Mercurial Hosting > nabble
comparison src/nabble/view/web/template/NodePageNamespace.java @ 0:7ecd1a4ef557
add content
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Thu, 21 Mar 2019 19:15:52 -0600 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:7ecd1a4ef557 |
---|---|
1 package nabble.view.web.template; | |
2 | |
3 import fschmidt.db.DbDatabase; | |
4 import nabble.model.FileUpload; | |
5 import nabble.model.Message; | |
6 import nabble.model.ModelException; | |
7 import nabble.model.Node; | |
8 import nabble.model.Person; | |
9 import nabble.naml.compiler.Command; | |
10 import nabble.naml.compiler.CommandSpec; | |
11 import nabble.naml.compiler.IPrintWriter; | |
12 import nabble.naml.compiler.Interpreter; | |
13 import nabble.naml.compiler.Namespace; | |
14 import nabble.naml.compiler.ScopedInterpreter; | |
15 import nabble.naml.namespaces.TemplateException; | |
16 import nabble.view.lib.Jtp; | |
17 import nabble.view.lib.Permissions; | |
18 import nabble.view.web.forum.NodeEditorNamespace; | |
19 import nabble.view.web.forum.SearchNamespace; | |
20 import org.slf4j.Logger; | |
21 import org.slf4j.LoggerFactory; | |
22 | |
23 import javax.servlet.ServletException; | |
24 import javax.servlet.http.HttpServletRequest; | |
25 import java.util.Date; | |
26 import java.util.Random; | |
27 | |
28 | |
29 @Namespace ( | |
30 name = "node_page", | |
31 global = true | |
32 ) | |
33 public final class NodePageNamespace { | |
34 | |
35 private static final Logger logger = LoggerFactory.getLogger(NodePageNamespace.class); | |
36 | |
37 private NodeNamespace nodeNs; | |
38 | |
39 public NodePageNamespace(Node node) { | |
40 this(new NodeNamespace(node)); | |
41 } | |
42 | |
43 public NodePageNamespace(NodeNamespace nodeNs) { | |
44 this.nodeNs = nodeNs; | |
45 } | |
46 | |
47 public final Node node() { | |
48 return nodeNs.node(); | |
49 } | |
50 | |
51 public final NodeNamespace nodeNamespace() { | |
52 return nodeNs; | |
53 } | |
54 | |
55 private DbDatabase db() { | |
56 return node().getSite().getDb(); | |
57 } | |
58 | |
59 | |
60 public static final CommandSpec page_node = CommandSpec.DO; | |
61 | |
62 @Command public void page_node(IPrintWriter out,ScopedInterpreter<NodeNamespace> interp) { | |
63 out.print( interp.getArg(nodeNs,"do") ); | |
64 } | |
65 | |
66 public static final CommandSpec search_namespace = CommandSpec.DO() | |
67 .requiredInStack(ServletNamespace.class) | |
68 .build() | |
69 ; | |
70 | |
71 @Command public void search_namespace(IPrintWriter out,ScopedInterpreter<SearchNamespace> interp) | |
72 throws ServletException | |
73 { | |
74 ServletNamespace servletNamespace = interp.getFromStack(ServletNamespace.class); | |
75 out.print( interp.getArg(new SearchNamespace(node(),servletNamespace),"do") ); | |
76 } | |
77 | |
78 | |
79 public static final CommandSpec edit_page_node = CommandSpec.DO() | |
80 .optionalParameters("commit") | |
81 .requiredInStack(ServletNamespace.class) | |
82 .build() | |
83 ; | |
84 | |
85 @Command public void edit_page_node(IPrintWriter out,ScopedInterpreter<NodeEditorNamespace> interp) { | |
86 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class); | |
87 boolean commit = interp.getArgAsBoolean("commit",true); | |
88 DbDatabase db = db(); | |
89 db.beginTransaction(); | |
90 try { | |
91 nodeNs.refreshNode(); | |
92 interp.getArgString(new NodeEditorNamespace(node(),servletNs),"do"); | |
93 if( commit ) { | |
94 db.commitTransaction(); | |
95 nodeNs.refreshNode(); | |
96 } | |
97 } finally { | |
98 db.endTransaction(); | |
99 } | |
100 } | |
101 | |
102 | |
103 public static final CommandSpec create_child_of_page_node = CommandSpec.DO() | |
104 .parameters("subject","message","is_html","kind") | |
105 .optionalParameters("commit","type") | |
106 .restrictedParameter("kind","app","post") | |
107 .requiredInStack(ServletNamespace.class) | |
108 .build() | |
109 ; | |
110 | |
111 @Command public void create_child_of_page_node(IPrintWriter out,ScopedInterpreter<NodeEditorNamespace> interp) | |
112 throws ModelException, ServletException | |
113 { | |
114 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class); | |
115 HttpServletRequest request = servletNs.request; | |
116 boolean commit = interp.getArgAsBoolean("commit",true); | |
117 String subject = interp.getArgString("subject"); | |
118 String message = interp.getArgString("message"); | |
119 Message.Format msgFmt = interp.getArgAsBoolean("is_html",false) ? Message.Format.HTML : Message.Format.TEXT; | |
120 String type = interp.getArgString("type"); | |
121 Node.Kind kind = "app".equals(interp.getArgString("kind"))? Node.Kind.APP : Node.Kind.POST; | |
122 Person visitor = servletNs.getVisitor(); | |
123 DbDatabase db = db(); | |
124 db.beginTransaction(); | |
125 try { | |
126 nodeNs.refreshNode(); | |
127 Node node = node(); | |
128 Node newNode = visitor.newChildNode(kind,subject,message,msgFmt,node); | |
129 FileUpload.checkFileTags(newNode.getMessage(), visitor); | |
130 if (type != null) | |
131 newNode.setType(type); | |
132 interp.getArgString(new NodeEditorNamespace(newNode,servletNs),"do"); | |
133 if( commit ) { | |
134 db.commitTransaction(); | |
135 nodeNs.refreshNode(); | |
136 } | |
137 } finally { | |
138 db.endTransaction(); | |
139 } | |
140 } | |
141 | |
142 private static final long TWO_HOURS = 2 * 60 * 60 * 1000; | |
143 | |
144 @Command public void should_show_creation_notice(IPrintWriter out,Interpreter interp) { | |
145 long created = node().getWhenCreated().getTime(); | |
146 out.print( System.currentTimeMillis() - created < TWO_HOURS ); | |
147 } | |
148 | |
149 | |
150 // | |
151 // Spambot security checker | |
152 // | |
153 private static final byte SUBMIT_POSSIBILITIES = 10; | |
154 private static final long START = new Date().getTime(); | |
155 private static final long FIVE_MINUTES = 5 * 60 * 1000; | |
156 private static final Random SECURITY_RND = new Random(); | |
157 | |
158 public static final CommandSpec antispam_submit_button = CommandSpec.DO() | |
159 .parameters("class", "value") | |
160 .requiredInStack(ServletNamespace.class) | |
161 .build() | |
162 ; | |
163 | |
164 @Command public void antispam_submit_button(IPrintWriter out,Interpreter interp) { | |
165 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class); | |
166 HttpServletRequest request = servletNs.request; | |
167 | |
168 String className = interp.getArgString("class"); | |
169 String value = interp.getArgString("value"); | |
170 | |
171 Byte goodIndex = (byte) SECURITY_RND.nextInt(SUBMIT_POSSIBILITIES); | |
172 request.getSession().setAttribute("sec"+node().getId(), goodIndex); | |
173 for (byte i = 0; i < SUBMIT_POSSIBILITIES; i++) { | |
174 out.print("<input id=\"s" + i + "\" type=\"submit\" class=\""+ className + "\" value=\"" + value + "\" name=\"s" + i + "\" style=\"display:none\"/>"); | |
175 } | |
176 String elementId = "s" + goodIndex; | |
177 StringBuilder bufValue = new StringBuilder(); | |
178 for (int i = 0; i < elementId.length(); i++) { | |
179 if (bufValue.length() > 0) | |
180 bufValue.append(','); | |
181 bufValue.append((int) elementId.charAt(i)); | |
182 } | |
183 out.print("<script type='text/javascript'>"); | |
184 out.print("var sv=String.fromCharCode("+ bufValue.toString() +");"); | |
185 out.print("document.getElementById(sv).style.display='inline-block';"); | |
186 out.print("</script>"); | |
187 } | |
188 | |
189 public static final CommandSpec check_antispam_submit = CommandSpec.DO() | |
190 .optionalParameters("bypass") | |
191 .requiredInStack(ServletNamespace.class) | |
192 .build() | |
193 ; | |
194 | |
195 @Command public void check_antispam_submit(IPrintWriter out,Interpreter interp) | |
196 throws TemplateException | |
197 { | |
198 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class); | |
199 HttpServletRequest request = servletNs.request; | |
200 | |
201 String bypass = interp.getArgString("bypass"); | |
202 if (bypass != null && request.getParameter(bypass) != null) | |
203 return; | |
204 | |
205 String attributeName = "sec"+node().getId(); | |
206 Byte goodIndex = (Byte) request.getSession().getAttribute(attributeName); | |
207 boolean isSafe = goodIndex != null; | |
208 if (isSafe) { | |
209 for (int i= 0; i < SUBMIT_POSSIBILITIES; i++) { | |
210 String param = request.getParameter("s"+i); | |
211 if (i == goodIndex) | |
212 isSafe = isSafe && param != null; | |
213 else | |
214 isSafe = isSafe && param == null; | |
215 } | |
216 } | |
217 request.getSession().removeAttribute(attributeName); | |
218 if (!isSafe) { | |
219 long now = new Date().getTime(); | |
220 if (now - START > FIVE_MINUTES) { | |
221 logger.error("suspicious_request - IP: " + Jtp.getClientIpAddr(request)); | |
222 throw TemplateException.newInstance("suspicious_request"); | |
223 } | |
224 } | |
225 } | |
226 } |