Add support for multiple websites, contents, etc.

main
Elnu 2 years ago
parent 0de8921306
commit 5d70793e2b

845
Cargo.lock generated

File diff suppressed because it is too large Load Diff

@ -19,3 +19,5 @@ serde_json = "1"
validator = { version = "0.15.0", features = ["derive"] }
md5 = "0.7.0"
chrono = { version = "0.4.19", features = ["serde"] }
reqwest = "0.11.11"
scraper = "0.13.0"

@ -0,0 +1,8 @@
<meta name="soudan-content-id" content="a">
<link rel="stylesheet" href="https://unpkg.com/sakura.css/css/sakura-dark.css" type="text/css">
<link rel="stylesheet" href="/style.css">
<h1>Page A</h1>
<p>This is Page A.</p>
<div id="soudan"></div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="/soudan.js"></script>

@ -0,0 +1,8 @@
<meta name="soudan-content-id" content="b">
<link rel="stylesheet" href="https://unpkg.com/sakura.css/css/sakura-dark.css" type="text/css">
<link rel="stylesheet" href="/style.css">
<h1>Page B</h1>
<p>This is Page B.</h2>
<div id="soudan"></div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="/soudan.js"></script>

@ -1,14 +1,10 @@
<meta name="soudan-content-id" content="test">
<link rel="stylesheet" href="https://unpkg.com/sakura.css/css/sakura-dark.css" type="text/css">
<link rel="stylesheet" href="style.css">
<h3>Make a comment</h3>
<form id="commentForm">
<label for="author">Name:</label> <input type="text" id="author" name="author" placeholder="Anonymous">
<label for="email">Email:</label> <input type="email" id="email" name="email">
<label for="text">Comment:</label>
<textarea id="text" name="text" required></textarea>
<input type="submit">
</form>
<h3 id="commentsHeader">Comments</h3>
<div id="comments"></div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="soudan.js"></script>
<link rel="stylesheet" href="/style.css">
<h1>Soudan demo</h1>
<p>Welcome to the Soudan demo!</h1>
<p>Check out the following example pages, each with their own comment section:</p>
<ul>
<li><a href="/a">Page A</a></li>
<li><a href="/b">Page B</a></li>
</ul>

@ -1,24 +1,44 @@
const form = document.getElementById("commentForm");
const commentContainer = document.getElementById("comments");
const commentContainerHeader = document.getElementById("commentsHeader");
document.getElementById("soudan").innerHTML = `<h3>Make a comment</h3>
<form id="soudan-comment-form">
<label for="author">Name:</label> <input type="text" name="author" placeholder="Anonymous">
<label for="email">Email:</label> <input type="email" name="email">
<label for="text">Comment:</label>
<textarea name="text" required></textarea>
<input type="submit">
</form>
<h3 id="soudan-comments-header">Comments</h3>
<div id="soudan-comments"></div>`;
document.write(`<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>`);
const url = "http://127.0.0.1:8080";
const form = document.getElementById("soudan-comment-form");
const commentContainer = document.getElementById("soudan-comments");
const commentContainerHeader = document.getElementById("soudan-comments-header");
const contentId = document.querySelector("meta[name=\"soudan-content-id\"]").getAttribute("content");
form.addEventListener("submit", e => {
let data = {};
let data = {
url: window.location.href,
comment: { contentId }
};
new FormData(form).forEach((value, key) => {
data[key] = value === "" ? null : value;
data.comment[key] = value === "" ? null : value;
});
var request = new XMLHttpRequest();
request.open("POST", "http:/127.0.0.1:8080");
request.send(JSON.stringify(data));
request.addEventListener("load", () => {
form.querySelector("textarea").value = "";
reloadComments()
});
request.addEventListener("error", () => alert("Comment posting failed!"));
fetch(url, {
method: "POST",
body: JSON.stringify(data),
headers: { "Content-Type": "application/json" }
})
.then(response => {
if (!response.ok) {
return;
}
form.querySelector("textarea").value = "";
reloadComments();
})
e.preventDefault();
});
function reloadComments() {
fetch("http://127.0.0.1:8080")
fetch(`${url}/${contentId}`)
.then(response => {
return response.json().then(json => {
return response.ok ? json : Promise.reject(json);
@ -31,7 +51,7 @@ function reloadComments() {
html = "<p>No comments yet! Be the first to make one.</p>";
} else {
comments.forEach(comment => {
html += `<div><img class="avatar" src="https://www.gravatar.com/avatar/${comment.gravatar}"><div><b>${comment.author ? comment.author : "Anonymous"}</b> commented ${moment(new Date(comment.timestamp * 1000)).fromNow()}:<br><div>${comment.text}</div></div></div>`;
html += `<div><img class="soudan-avatar" src="https://www.gravatar.com/avatar/${comment.gravatar}"><div><b>${comment.author ? comment.author : "Anonymous"}</b> commented ${moment(new Date(comment.timestamp * 1000)).fromNow()}:<br><div>${comment.text}</div></div></div>`;
});
}
commentContainer.innerHTML = html;

@ -1,8 +1,8 @@
#comments > div {
#soudan-comments > div {
display: flex;
gap: 0.5em;
}
#comments .avatar {
.soudan-avatar {
border-radius: 100%;
width: 80px;
height: 80px;

@ -3,8 +3,8 @@ use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize, Serializer};
use validator::Validate;
// Master comment type that is stored in database
#[derive(Serialize, Deserialize, Validate)]
#[serde(rename_all = "camelCase")]
pub struct Comment {
#[serde(skip_serializing_if = "Option::is_none")]
pub author: Option<String>, // None is Anonymous
@ -19,6 +19,7 @@ pub struct Comment {
#[serde(with = "ts_seconds_option")]
#[serde(skip_serializing_if = "Option::is_none")]
pub timestamp: Option<DateTime<Utc>>,
pub content_id: String,
}
fn serialize_gravatar<S>(email: &Option<String>, s: S) -> Result<S::Ok, S::Error>

@ -13,26 +13,28 @@ impl Database {
let conn = Connection::open_in_memory()?;
conn.execute(
"CREATE TABLE comment (
id INTEGER PRIMARY KEY,
email TEXT,
author TEXT,
text TEXT NOT NULL,
timestamp DATETIME DEFAULT CURRENT_TIMESTAMP
id INTEGER PRIMARY KEY,
email TEXT,
author TEXT,
text TEXT NOT NULL,
timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
content_id TEXT NOT NULL
)",
params![],
)?;
Ok(Self { conn })
}
pub fn get_comments(&self) -> Result<Vec<Comment>> {
pub fn get_comments(&self, content_id: &str) -> Result<Vec<Comment>> {
self.conn
.prepare("SELECT author, email, text, timestamp FROM comment ORDER BY timestamp DESC")?
.prepare(&format!("SELECT author, email, text, timestamp FROM comment WHERE content_id='{content_id}' ORDER BY timestamp DESC"))?
.query_map([], |row| {
Ok(Comment {
author: row.get(0)?,
email: row.get(1)?,
text: row.get(2)?,
timestamp: row.get(3)?,
content_id: content_id.to_owned(),
})
})?
.collect()
@ -40,8 +42,8 @@ impl Database {
pub fn create_comment(&self, comment: &Comment) -> Result<()> {
self.conn.execute(
"INSERT INTO comment (author, email, text) VALUES (?1, ?2, ?3)",
params![&comment.author, &comment.email, &comment.text],
"INSERT INTO comment (author, email, text, content_id) VALUES (?1, ?2, ?3, ?4)",
params![&comment.author, &comment.email, &comment.text, &comment.content_id],
)?;
Ok(())
}

@ -1,63 +1,161 @@
mod comment;
use actix_cors::Cors;
mod comment; use actix_cors::Cors;
pub use comment::*;
mod database;
pub use database::Database;
use actix_web::{get, post, web, App, HttpResponse, HttpServer, Responder};
use std::{env, sync::Mutex};
use actix_web::{get, post, web, App, HttpResponse, HttpRequest, HttpServer, Responder};
use std::{env, sync::{Mutex, MutexGuard}};
use validator::Validate;
use scraper::{Html, Selector};
use std::collections::HashMap;
use serde::Deserialize;
struct AppState {
db: Mutex<Database>,
databases: HashMap<String, Mutex<Database>>,
}
#[get("/")]
async fn get_comments(data: web::Data<AppState>) -> impl Responder {
let db = match data.db.lock() {
Ok(db) => db,
Err(_) => return HttpResponse::InternalServerError().into(),
fn get_db<'a>(data: &'a web::Data<AppState>, request: &HttpRequest) -> Result<MutexGuard<'a, Database>, HttpResponse> {
// all the .into() are converting from HttpResponseBuilder to HttpResponse
let origin = match request.head().headers().get("Origin") {
Some(origin) => match origin.to_str() {
Ok(origin) => origin,
Err(_) => return Err(HttpResponse::BadRequest().into()),
}
None => return Err(HttpResponse::BadRequest().into()),
};
match data.databases.get(origin) {
Some(database) => Ok(match database.lock() {
Ok(database) => database,
Err(_) => return Err(HttpResponse::InternalServerError().into()),
}),
None => return Err(HttpResponse::BadRequest().into()),
}
}
#[get("/{content_id}")]
async fn get_comments(data: web::Data<AppState>, request: HttpRequest, content_id: web::Path<String>) -> impl Responder {
let database = match get_db(&data, &request) {
Ok(database) => database,
Err(response) => return response,
};
HttpResponse::Ok().json(&db.get_comments().unwrap())
HttpResponse::Ok().json(database.get_comments(&content_id).unwrap())
}
#[derive(Deserialize)]
struct PostCommentsRequest {
url: String,
comment: Comment,
}
#[post("/")]
async fn post_comment(data: web::Data<AppState>, bytes: web::Bytes) -> impl Responder {
async fn post_comment(data: web::Data<AppState>, request: HttpRequest, bytes: web::Bytes) -> impl Responder {
match String::from_utf8(bytes.to_vec()) {
Ok(text) => {
let db = match data.db.lock() {
Ok(db) => db,
Err(_) => return HttpResponse::InternalServerError(),
};
let comment: Comment = match serde_json::from_str(&text) {
Ok(comment) => comment,
Err(_) => return HttpResponse::BadRequest(),
let PostCommentsRequest { url, comment } = match serde_json::from_str(&text) {
Ok(req) => req,
Err(_) => return HttpResponse::BadRequest().into(),
};
if comment.validate().is_err() {
return HttpResponse::BadRequest();
return HttpResponse::BadRequest().into();
}
let origin = match request.head().headers().get("Origin") {
Some(origin) => match origin.to_str() {
Ok(origin) => origin,
// If the Origin is not valid ASCII, it is a bad request not sent from a browser
Err(_) => return HttpResponse::BadRequest().into(),
},
// If there is no Origin header, it is a bad request not sent from a browser
None => return HttpResponse::BadRequest().into(),
};
// Check to see if provided URL is in scope.
// This is to prevent malicious requests that try to get server to fetch external websites.
// (requires loop because "labels on blocks are unstable")
// https://github.com/rust-lang/rust/issues/48594
'outer: loop {
for site_root in data.databases.keys() {
if site_root.starts_with(origin) && url.starts_with(site_root) {
break 'outer;
}
}
return HttpResponse::BadRequest().into();
}
db.create_comment(&comment).unwrap();
HttpResponse::Ok()
match get_page_data(&url).await {
Ok(page_data_option) => match page_data_option {
Some(page_data) => if page_data.content_id != comment.content_id {
return HttpResponse::BadRequest().into();
},
None => return HttpResponse::BadRequest().into(),
},
Err(_) => return HttpResponse::InternalServerError().into(),
};
let database = match get_db(&data, &request) {
Ok(database) => database,
Err(response) => return response,
};
database.create_comment(&comment).unwrap();
HttpResponse::Ok().into()
}
Err(_) => HttpResponse::BadRequest().into(),
}
}
// Contains all page details stored in meta tags.
// Currently, only content_id, but this is wrapped in this struct
// to make adding other meta tags, such as locked comments, in the future
struct PageData {
content_id: String,
}
async fn get_page_data(url: &str) -> Result<Option<PageData>, reqwest::Error> {
let response = reqwest::get(url).await?;
if !response.status().is_success() {
return Ok(None);
}
let content = response.text_with_charset("utf-8").await?;
let document = Html::parse_document(&content);
let get_meta = |name: &str| -> Option<String> {
let selector = Selector::parse(&format!("meta[name=\"{}\"]", name)).unwrap();
match document.select(&selector).next() {
Some(element) => match element.value().attr("content") {
Some(value) => Some(value.to_owned()),
None => return None,
},
None => return None,
}
};
return Ok(Some(PageData {
content_id: match get_meta("soudan-content-id") {
Some(id) => id,
None => return Ok(None),
},
}))
}
#[actix_web::main]
async fn main() -> Result<(), std::io::Error> {
let mut domains = Vec::new();
let testing = {
let mut testing = false;
for argument in env::args() {
let mut args = env::args();
args.next(); // Skip first, will be executable name
for argument in args {
if argument == "--testing" || argument == "-t" {
testing = true;
break;
} else {
domains.push(argument);
}
}
testing
};
let db = Database::new(testing).unwrap();
let state = web::Data::new(AppState { db: Mutex::new(db) });
if domains.len() == 0 {
panic!("At least one domain is required!");
}
let mut databases = HashMap::new();
for domain in domains.iter() {
databases.insert(domain.to_owned(), Mutex::new(Database::new(testing).unwrap()));
}
let state = web::Data::new(AppState { databases });
HttpServer::new(move || {
App::new()
.service(get_comments)

Loading…
Cancel
Save