|
0
|
1 package nabble.view.web.template;
|
|
|
2
|
|
|
3 import fschmidt.db.DbDatabase;
|
|
|
4 import nabble.model.FileUpload;
|
|
|
5 import nabble.model.Message;
|
|
|
6 import nabble.model.ModelException;
|
|
|
7 import nabble.model.Node;
|
|
|
8 import nabble.model.Person;
|
|
|
9 import nabble.naml.compiler.Command;
|
|
|
10 import nabble.naml.compiler.CommandSpec;
|
|
|
11 import nabble.naml.compiler.IPrintWriter;
|
|
|
12 import nabble.naml.compiler.Interpreter;
|
|
|
13 import nabble.naml.compiler.Namespace;
|
|
|
14 import nabble.naml.compiler.ScopedInterpreter;
|
|
|
15 import nabble.naml.namespaces.TemplateException;
|
|
|
16 import nabble.view.lib.Jtp;
|
|
|
17 import nabble.view.lib.Permissions;
|
|
|
18 import nabble.view.web.forum.NodeEditorNamespace;
|
|
|
19 import nabble.view.web.forum.SearchNamespace;
|
|
|
20 import org.slf4j.Logger;
|
|
|
21 import org.slf4j.LoggerFactory;
|
|
|
22
|
|
|
23 import javax.servlet.ServletException;
|
|
|
24 import javax.servlet.http.HttpServletRequest;
|
|
|
25 import java.util.Date;
|
|
|
26 import java.util.Random;
|
|
|
27
|
|
|
28
|
|
|
29 @Namespace (
|
|
|
30 name = "node_page",
|
|
|
31 global = true
|
|
|
32 )
|
|
|
33 public final class NodePageNamespace {
|
|
|
34
|
|
|
35 private static final Logger logger = LoggerFactory.getLogger(NodePageNamespace.class);
|
|
|
36
|
|
|
37 private NodeNamespace nodeNs;
|
|
|
38
|
|
|
39 public NodePageNamespace(Node node) {
|
|
|
40 this(new NodeNamespace(node));
|
|
|
41 }
|
|
|
42
|
|
|
43 public NodePageNamespace(NodeNamespace nodeNs) {
|
|
|
44 this.nodeNs = nodeNs;
|
|
|
45 }
|
|
|
46
|
|
|
47 public final Node node() {
|
|
|
48 return nodeNs.node();
|
|
|
49 }
|
|
|
50
|
|
|
51 public final NodeNamespace nodeNamespace() {
|
|
|
52 return nodeNs;
|
|
|
53 }
|
|
|
54
|
|
|
55 private DbDatabase db() {
|
|
|
56 return node().getSite().getDb();
|
|
|
57 }
|
|
|
58
|
|
|
59
|
|
|
60 public static final CommandSpec page_node = CommandSpec.DO;
|
|
|
61
|
|
|
62 @Command public void page_node(IPrintWriter out,ScopedInterpreter<NodeNamespace> interp) {
|
|
|
63 out.print( interp.getArg(nodeNs,"do") );
|
|
|
64 }
|
|
|
65
|
|
|
66 public static final CommandSpec search_namespace = CommandSpec.DO()
|
|
|
67 .requiredInStack(ServletNamespace.class)
|
|
|
68 .build()
|
|
|
69 ;
|
|
|
70
|
|
|
71 @Command public void search_namespace(IPrintWriter out,ScopedInterpreter<SearchNamespace> interp)
|
|
|
72 throws ServletException
|
|
|
73 {
|
|
|
74 ServletNamespace servletNamespace = interp.getFromStack(ServletNamespace.class);
|
|
|
75 out.print( interp.getArg(new SearchNamespace(node(),servletNamespace),"do") );
|
|
|
76 }
|
|
|
77
|
|
|
78
|
|
|
79 public static final CommandSpec edit_page_node = CommandSpec.DO()
|
|
|
80 .optionalParameters("commit")
|
|
|
81 .requiredInStack(ServletNamespace.class)
|
|
|
82 .build()
|
|
|
83 ;
|
|
|
84
|
|
|
85 @Command public void edit_page_node(IPrintWriter out,ScopedInterpreter<NodeEditorNamespace> interp) {
|
|
|
86 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
|
|
|
87 boolean commit = interp.getArgAsBoolean("commit",true);
|
|
|
88 DbDatabase db = db();
|
|
|
89 db.beginTransaction();
|
|
|
90 try {
|
|
|
91 nodeNs.refreshNode();
|
|
|
92 interp.getArgString(new NodeEditorNamespace(node(),servletNs),"do");
|
|
|
93 if( commit ) {
|
|
|
94 db.commitTransaction();
|
|
|
95 nodeNs.refreshNode();
|
|
|
96 }
|
|
|
97 } finally {
|
|
|
98 db.endTransaction();
|
|
|
99 }
|
|
|
100 }
|
|
|
101
|
|
|
102
|
|
|
103 public static final CommandSpec create_child_of_page_node = CommandSpec.DO()
|
|
|
104 .parameters("subject","message","is_html","kind")
|
|
|
105 .optionalParameters("commit","type")
|
|
|
106 .restrictedParameter("kind","app","post")
|
|
|
107 .requiredInStack(ServletNamespace.class)
|
|
|
108 .build()
|
|
|
109 ;
|
|
|
110
|
|
|
111 @Command public void create_child_of_page_node(IPrintWriter out,ScopedInterpreter<NodeEditorNamespace> interp)
|
|
|
112 throws ModelException, ServletException
|
|
|
113 {
|
|
|
114 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
|
|
|
115 HttpServletRequest request = servletNs.request;
|
|
|
116 boolean commit = interp.getArgAsBoolean("commit",true);
|
|
|
117 String subject = interp.getArgString("subject");
|
|
|
118 String message = interp.getArgString("message");
|
|
|
119 Message.Format msgFmt = interp.getArgAsBoolean("is_html",false) ? Message.Format.HTML : Message.Format.TEXT;
|
|
|
120 String type = interp.getArgString("type");
|
|
|
121 Node.Kind kind = "app".equals(interp.getArgString("kind"))? Node.Kind.APP : Node.Kind.POST;
|
|
|
122 Person visitor = servletNs.getVisitor();
|
|
|
123 DbDatabase db = db();
|
|
|
124 db.beginTransaction();
|
|
|
125 try {
|
|
|
126 nodeNs.refreshNode();
|
|
|
127 Node node = node();
|
|
|
128 Node newNode = visitor.newChildNode(kind,subject,message,msgFmt,node);
|
|
|
129 FileUpload.checkFileTags(newNode.getMessage(), visitor);
|
|
|
130 if (type != null)
|
|
|
131 newNode.setType(type);
|
|
|
132 interp.getArgString(new NodeEditorNamespace(newNode,servletNs),"do");
|
|
|
133 if( commit ) {
|
|
|
134 db.commitTransaction();
|
|
|
135 nodeNs.refreshNode();
|
|
|
136 }
|
|
|
137 } finally {
|
|
|
138 db.endTransaction();
|
|
|
139 }
|
|
|
140 }
|
|
|
141
|
|
|
142 private static final long TWO_HOURS = 2 * 60 * 60 * 1000;
|
|
|
143
|
|
|
144 @Command public void should_show_creation_notice(IPrintWriter out,Interpreter interp) {
|
|
|
145 long created = node().getWhenCreated().getTime();
|
|
|
146 out.print( System.currentTimeMillis() - created < TWO_HOURS );
|
|
|
147 }
|
|
|
148
|
|
|
149
|
|
|
150 //
|
|
|
151 // Spambot security checker
|
|
|
152 //
|
|
|
153 private static final byte SUBMIT_POSSIBILITIES = 10;
|
|
|
154 private static final long START = new Date().getTime();
|
|
|
155 private static final long FIVE_MINUTES = 5 * 60 * 1000;
|
|
|
156 private static final Random SECURITY_RND = new Random();
|
|
|
157
|
|
|
158 public static final CommandSpec antispam_submit_button = CommandSpec.DO()
|
|
|
159 .parameters("class", "value")
|
|
|
160 .requiredInStack(ServletNamespace.class)
|
|
|
161 .build()
|
|
|
162 ;
|
|
|
163
|
|
|
164 @Command public void antispam_submit_button(IPrintWriter out,Interpreter interp) {
|
|
|
165 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
|
|
|
166 HttpServletRequest request = servletNs.request;
|
|
|
167
|
|
|
168 String className = interp.getArgString("class");
|
|
|
169 String value = interp.getArgString("value");
|
|
|
170
|
|
|
171 Byte goodIndex = (byte) SECURITY_RND.nextInt(SUBMIT_POSSIBILITIES);
|
|
|
172 request.getSession().setAttribute("sec"+node().getId(), goodIndex);
|
|
|
173 for (byte i = 0; i < SUBMIT_POSSIBILITIES; i++) {
|
|
|
174 out.print("<input id=\"s" + i + "\" type=\"submit\" class=\""+ className + "\" value=\"" + value + "\" name=\"s" + i + "\" style=\"display:none\"/>");
|
|
|
175 }
|
|
|
176 String elementId = "s" + goodIndex;
|
|
|
177 StringBuilder bufValue = new StringBuilder();
|
|
|
178 for (int i = 0; i < elementId.length(); i++) {
|
|
|
179 if (bufValue.length() > 0)
|
|
|
180 bufValue.append(',');
|
|
|
181 bufValue.append((int) elementId.charAt(i));
|
|
|
182 }
|
|
|
183 out.print("<script type='text/javascript'>");
|
|
|
184 out.print("var sv=String.fromCharCode("+ bufValue.toString() +");");
|
|
|
185 out.print("document.getElementById(sv).style.display='inline-block';");
|
|
|
186 out.print("</script>");
|
|
|
187 }
|
|
|
188
|
|
|
189 public static final CommandSpec check_antispam_submit = CommandSpec.DO()
|
|
|
190 .optionalParameters("bypass")
|
|
|
191 .requiredInStack(ServletNamespace.class)
|
|
|
192 .build()
|
|
|
193 ;
|
|
|
194
|
|
|
195 @Command public void check_antispam_submit(IPrintWriter out,Interpreter interp)
|
|
|
196 throws TemplateException
|
|
|
197 {
|
|
|
198 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
|
|
|
199 HttpServletRequest request = servletNs.request;
|
|
|
200
|
|
|
201 String bypass = interp.getArgString("bypass");
|
|
|
202 if (bypass != null && request.getParameter(bypass) != null)
|
|
|
203 return;
|
|
|
204
|
|
|
205 String attributeName = "sec"+node().getId();
|
|
|
206 Byte goodIndex = (Byte) request.getSession().getAttribute(attributeName);
|
|
|
207 boolean isSafe = goodIndex != null;
|
|
|
208 if (isSafe) {
|
|
|
209 for (int i= 0; i < SUBMIT_POSSIBILITIES; i++) {
|
|
|
210 String param = request.getParameter("s"+i);
|
|
|
211 if (i == goodIndex)
|
|
|
212 isSafe = isSafe && param != null;
|
|
|
213 else
|
|
|
214 isSafe = isSafe && param == null;
|
|
|
215 }
|
|
|
216 }
|
|
|
217 request.getSession().removeAttribute(attributeName);
|
|
|
218 if (!isSafe) {
|
|
|
219 long now = new Date().getTime();
|
|
|
220 if (now - START > FIVE_MINUTES) {
|
|
|
221 logger.error("suspicious_request - IP: " + Jtp.getClientIpAddr(request));
|
|
|
222 throw TemplateException.newInstance("suspicious_request");
|
|
|
223 }
|
|
|
224 }
|
|
|
225 }
|
|
|
226 }
|
