Mercurial Hosting > nabble

comparison src/nabble/view/web/template/NodePageNamespace.java @ 0:7ecd1a4ef557

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add content
author Franklin Schmidt <fschmidt@gmail.com>
date Thu, 21 Mar 2019 19:15:52 -0600
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:7ecd1a4ef557
1 package nabble.view.web.template;
2
3 import fschmidt.db.DbDatabase;
4 import nabble.model.FileUpload;
5 import nabble.model.Message;
6 import nabble.model.ModelException;
7 import nabble.model.Node;
8 import nabble.model.Person;
9 import nabble.naml.compiler.Command;
10 import nabble.naml.compiler.CommandSpec;
11 import nabble.naml.compiler.IPrintWriter;
12 import nabble.naml.compiler.Interpreter;
13 import nabble.naml.compiler.Namespace;
14 import nabble.naml.compiler.ScopedInterpreter;
15 import nabble.naml.namespaces.TemplateException;
16 import nabble.view.lib.Jtp;
17 import nabble.view.lib.Permissions;
18 import nabble.view.web.forum.NodeEditorNamespace;
19 import nabble.view.web.forum.SearchNamespace;
20 import org.slf4j.Logger;
21 import org.slf4j.LoggerFactory;
22
23 import javax.servlet.ServletException;
24 import javax.servlet.http.HttpServletRequest;
25 import java.util.Date;
26 import java.util.Random;
27
28
29 @Namespace (
30 name = "node_page",
31 global = true
32 )
33 public final class NodePageNamespace {
34
35 private static final Logger logger = LoggerFactory.getLogger(NodePageNamespace.class);
36
37 private NodeNamespace nodeNs;
38
39 public NodePageNamespace(Node node) {
40 this(new NodeNamespace(node));
41 }
42
43 public NodePageNamespace(NodeNamespace nodeNs) {
44 this.nodeNs = nodeNs;
45 }
46
47 public final Node node() {
48 return nodeNs.node();
49 }
50
51 public final NodeNamespace nodeNamespace() {
52 return nodeNs;
53 }
54
55 private DbDatabase db() {
56 return node().getSite().getDb();
57 }
58
59
60 public static final CommandSpec page_node = CommandSpec.DO;
61
62 @Command public void page_node(IPrintWriter out,ScopedInterpreter<NodeNamespace> interp) {
63 out.print( interp.getArg(nodeNs,"do") );
64 }
65
66 public static final CommandSpec search_namespace = CommandSpec.DO()
67 .requiredInStack(ServletNamespace.class)
68 .build()
69 ;
70
71 @Command public void search_namespace(IPrintWriter out,ScopedInterpreter<SearchNamespace> interp)
72 throws ServletException
73 {
74 ServletNamespace servletNamespace = interp.getFromStack(ServletNamespace.class);
75 out.print( interp.getArg(new SearchNamespace(node(),servletNamespace),"do") );
76 }
77
78
79 public static final CommandSpec edit_page_node = CommandSpec.DO()
80 .optionalParameters("commit")
81 .requiredInStack(ServletNamespace.class)
82 .build()
83 ;
84
85 @Command public void edit_page_node(IPrintWriter out,ScopedInterpreter<NodeEditorNamespace> interp) {
86 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
87 boolean commit = interp.getArgAsBoolean("commit",true);
88 DbDatabase db = db();
89 db.beginTransaction();
90 try {
91 nodeNs.refreshNode();
92 interp.getArgString(new NodeEditorNamespace(node(),servletNs),"do");
93 if( commit ) {
94 db.commitTransaction();
95 nodeNs.refreshNode();
96 }
97 } finally {
98 db.endTransaction();
99 }
100 }
101
102
103 public static final CommandSpec create_child_of_page_node = CommandSpec.DO()
104 .parameters("subject","message","is_html","kind")
105 .optionalParameters("commit","type")
106 .restrictedParameter("kind","app","post")
107 .requiredInStack(ServletNamespace.class)
108 .build()
109 ;
110
111 @Command public void create_child_of_page_node(IPrintWriter out,ScopedInterpreter<NodeEditorNamespace> interp)
112 throws ModelException, ServletException
113 {
114 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
115 HttpServletRequest request = servletNs.request;
116 boolean commit = interp.getArgAsBoolean("commit",true);
117 String subject = interp.getArgString("subject");
118 String message = interp.getArgString("message");
119 Message.Format msgFmt = interp.getArgAsBoolean("is_html",false) ? Message.Format.HTML : Message.Format.TEXT;
120 String type = interp.getArgString("type");
121 Node.Kind kind = "app".equals(interp.getArgString("kind"))? Node.Kind.APP : Node.Kind.POST;
122 Person visitor = servletNs.getVisitor();
123 DbDatabase db = db();
124 db.beginTransaction();
125 try {
126 nodeNs.refreshNode();
127 Node node = node();
128 Node newNode = visitor.newChildNode(kind,subject,message,msgFmt,node);
129 FileUpload.checkFileTags(newNode.getMessage(), visitor);
130 if (type != null)
131 newNode.setType(type);
132 interp.getArgString(new NodeEditorNamespace(newNode,servletNs),"do");
133 if( commit ) {
134 db.commitTransaction();
135 nodeNs.refreshNode();
136 }
137 } finally {
138 db.endTransaction();
139 }
140 }
141
142 private static final long TWO_HOURS = 2 * 60 * 60 * 1000;
143
144 @Command public void should_show_creation_notice(IPrintWriter out,Interpreter interp) {
145 long created = node().getWhenCreated().getTime();
146 out.print( System.currentTimeMillis() - created < TWO_HOURS );
147 }
148
149
150 //
151 // Spambot security checker
152 //
153 private static final byte SUBMIT_POSSIBILITIES = 10;
154 private static final long START = new Date().getTime();
155 private static final long FIVE_MINUTES = 5 * 60 * 1000;
156 private static final Random SECURITY_RND = new Random();
157
158 public static final CommandSpec antispam_submit_button = CommandSpec.DO()
159 .parameters("class", "value")
160 .requiredInStack(ServletNamespace.class)
161 .build()
162 ;
163
164 @Command public void antispam_submit_button(IPrintWriter out,Interpreter interp) {
165 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
166 HttpServletRequest request = servletNs.request;
167
168 String className = interp.getArgString("class");
169 String value = interp.getArgString("value");
170
171 Byte goodIndex = (byte) SECURITY_RND.nextInt(SUBMIT_POSSIBILITIES);
172 request.getSession().setAttribute("sec"+node().getId(), goodIndex);
173 for (byte i = 0; i < SUBMIT_POSSIBILITIES; i++) {
174 out.print("<input id=\"s" + i + "\" type=\"submit\" class=\""+ className + "\" value=\"" + value + "\" name=\"s" + i + "\" style=\"display:none\"/>");
175 }
176 String elementId = "s" + goodIndex;
177 StringBuilder bufValue = new StringBuilder();
178 for (int i = 0; i < elementId.length(); i++) {
179 if (bufValue.length() > 0)
180 bufValue.append(',');
181 bufValue.append((int) elementId.charAt(i));
182 }
183 out.print("<script type='text/javascript'>");
184 out.print("var sv=String.fromCharCode("+ bufValue.toString() +");");
185 out.print("document.getElementById(sv).style.display='inline-block';");
186 out.print("</script>");
187 }
188
189 public static final CommandSpec check_antispam_submit = CommandSpec.DO()
190 .optionalParameters("bypass")
191 .requiredInStack(ServletNamespace.class)
192 .build()
193 ;
194
195 @Command public void check_antispam_submit(IPrintWriter out,Interpreter interp)
196 throws TemplateException
197 {
198 ServletNamespace servletNs = interp.getFromStack(ServletNamespace.class);
199 HttpServletRequest request = servletNs.request;
200
201 String bypass = interp.getArgString("bypass");
202 if (bypass != null && request.getParameter(bypass) != null)
203 return;
204
205 String attributeName = "sec"+node().getId();
206 Byte goodIndex = (Byte) request.getSession().getAttribute(attributeName);
207 boolean isSafe = goodIndex != null;
208 if (isSafe) {
209 for (int i= 0; i < SUBMIT_POSSIBILITIES; i++) {
210 String param = request.getParameter("s"+i);
211 if (i == goodIndex)
212 isSafe = isSafe && param != null;
213 else
214 isSafe = isSafe && param == null;
215 }
216 }
217 request.getSession().removeAttribute(attributeName);
218 if (!isSafe) {
219 long now = new Date().getTime();
220 if (now - START > FIVE_MINUTES) {
221 logger.error("suspicious_request - IP: " + Jtp.getClientIpAddr(request));
222 throw TemplateException.newInstance("suspicious_request");
223 }
224 }
225 }
226 }