/activate/<hash>`
* move crypto.py to utils/

With this commit, SMTP is no longer automatically configured: add
`notify = smtp` to the `[general]` section to use SMTP.
 2013-11-11 12:09:19 +01:00
Martin Zimmermann
162fe78aa6 ask to continue import if DB is not empty 2013-11-11 12:02:49 +01:00
Martin Zimmermann
5ca3137ddd add --dry-run option to import command 2013-11-11 11:57:31 +01:00
Martin Zimmermann
a8cd418b5e remove website todo, not a high priority 2013-11-11 11:45:12 +01:00
Martin Zimmermann
850b2b4bfb set mode to 4 (deleted) when isDeleted is true 2013-11-11 11:44:32 +01:00
Martin Zimmermann
8c0af3b10f show orphan comments after Disqus import (if any) 
An orphan comment is exported by Disqus but its thread id is
non-existent (probably deleted, moved). Usually from the earlier
days (or WordPress migration).

It is not possible to get the thread without manual intervention (
aka SQLite insertions).
 2013-11-11 11:34:13 +01:00
Federico Ceratto
68be70af24 Support Python2 ipaddr library. 2013-11-09 15:32:25 +00:00
Martin Zimmermann
a442b8e0ee remove dead code 2013-11-08 19:03:08 +01:00
Martin Zimmermann
ab5d907172 move comments.requires to views package 2013-11-08 19:00:01 +01:00
Martin Zimmermann
1174259b27 mv comment -> comments 2013-11-08 18:55:02 +01:00
Martin Zimmermann
ac8d987392 don't monkeypatch if uwsgi is available 2013-11-06 18:10:09 +01:00
Martin Zimmermann
6f3a2d8072 add an option to prevent Isso from appending the default CSS, closes #29 2013-11-06 17:46:04 +01:00
Martin Zimmermann
c06c11aeca api.js parses custom data attributes for client configuration, part of #29 
All data-attributes beginning with `data-isso-` are stored in
`api.config` (without leading data-isso-). Isso tries to parse
the values with JSON (e.g. `-isso-foo="false"` returns false)
and falls back for a simple string value.
 2013-11-06 17:39:14 +01:00
Martin Zimmermann
4bb6e91f61 Isso can now listen on unix domain sockets, closes #25 
This also changes the server configuration from `host` and `port`
to `listen = http://localhost:8080`.
 2013-11-06 16:55:14 +01:00
Martin Zimmermann
6374d8a9e1 fix application profiling 2013-11-05 23:36:52 +01:00
Martin Zimmermann
0a247a7927 data-isso-prefix is now ony data-isso 2013-11-05 23:35:38 +01:00
Martin Zimmermann
33fb15e241 rename data-prefix to data-isso 2013-11-05 14:25:43 +01:00
Martin Zimmermann
af6695e935 lowercase MiddleWare and fix TypeError in Headers 2013-11-05 14:03:46 +01:00
Martin Zimmermann
4950e7dd4d add unittest for CORS headers 2013-11-05 13:08:21 +01:00
Martin Zimmermann
aa6665c8f0 fix endpoint detection when using require.js 2013-11-05 12:44:31 +01:00
Martin Zimmermann
8d1171df29 improve request decoding and json parsing 2013-11-05 12:44:16 +01:00
Martin Zimmermann
6691810316 handle cross-origin cookies with a custom header X-Set-Cookie, fix #24 
Cookies set from a different domain can not be read by JS executed in
the current domain. As a workaround, Isso sends both a Set-Cookie and
X-Set-Cookie header. The former is used by the browser to make the
HTTP request to the API, the latter is read by `embed.min.js` to
determine if a comment can be edited or deleted.

When a comment is deleted, the server sends an expired cookies in
Set-Cookie and X-Set-Cookie.
 2013-11-05 12:36:29 +01:00
Martin Zimmermann
05c8b571e2 requirejs-text now uses CORS XHR requests to static files 2013-11-05 01:11:53 +01:00
Martin Zimmermann
6126f0ec6f add CORS middleware to add CORS header to *all* requests 2013-11-05 01:11:28 +01:00
Martin Zimmermann
e14a04ab6c support for werkzeug 0.8 (Python2-only) 2013-11-04 01:13:29 +01:00
Martin Zimmermann
312578457b uwsgi can only cache bytes 2013-11-03 18:55:23 +01:00
Martin Zimmermann
cc2ac11850 inline CSS 2013-11-03 18:55:23 +01:00
Martin Zimmermann
d8a254c304 fix api endpoint detection 2013-11-03 18:55:20 +01:00
Martin Zimmermann
d59fc2ef8e handle OPTIONS request and return CORS headers 2013-11-03 15:18:04 +01:00
Martin Zimmermann
c581e0f05a cache email hash on comment creation 2013-11-03 12:39:51 +01:00
Martin Zimmermann
c567758d81 limit email length to 254 to avoid hash-DDoS 2013-11-03 12:35:33 +01:00
Martin Zimmermann
0473afe2db add profiling option to server configuration 2013-11-03 12:32:38 +01:00
Martin Zimmermann
3c193bef27 request remote_addr only when using the comment form 2013-11-02 18:41:00 +01:00
Martin Zimmermann
7e73986667 remove trailing slash from API endpoint, appendum to 8da9d0b 2013-11-02 18:39:40 +01:00
Martin Zimmermann
375b32a151 Merge branch 'feature/data-attributes' 2013-11-02 18:28:42 +01:00
Martin Zimmermann
8da9d0b13b override API location with data-prefix="..." 2013-11-02 18:26:33 +01:00
Martin Zimmermann
0d07515c18 override HTML title parsing with a data-title="... attribute 
If you don't use a <h1> to markup your post's title (but h2), it
is no longer possible to reliable detect the site's title.

E.g. you have a single page with only one <h1> and that's the
*real* title of that page. But on the other hand, it is also
possible, that the <h1> tag is just your website's name and the
actual post title is marked up in <h2>.
 2013-11-02 18:21:27 +01:00
Martin Zimmermann
fa496669e2 use lowercase [smtp] as written in the docs 2013-11-02 17:38:01 +01:00
Martin Zimmermann
54413dfcf3 add copyright header to embed.js (and it's MIT not BSD) 2013-11-02 15:31:17 +01:00
Martin Zimmermann
c5d52721c4 use cache.delete a) with an actual key and b) only on delete 2013-11-01 17:02:08 +01:00
Martin Zimmermann
2b7d263735 only create a reply box when needed 
Previously this led to unnecessary object creation which impacted the
rendering time (on my machine 200 comments -> 1200ms) just to create
the postbox per comment (just the object initialization)).
 2013-11-01 15:25:44 +01:00
Martin Zimmermann
cac4694f43 cache PBKDF2 hash, closes #18 
Markdown conversion is not the reason for 2s per 100 comments response,
the hash function is. When using the email/remote_addr from cache, the
response time is pretty fast.

* when uWSGI is available, use their caching framework

* for multi-threaded environment (the default), use a simple cache
  shipped with werkzeug
 2013-11-01 15:08:16 +01:00
Martin Zimmermann
74ab58167e replace abort(code) with proper exceptions and refactor request dispatch 2013-11-01 12:46:51 +01:00
Martin Zimmermann
2794734258 remove Jinja2 dependency 2013-11-01 12:26:39 +01:00
Martin Zimmermann
dea4c88162 remove admin interface fragments 2013-10-31 17:14:32 +01:00
Martin Zimmermann
2cac3f0567 detect Isso API endpoint when using *.dev.js script 2013-10-31 12:33:19 +01:00
Martin Zimmermann
e08e7be464 remove stale threads after all comments have been deleted 2013-10-31 11:08:00 +01:00
Martin Zimmermann
a658021f7e fix unittest for 1358fac and extend internal documentation 2013-10-31 10:44:46 +01:00
Martin Zimmermann
1358fac258 fix empty thread title due premature HTTP connection closing 2013-10-30 19:41:41 +01:00
Martin Zimmermann
55b6b283b8 use uWSGIs locking 2013-10-30 10:52:06 +01:00
Martin Zimmermann
9a8e0b524e build notify mail with first hostname 2013-10-30 10:06:28 +01:00
Martin Zimmermann
0c7a4e44f9 disable werkzeug connection log 2013-10-30 10:06:09 +01:00
Martin Zimmermann
1518bae5ba IE10 does not support classList on SVG elements m( 2013-10-30 00:24:32 +01:00
Martin Zimmermann
32f83160d6 config.js is not necessary in post.html 2013-10-29 23:12:44 +01:00
Martin Zimmermann
5689143c4a remove button no longer resets after 1.5s, part of #17 2013-10-29 18:46:08 +01:00
Martin Zimmermann
bbccfe9def include post.html in snapshot release and remove old css 2013-10-29 17:17:52 +01:00
Martin Zimmermann
876dd402a6 remove bootstrap 2013-10-29 17:07:25 +01:00
Martin Zimmermann
84da660ca9 update sample post 2013-10-29 17:06:46 +01:00
Martin Zimmermann
c3b6e0319e use SVG to render identicon so the browser can auto-resize the image 
Temporary fix for websites with small width, where the identicon
overlaps with the textarea field.
 2013-10-29 16:58:38 +01:00
Martin Zimmermann
b672dae624 allow multiple hosts, e.g. HTTP and HTTPS sites 2013-10-29 12:22:13 +01:00
Martin Zimmermann
cb40c7ca42 improve doctests and refactor title extraction 2013-10-29 12:01:45 +01:00
Martin Zimmermann
89b1ca8846 doctests for utils.anonymize(remote_addr) 2013-10-27 13:58:50 +01:00
Martin Zimmermann
527b349fbe use python's logging module 2013-10-27 13:40:18 +01:00
Martin Zimmermann
11293a504b utils.parse now returns a triple (host, port, ssl) 2013-10-27 12:48:34 +01:00
Martin Zimmermann
acbf42f89d fix SMTP connectivity test, appendum to a8d0670 2013-10-27 12:47:48 +01:00
Martin Zimmermann
94b1fef28e rewrite CONFIGURATION.md in reST and extend document 2013-10-27 12:44:59 +01:00
Martin Zimmermann
2db98d0d34 move http utils in separate module 2013-10-24 14:38:43 +02:00
Martin Zimmermann
48b4c9f9a5 purge comments in moderation queue after given time, closes #13 2013-10-24 14:38:40 +02:00
Martin Zimmermann
a8d0670db7 fix PEP-8 minors 2013-10-24 11:56:48 +02:00
Martin Zimmermann
4f5b247ed1 delete comments via mail 2013-10-21 17:40:03 +02:00
Martin Zimmermann
5b52cbdfa6 skip empty Disqus threads 2013-10-19 12:45:10 +02:00
Martin Zimmermann
66ade6df14 remove semantic article, header and footer tags to avoid CSS collisions 2013-10-19 11:38:16 +02:00
Martin Zimmermann
b691579bad test if #isso-thread exists 2013-10-13 23:33:06 +02:00
Martin Zimmermann
5d0cad4272 use proper email header encoding 2013-10-13 15:52:50 +02:00
Martin Zimmermann
e8d62e5db1 fix import regression from 11246f5 2013-10-13 15:34:26 +02:00
Martin Zimmermann
a2c3ecb131 remove behave.js 2013-10-13 15:06:43 +02:00
Martin Zimmermann
11246f51dc support for moderated comments, part of #13 
* add moderated = true to your configuration (defaults to false)
* comment activation via email to the Isso owner
 2013-10-13 15:02:42 +02:00
Martin Zimmermann
79f8c1157e show N days ago instead of previous week 2013-10-13 12:58:48 +02:00
Martin Zimmermann
61a486d2ea support for Python 3.3 2013-10-09 16:33:49 +02:00
Martin Zimmermann
f9133b984e use configparser backport to support python2.6 again 2013-10-09 15:49:12 +02:00
Martin Zimmermann
988d2032c5 replace blank identicon with ghosts 2013-10-09 15:33:31 +02:00
Martin Zimmermann
2557c02117 Merge branch 'feature/spam-guard' 2013-10-06 19:55:44 +02:00
Martin Zimmermann
1034d5016e document app/dom.js 2013-10-06 19:55:18 +02:00
Martin Zimmermann
8967fd733e hide reply button when it is not possible to reply 2013-10-06 19:46:04 +02:00
Martin Zimmermann
ab618ad898 add basic spam protection 2013-10-06 18:37:05 +02:00
Martin Zimmermann
6eab8ad5ca support for uWSGI 
* naive uWSGI fallback which spawns one thread per request and
  one thread per mail notification
* uWSGI backend which utilize queues and spooling to handle
  simultanous requests and mail notifications

This also fixes a bug where N concurrent POSTs on a new topic
failed for N-1 requests (db integrity error).
 2013-10-06 15:36:38 +02:00
Martin Zimmermann
9ce965440a toggle next state, when submit was succesful 2013-10-04 18:00:17 +02:00
Martin Zimmermann
0abb8ed658 remove edit and remove buttons when cookie is gone 2013-10-04 18:00:13 +02:00
Martin Zimmermann
0b8cac7f18 implement comment editing 2013-10-03 18:56:36 +02:00
Martin Zimmermann
6242d243c9 update cookie after editing a comment 2013-10-03 18:12:59 +02:00
Martin Zimmermann
75f172f4ae textarea auto resize 2013-10-03 14:17:09 +02:00
Martin Zimmermann
80e8ce7e25 more i18n 2013-10-03 13:50:30 +02:00
Martin Zimmermann
57a16acff4 use promise lib correctly 2013-10-03 13:50:30 +02:00
Martin Zimmermann
e4f9b53668 minor CSS improvement to input and submit fields 2013-10-03 13:50:27 +02:00
Martin Zimmermann
2f6f4bc338 stylesheet injection 2013-10-02 16:18:55 +02:00
Martin Zimmermann
de25af5467 exclude svgs from count.min.js 2013-10-02 16:18:35 +02:00
Martin Zimmermann
fd18ea9eab split i18n messages 2013-10-02 16:17:25 +02:00
Martin Zimmermann
ef463eb517 API endpoint detection for count.min.js 2013-10-02 16:16:08 +02:00
Martin Zimmermann
a7cc1cdf4d move scss to isso/css/ 2013-10-02 16:15:43 +02:00
Martin Zimmermann
b1e33bdce5 split 3rd-party packages to vendor and components 
Then, use bower to fetch components and put libraries not
available as (web) component into vendor/.

Move crypto parts and identicon generation modules into app/lib.
 2013-10-02 14:26:06 +02:00
Martin Zimmermann
b36e2fdb28 COMMIT ALL THE THINGS 
* refactor JS (a lot)
* use a CSS framework (neat/bourbon), because CSS is hard
* up/downvote comments
* cleaner HTML
* HTML inclusion in JS
* SVG icons for reference, up and downvote
* basic i18n: english and german supported ootb
* lazy (because slow) client-side identicon generation (preview ability)
* removed website input field for no particular reason
* remove HTML.js in favour of a homebrew DOM manipulation tool
 2013-10-01 14:47:01 +02:00
Martin Zimmermann
4f03b3faf9 re-license to MIT 2013-09-19 18:44:40 +02:00
Martin Zimmermann
560e73cc0a rewrite db backend 2013-09-19 18:44:37 +02:00
Martin Zimmermann
52f64dd26f improve url exists detection for new comment threads 2013-09-13 19:52:53 +02:00
Martin Zimmermann
30fa254023 connect to SMTP on-demand 2013-09-13 19:51:56 +02:00
Martin Zimmermann
98ab6d205a anonymize IP if passed as ::ffff.1.2.3.4 correctly 2013-09-13 18:30:51 +02:00
Martin Zimmermann
88a7d40bea send null instead of the empty string 2013-09-13 18:24:24 +02:00
Martin Zimmermann
b744e2fe39 use SSL for https:// 2013-09-13 18:12:32 +02:00
Martin Zimmermann
3eeb686d5f update stylesheet link 2013-09-13 16:15:14 +02:00
Martin Zimmermann
2ee47bd902 return 404 when creating a comment for a non-existing URI 2013-09-13 16:14:13 +02:00
Martin Zimmermann
021b672ee2 use only first 3 bytes from an IPv6 address 2013-09-13 16:13:45 +02:00