Add support for multiple websites, contents, etc.

main
Elnu 2 years ago
parent 0de8921306
commit 5d70793e2b

845
Cargo.lock generated

File diff suppressed because it is too large Load Diff

@ -19,3 +19,5 @@ serde_json = "1"
validator = { version = "0.15.0", features = ["derive"] } validator = { version = "0.15.0", features = ["derive"] }
md5 = "0.7.0" md5 = "0.7.0"
chrono = { version = "0.4.19", features = ["serde"] } chrono = { version = "0.4.19", features = ["serde"] }
reqwest = "0.11.11"
scraper = "0.13.0"

@ -0,0 +1,8 @@
<meta name="soudan-content-id" content="a">
<link rel="stylesheet" href="https://unpkg.com/sakura.css/css/sakura-dark.css" type="text/css">
<link rel="stylesheet" href="/style.css">
<h1>Page A</h1>
<p>This is Page A.</p>
<div id="soudan"></div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="/soudan.js"></script>

@ -0,0 +1,8 @@
<meta name="soudan-content-id" content="b">
<link rel="stylesheet" href="https://unpkg.com/sakura.css/css/sakura-dark.css" type="text/css">
<link rel="stylesheet" href="/style.css">
<h1>Page B</h1>
<p>This is Page B.</h2>
<div id="soudan"></div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="/soudan.js"></script>

@ -1,14 +1,10 @@
<meta name="soudan-content-id" content="test">
<link rel="stylesheet" href="https://unpkg.com/sakura.css/css/sakura-dark.css" type="text/css"> <link rel="stylesheet" href="https://unpkg.com/sakura.css/css/sakura-dark.css" type="text/css">
<link rel="stylesheet" href="style.css"> <link rel="stylesheet" href="/style.css">
<h3>Make a comment</h3> <h1>Soudan demo</h1>
<form id="commentForm"> <p>Welcome to the Soudan demo!</h1>
<label for="author">Name:</label> <input type="text" id="author" name="author" placeholder="Anonymous"> <p>Check out the following example pages, each with their own comment section:</p>
<label for="email">Email:</label> <input type="email" id="email" name="email"> <ul>
<label for="text">Comment:</label> <li><a href="/a">Page A</a></li>
<textarea id="text" name="text" required></textarea> <li><a href="/b">Page B</a></li>
<input type="submit"> </ul>
</form>
<h3 id="commentsHeader">Comments</h3>
<div id="comments"></div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="soudan.js"></script>

@ -1,24 +1,44 @@
const form = document.getElementById("commentForm"); document.getElementById("soudan").innerHTML = `<h3>Make a comment</h3>
const commentContainer = document.getElementById("comments"); <form id="soudan-comment-form">
const commentContainerHeader = document.getElementById("commentsHeader"); <label for="author">Name:</label> <input type="text" name="author" placeholder="Anonymous">
<label for="email">Email:</label> <input type="email" name="email">
<label for="text">Comment:</label>
<textarea name="text" required></textarea>
<input type="submit">
</form>
<h3 id="soudan-comments-header">Comments</h3>
<div id="soudan-comments"></div>`;
document.write(`<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>`);
const url = "http://127.0.0.1:8080";
const form = document.getElementById("soudan-comment-form");
const commentContainer = document.getElementById("soudan-comments");
const commentContainerHeader = document.getElementById("soudan-comments-header");
const contentId = document.querySelector("meta[name=\"soudan-content-id\"]").getAttribute("content");
form.addEventListener("submit", e => { form.addEventListener("submit", e => {
let data = {}; let data = {
url: window.location.href,
comment: { contentId }
};
new FormData(form).forEach((value, key) => { new FormData(form).forEach((value, key) => {
data[key] = value === "" ? null : value; data.comment[key] = value === "" ? null : value;
}); });
var request = new XMLHttpRequest(); fetch(url, {
request.open("POST", "http:/127.0.0.1:8080"); method: "POST",
request.send(JSON.stringify(data)); body: JSON.stringify(data),
request.addEventListener("load", () => { headers: { "Content-Type": "application/json" }
})
.then(response => {
if (!response.ok) {
return;
}
form.querySelector("textarea").value = ""; form.querySelector("textarea").value = "";
reloadComments() reloadComments();
}); })
request.addEventListener("error", () => alert("Comment posting failed!"));
e.preventDefault(); e.preventDefault();
}); });
function reloadComments() { function reloadComments() {
fetch("http://127.0.0.1:8080") fetch(`${url}/${contentId}`)
.then(response => { .then(response => {
return response.json().then(json => { return response.json().then(json => {
return response.ok ? json : Promise.reject(json); return response.ok ? json : Promise.reject(json);
@ -31,7 +51,7 @@ function reloadComments() {
html = "<p>No comments yet! Be the first to make one.</p>"; html = "<p>No comments yet! Be the first to make one.</p>";
} else { } else {
comments.forEach(comment => { comments.forEach(comment => {
html += `<div><img class="avatar" src="https://www.gravatar.com/avatar/${comment.gravatar}"><div><b>${comment.author ? comment.author : "Anonymous"}</b> commented ${moment(new Date(comment.timestamp * 1000)).fromNow()}:<br><div>${comment.text}</div></div></div>`; html += `<div><img class="soudan-avatar" src="https://www.gravatar.com/avatar/${comment.gravatar}"><div><b>${comment.author ? comment.author : "Anonymous"}</b> commented ${moment(new Date(comment.timestamp * 1000)).fromNow()}:<br><div>${comment.text}</div></div></div>`;
}); });
} }
commentContainer.innerHTML = html; commentContainer.innerHTML = html;

@ -1,8 +1,8 @@
#comments > div { #soudan-comments > div {
display: flex; display: flex;
gap: 0.5em; gap: 0.5em;
} }
#comments .avatar { .soudan-avatar {
border-radius: 100%; border-radius: 100%;
width: 80px; width: 80px;
height: 80px; height: 80px;

@ -3,8 +3,8 @@ use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize, Serializer}; use serde::{Deserialize, Serialize, Serializer};
use validator::Validate; use validator::Validate;
// Master comment type that is stored in database
#[derive(Serialize, Deserialize, Validate)] #[derive(Serialize, Deserialize, Validate)]
#[serde(rename_all = "camelCase")]
pub struct Comment { pub struct Comment {
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub author: Option<String>, // None is Anonymous pub author: Option<String>, // None is Anonymous
@ -19,6 +19,7 @@ pub struct Comment {
#[serde(with = "ts_seconds_option")] #[serde(with = "ts_seconds_option")]
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub timestamp: Option<DateTime<Utc>>, pub timestamp: Option<DateTime<Utc>>,
pub content_id: String,
} }
fn serialize_gravatar<S>(email: &Option<String>, s: S) -> Result<S::Ok, S::Error> fn serialize_gravatar<S>(email: &Option<String>, s: S) -> Result<S::Ok, S::Error>

@ -17,22 +17,24 @@ impl Database {
email TEXT, email TEXT,
author TEXT, author TEXT,
text TEXT NOT NULL, text TEXT NOT NULL,
timestamp DATETIME DEFAULT CURRENT_TIMESTAMP timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
content_id TEXT NOT NULL
)", )",
params![], params![],
)?; )?;
Ok(Self { conn }) Ok(Self { conn })
} }
pub fn get_comments(&self) -> Result<Vec<Comment>> { pub fn get_comments(&self, content_id: &str) -> Result<Vec<Comment>> {
self.conn self.conn
.prepare("SELECT author, email, text, timestamp FROM comment ORDER BY timestamp DESC")? .prepare(&format!("SELECT author, email, text, timestamp FROM comment WHERE content_id='{content_id}' ORDER BY timestamp DESC"))?
.query_map([], |row| { .query_map([], |row| {
Ok(Comment { Ok(Comment {
author: row.get(0)?, author: row.get(0)?,
email: row.get(1)?, email: row.get(1)?,
text: row.get(2)?, text: row.get(2)?,
timestamp: row.get(3)?, timestamp: row.get(3)?,
content_id: content_id.to_owned(),
}) })
})? })?
.collect() .collect()
@ -40,8 +42,8 @@ impl Database {
pub fn create_comment(&self, comment: &Comment) -> Result<()> { pub fn create_comment(&self, comment: &Comment) -> Result<()> {
self.conn.execute( self.conn.execute(
"INSERT INTO comment (author, email, text) VALUES (?1, ?2, ?3)", "INSERT INTO comment (author, email, text, content_id) VALUES (?1, ?2, ?3, ?4)",
params![&comment.author, &comment.email, &comment.text], params![&comment.author, &comment.email, &comment.text, &comment.content_id],
)?; )?;
Ok(()) Ok(())
} }

@ -1,63 +1,161 @@
mod comment; mod comment; use actix_cors::Cors;
use actix_cors::Cors;
pub use comment::*; pub use comment::*;
mod database; mod database;
pub use database::Database; pub use database::Database;
use actix_web::{get, post, web, App, HttpResponse, HttpServer, Responder}; use actix_web::{get, post, web, App, HttpResponse, HttpRequest, HttpServer, Responder};
use std::{env, sync::Mutex}; use std::{env, sync::{Mutex, MutexGuard}};
use validator::Validate; use validator::Validate;
use scraper::{Html, Selector};
use std::collections::HashMap;
use serde::Deserialize;
struct AppState { struct AppState {
db: Mutex<Database>, databases: HashMap<String, Mutex<Database>>,
} }
#[get("/")] fn get_db<'a>(data: &'a web::Data<AppState>, request: &HttpRequest) -> Result<MutexGuard<'a, Database>, HttpResponse> {
async fn get_comments(data: web::Data<AppState>) -> impl Responder { // all the .into() are converting from HttpResponseBuilder to HttpResponse
let db = match data.db.lock() { let origin = match request.head().headers().get("Origin") {
Ok(db) => db, Some(origin) => match origin.to_str() {
Err(_) => return HttpResponse::InternalServerError().into(), Ok(origin) => origin,
Err(_) => return Err(HttpResponse::BadRequest().into()),
}
None => return Err(HttpResponse::BadRequest().into()),
}; };
HttpResponse::Ok().json(&db.get_comments().unwrap()) match data.databases.get(origin) {
Some(database) => Ok(match database.lock() {
Ok(database) => database,
Err(_) => return Err(HttpResponse::InternalServerError().into()),
}),
None => return Err(HttpResponse::BadRequest().into()),
}
}
#[get("/{content_id}")]
async fn get_comments(data: web::Data<AppState>, request: HttpRequest, content_id: web::Path<String>) -> impl Responder {
let database = match get_db(&data, &request) {
Ok(database) => database,
Err(response) => return response,
};
HttpResponse::Ok().json(database.get_comments(&content_id).unwrap())
}
#[derive(Deserialize)]
struct PostCommentsRequest {
url: String,
comment: Comment,
} }
#[post("/")] #[post("/")]
async fn post_comment(data: web::Data<AppState>, bytes: web::Bytes) -> impl Responder { async fn post_comment(data: web::Data<AppState>, request: HttpRequest, bytes: web::Bytes) -> impl Responder {
match String::from_utf8(bytes.to_vec()) { match String::from_utf8(bytes.to_vec()) {
Ok(text) => { Ok(text) => {
let db = match data.db.lock() { let PostCommentsRequest { url, comment } = match serde_json::from_str(&text) {
Ok(db) => db, Ok(req) => req,
Err(_) => return HttpResponse::InternalServerError(), Err(_) => return HttpResponse::BadRequest().into(),
};
let comment: Comment = match serde_json::from_str(&text) {
Ok(comment) => comment,
Err(_) => return HttpResponse::BadRequest(),
}; };
if comment.validate().is_err() { if comment.validate().is_err() {
return HttpResponse::BadRequest(); return HttpResponse::BadRequest().into();
}
let origin = match request.head().headers().get("Origin") {
Some(origin) => match origin.to_str() {
Ok(origin) => origin,
// If the Origin is not valid ASCII, it is a bad request not sent from a browser
Err(_) => return HttpResponse::BadRequest().into(),
},
// If there is no Origin header, it is a bad request not sent from a browser
None => return HttpResponse::BadRequest().into(),
};
// Check to see if provided URL is in scope.
// This is to prevent malicious requests that try to get server to fetch external websites.
// (requires loop because "labels on blocks are unstable")
// https://github.com/rust-lang/rust/issues/48594
'outer: loop {
for site_root in data.databases.keys() {
if site_root.starts_with(origin) && url.starts_with(site_root) {
break 'outer;
}
}
return HttpResponse::BadRequest().into();
} }
db.create_comment(&comment).unwrap(); match get_page_data(&url).await {
HttpResponse::Ok() Ok(page_data_option) => match page_data_option {
Some(page_data) => if page_data.content_id != comment.content_id {
return HttpResponse::BadRequest().into();
},
None => return HttpResponse::BadRequest().into(),
},
Err(_) => return HttpResponse::InternalServerError().into(),
};
let database = match get_db(&data, &request) {
Ok(database) => database,
Err(response) => return response,
};
database.create_comment(&comment).unwrap();
HttpResponse::Ok().into()
} }
Err(_) => HttpResponse::BadRequest().into(), Err(_) => HttpResponse::BadRequest().into(),
} }
} }
// Contains all page details stored in meta tags.
// Currently, only content_id, but this is wrapped in this struct
// to make adding other meta tags, such as locked comments, in the future
struct PageData {
content_id: String,
}
async fn get_page_data(url: &str) -> Result<Option<PageData>, reqwest::Error> {
let response = reqwest::get(url).await?;
if !response.status().is_success() {
return Ok(None);
}
let content = response.text_with_charset("utf-8").await?;
let document = Html::parse_document(&content);
let get_meta = |name: &str| -> Option<String> {
let selector = Selector::parse(&format!("meta[name=\"{}\"]", name)).unwrap();
match document.select(&selector).next() {
Some(element) => match element.value().attr("content") {
Some(value) => Some(value.to_owned()),
None => return None,
},
None => return None,
}
};
return Ok(Some(PageData {
content_id: match get_meta("soudan-content-id") {
Some(id) => id,
None => return Ok(None),
},
}))
}
#[actix_web::main] #[actix_web::main]
async fn main() -> Result<(), std::io::Error> { async fn main() -> Result<(), std::io::Error> {
let mut domains = Vec::new();
let testing = { let testing = {
let mut testing = false; let mut testing = false;
for argument in env::args() { let mut args = env::args();
args.next(); // Skip first, will be executable name
for argument in args {
if argument == "--testing" || argument == "-t" { if argument == "--testing" || argument == "-t" {
testing = true; testing = true;
break; } else {
domains.push(argument);
} }
} }
testing testing
}; };
let db = Database::new(testing).unwrap(); if domains.len() == 0 {
let state = web::Data::new(AppState { db: Mutex::new(db) }); panic!("At least one domain is required!");
}
let mut databases = HashMap::new();
for domain in domains.iter() {
databases.insert(domain.to_owned(), Mutex::new(Database::new(testing).unwrap()));
}
let state = web::Data::new(AppState { databases });
HttpServer::new(move || { HttpServer::new(move || {
App::new() App::new()
.service(get_comments) .service(get_comments)

Loading…
Cancel
Save