]> git.llucax.com Git - software/blitiri.git/blobdiff - blitiri.cgi
Make the cached() decorator take into account all arguments
[software/blitiri.git] / blitiri.cgi
index 161449a1f73abbc961851d88d851434c2aa77679..347d27a86eebcbd933a1e4cde226cf967be55a93 100755 (executable)
@@ -24,6 +24,12 @@ comments_path = "/tmp/blog/comments"
 # default templates. If they're not found, the built-in ones will be used.
 templates_path = "/tmp/blog/templates"
 
 # default templates. If they're not found, the built-in ones will be used.
 templates_path = "/tmp/blog/templates"
 
+# Path where the cache is stored (must be writeable by the web server);
+# set to None to disable. When enabled, you must take care of cleaning it up
+# every once in a while.
+#cache_path = "/tmp/blog/cache"
+cache_path = None
+
 # URL to the blog, including the name. Can be a full URL or just the path.
 blog_url = "/blog/blitiri.cgi"
 
 # URL to the blog, including the name. Can be a full URL or just the path.
 blog_url = "/blog/blitiri.cgi"
 
@@ -40,6 +46,34 @@ author = "Hartmut Kegan"
 # Article encoding
 encoding = "utf8"
 
 # Article encoding
 encoding = "utf8"
 
+# Captcha class
+class Captcha (object):
+       def __init__(self, article):
+               self.article = article
+               words = article.title.split()
+               self.nword = hash(article.title) % len(words) % 5
+               self.answer = words[self.nword]
+               self.help = 'gotcha, damn spam bot!'
+
+       def get_puzzle(self):
+               nword = self.nword + 1
+               if nword == 1:
+                       n = '1st'
+               elif nword == 2:
+                       n = '2nd'
+               elif nword == 3:
+                       n = '3rd'
+               else:
+                       n = str(nword) + 'th'
+               return "enter the %s word of the article's title" % n
+       puzzle = property(fget = get_puzzle)
+
+       def validate(self, form_data):
+               if form_data.captcha.lower() == self.answer.lower():
+                       return True
+               return False
+
+
 #
 # End of configuration
 # DO *NOT* EDIT ANYTHING PAST HERE
 #
 # End of configuration
 # DO *NOT* EDIT ANYTHING PAST HERE
@@ -48,6 +82,8 @@ encoding = "utf8"
 
 import sys
 import os
 
 import sys
 import os
+import errno
+import shutil
 import time
 import datetime
 import calendar
 import time
 import datetime
 import calendar
@@ -55,6 +91,7 @@ import zlib
 import urllib
 import cgi
 from docutils.core import publish_parts
 import urllib
 import cgi
 from docutils.core import publish_parts
+from docutils.utils import SystemMessage
 
 # Before importing the config, add our cwd to the Python path
 sys.path.append(os.getcwd())
 
 # Before importing the config, add our cwd to the Python path
 sys.path.append(os.getcwd())
@@ -138,7 +175,7 @@ default_comment_header = """
 <div class="comment">
 <a name="comment-%(number)d" />
 <h3><a href="#comment-%(number)d">Comment #%(number)d</a></h3>
 <div class="comment">
 <a name="comment-%(number)d" />
 <h3><a href="#comment-%(number)d">Comment #%(number)d</a></h3>
-<span class="cominfo">by <a href="%(link)s">%(author)s</a>
+<span class="cominfo">by %(linked_author)s
   on %(year)04d-%(month)02d-%(day)02d %(hour)02d:%(minute)02d</span>
 <p/>
 <div class="combody">
   on %(year)04d-%(month)02d-%(day)02d %(hour)02d:%(minute)02d</span>
 <p/>
 <div class="combody">
@@ -150,6 +187,57 @@ default_comment_footer = """
 </div>
 """
 
 </div>
 """
 
+default_comment_form = """
+<div class="comform">
+<a name="comment" />
+<h3 class="comform"><a href="#comment">Your comment</a></h3>
+<div class="comforminner">
+<form method="%(form_method)s" action="%(form_action)s">
+<div class="comformauthor">
+  <label for="comformauthor">Your name %(form_author_error)s</label>
+  <input type="text" class="comformauthor" id="comformauthor"
+         name="comformauthor" value="%(form_author)s" />
+</div>
+<div class="comformlink">
+  <label for="comformlink">Your link
+    <span class="comformoptional">(optional, will be published)</span>
+      %(form_link_error)s</label>
+  <input type="text" class="comformlink" id="comformlink"
+         name="comformlink" value="%(form_link)s" />
+  <div class="comformhelp">
+    like <span class="formurlexample">http://www.example.com/</span>
+    or <span class="formurlexample">mailto:you@example.com</span>
+  </div>
+</div>
+<div class="comformcaptcha">
+  <label for="comformcaptcha">Your humanity proof %(form_captcha_error)s</label>
+  <input type="text" class="comformcaptcha" id="comformcaptcha"
+         name="comformcaptcha" value="%(form_captcha)s" />
+  <div class="comformhelp">%(captcha_puzzle)s</div>
+</div>
+<div class="comformbody">
+  <label for="comformbody" class="comformbody">The comment
+    %(form_body_error)s</label>
+  <textarea class="comformbody" id="comformbody" name="comformbody" rows="15"
+            cols="80">%(form_body)s</textarea>
+  <div class="comformhelp">
+    in
+    <a href="http://docutils.sourceforge.net/docs/user/rst/quickref.html">\
+RestructuredText</a> format, please
+  </div>
+</div>
+<div class="comformsend">
+  <button type="submit" class="comformsend" id="comformsend" name="comformsend">
+    Send comment
+  </button>
+</div>
+</form>
+</div>
+</div>
+"""
+
+default_comment_error = '<span class="comformerror">(%(error)s)</span>'
+
 
 # Default CSS
 default_css = """
 
 # Default CSS
 default_css = """
@@ -234,6 +322,63 @@ div.comment {
        margin-bottom: 1em;
 }
 
        margin-bottom: 1em;
 }
 
+div.comforminner {
+       margin-left: 2em;
+}
+
+div.comform {
+       margin-left: 1em;
+       margin-bottom: 1em;
+}
+
+div.comform label {
+       display: block;
+       border-bottom: 1px solid #99C;
+       margin-top: 0.5em;
+       clear: both;
+}
+
+div.comform span.comformoptional {
+       font-size: xx-small;
+       color: #666;
+}
+
+div.comform input {
+       font-size: small;
+       width: 99%;
+}
+
+div.comformhelp {
+       font-size: xx-small;
+       text-align: right;
+       float: right;
+}
+
+span.formurlexample {
+       color: #111;
+       background-color: #EEF;
+       font-family: monospace;
+       padding-left: 0.2em;
+       padding-right: 0.2em;
+}
+
+textarea.comformbody {
+       font-family: monospace;
+       font-size: small;
+       width: 99%;
+       height: 15em;
+}
+
+button.comformsend {
+       margin-top: 0.5em;
+}
+
+span.comformerror {
+       color: #900;
+       font-size: xx-small;
+       margin-left: 0.5em;
+}
+
 hr {
        float: left;
        height: 2px;
 hr {
        float: left;
        height: 2px;
@@ -265,15 +410,79 @@ div.section h1 {
 
 """
 
 
 """
 
+
+# Cache decorator
+# It only works if the function is pure (that is, its return value depends
+# only on its arguments), and if all the arguments are hash()eable.
+def cached(f):
+       # do not decorate if the cache is disabled
+       if cache_path is None:
+               return f
+
+       def decorate(*args, **kwargs):
+               hashes = '-'.join( str(hash(x)) for x in args +
+                               tuple(kwargs.items()) )
+               fname = 'blitiri.%s.%s.cache' % (f.__name__, hashes)
+               cache_file = os.path.join(cache_path, fname)
+               try:
+                       s = open(cache_file).read()
+               except:
+                       s = f(*args, **kwargs)
+                       open(cache_file, 'w').write(s)
+               return s
+
+       return decorate
+
+
 # helper functions
 # helper functions
-def rst_to_html(rst):
+def rst_to_html(rst, secure = True):
        settings = {
                'input_encoding': encoding,
                'output_encoding': 'utf8',
        settings = {
                'input_encoding': encoding,
                'output_encoding': 'utf8',
+               'halt_level': 1,
+               'traceback':  1,
+               'file_insertion_enabled': secure,
+               'raw_enabled': secure,
        }
        parts = publish_parts(rst, settings_overrides = settings,
                                writer_name = "html")
        return parts['body'].encode('utf8')
        }
        parts = publish_parts(rst, settings_overrides = settings,
                                writer_name = "html")
        return parts['body'].encode('utf8')
+rst_to_html = cached(rst_to_html)
+
+def validate_rst(rst, secure = True):
+       try:
+               rst_to_html(rst, secure)
+               return None
+       except SystemMessage, e:
+               desc = e.args[0].encode('utf-8') # the error string
+               desc = desc[9:] # remove "<string>:"
+               line = int(desc[:desc.find(':')] or 0) # get the line number
+               desc = desc[desc.find(')')+2:-1] # remove (LEVEL/N)
+               try:
+                       desc, context = desc.split('\n', 1)
+               except ValueError:
+                       context = ''
+               if desc.endswith('.'):
+                       desc = desc[:-1]
+               return (line, desc, context)
+
+def valid_link(link):
+       import re
+       mail_re = r"^[^ \t\n\r@<>()]+@[a-z0-9][a-z0-9\.\-_]*\.[a-z]+$"
+       scheme_re = r'^[a-zA-Z]+:'
+       url_re = r'^(?:[a-z0-9\-]+|[a-z0-9][a-z0-9\-\.\_]*\.[a-z]+)' \
+                       r'(?::[0-9]+)?(?:/.*)?$'
+       scheme = ''
+       rest = link
+       if re.match(scheme_re, link, re.I):
+               scheme, rest = link.split(':', 1)
+       if (not scheme or scheme == 'mailto') and re.match(mail_re, rest, re.I):
+               return 'mailto:' + link
+       if not scheme and re.match(url_re, rest, re.I):
+               return 'http://' + rest
+       if scheme:
+               return link
+       return None
 
 def sanitize(obj):
        if isinstance(obj, basestring):
 
 def sanitize(obj):
        if isinstance(obj, basestring):
@@ -341,13 +550,66 @@ class Templates (object):
                        'art_footer', default_article_footer, article.to_vars())
 
        def get_comment_header(self, comment):
                        'art_footer', default_article_footer, article.to_vars())
 
        def get_comment_header(self, comment):
+               vars = comment.to_vars()
+               if comment.link:
+                       vars['linked_author'] = '<a href="%s">%s</a>' \
+                                       % (comment.link, comment.author)
+               else:
+                       vars['linked_author'] = comment.author
                return self.get_template(
                return self.get_template(
-                       'com_header', default_comment_header, comment.to_vars())
+                       'com_header', default_comment_header, vars)
 
        def get_comment_footer(self, comment):
                return self.get_template(
                        'com_footer', default_comment_footer, comment.to_vars())
 
 
        def get_comment_footer(self, comment):
                return self.get_template(
                        'com_footer', default_comment_footer, comment.to_vars())
 
+       def get_comment_form(self, article, form_data, captcha_puzzle):
+               vars = article.to_vars()
+               vars.update(form_data.to_vars(self))
+               vars['captcha_puzzle'] = captcha_puzzle
+               return self.get_template(
+                       'com_form', default_comment_form, vars)
+
+       def get_comment_error(self, error):
+               return self.get_template(
+                       'com_error', default_comment_error, dict(error=error))
+
+
+class CommentFormData (object):
+       def __init__(self, author = '', link = '', captcha = '', body = ''):
+               self.author = author
+               self.link = link
+               self.captcha = captcha
+               self.body = body
+               self.author_error = ''
+               self.link_error = ''
+               self.captcha_error = ''
+               self.body_error = ''
+               self.action = ''
+               self.method = 'post'
+
+       def to_vars(self, template):
+               render_error = template.get_comment_error
+               a_error = self.author_error and render_error(self.author_error)
+               l_error = self.link_error and render_error(self.link_error)
+               c_error = self.captcha_error \
+                               and render_error(self.captcha_error)
+               b_error = self.body_error and render_error(self.body_error)
+               return {
+                       'form_author': sanitize(self.author),
+                       'form_link': sanitize(self.link),
+                       'form_captcha': sanitize(self.captcha),
+                       'form_body': sanitize(self.body),
+
+                       'form_author_error': a_error,
+                       'form_link_error': l_error,
+                       'form_captcha_error': c_error,
+                       'form_body_error': b_error,
+
+                       'form_action': self.action,
+                       'form_method': self.method,
+               }
+
 
 class Comment (object):
        def __init__(self, article, number, created = None):
 
 class Comment (object):
        def __init__(self, article, number, created = None):
@@ -385,6 +647,14 @@ class Comment (object):
        raw_content = property(fget = get_raw_content)
 
 
        raw_content = property(fget = get_raw_content)
 
 
+       def set(self, author, raw_content, link = '', created = None):
+               self.loaded = True
+               self._author = author
+               self._raw_content = raw_content
+               self._link = link
+               self.created = created or datetime.datetime.now()
+
+
        def load(self):
                filename = os.path.join(comments_path, self.article.uuid,
                                        str(self.number))
        def load(self):
                filename = os.path.join(comments_path, self.article.uuid,
                                        str(self.number))
@@ -408,6 +678,19 @@ class Comment (object):
                self._raw_content = ''.join(raw[count + 1:])
                self.loaded = True
 
                self._raw_content = ''.join(raw[count + 1:])
                self.loaded = True
 
+       def save(self):
+               filename = os.path.join(comments_path, self.article.uuid,
+                                       str(self.number))
+               try:
+                       f = open(filename, 'w')
+                       f.write('Author: %s\n' % self.author)
+                       f.write('Link: %s\n' % self.link)
+                       f.write('\n')
+                       f.write(self.raw_content)
+               except:
+                       return
+
+
        def to_html(self):
                return rst_to_html(self.raw_content)
 
        def to_html(self):
                return rst_to_html(self.raw_content)
 
@@ -533,6 +816,13 @@ class Article (object):
                return cmp(self.title, other.title)
 
 
                return cmp(self.title, other.title)
 
 
+       def add_comment(self, author, raw_content, link = ''):
+               c = Comment(self, len(self.comments))
+               c.set(author, raw_content, link)
+               self.comments.append(c)
+               return c
+
+
        def load(self):
                # XXX this tweak is only needed for old DB format, where
                # article's paths started with a slash
        def load(self):
                # XXX this tweak is only needed for old DB format, where
                # article's paths started with a slash
@@ -689,23 +979,35 @@ class ArticleDB (object):
 # Main
 #
 
 # Main
 #
 
-
-def render_html(articles, db, actyear = None, show_comments = False):
+def render_comments(article, template, form_data):
+       print '<a name="comments" />'
+       for c in article.comments:
+               if c is None:
+                       continue
+               print template.get_comment_header(c)
+               print c.to_html()
+               print template.get_comment_footer(c)
+       if not form_data:
+               form_data = CommentFormData()
+       form_data.action = blog_url + '/comment/' + article.uuid + '#comment'
+       captcha = Captcha(article)
+       print template.get_comment_form(article, form_data, captcha.puzzle)
+
+def render_html(articles, db, actyear = None, show_comments = False,
+               redirect =  None, form_data = None):
+       if redirect:
+               print 'Status: 303 See Other\r\n',
+               print 'Location: %s\r\n' % redirect,
+       print 'Content-type: text/html; charset=utf-8\r\n',
+       print '\r\n',
        template = Templates(templates_path, db, actyear)
        template = Templates(templates_path, db, actyear)
-       print 'Content-type: text/html; charset=utf-8\n'
        print template.get_main_header()
        for a in articles:
                print template.get_article_header(a)
                print a.to_html()
                print template.get_article_footer(a)
                if show_comments:
        print template.get_main_header()
        for a in articles:
                print template.get_article_header(a)
                print a.to_html()
                print template.get_article_footer(a)
                if show_comments:
-                       print '<a name="comments" />'
-                       for c in a.comments:
-                               if c is None:
-                                       continue
-                               print template.get_comment_header(c)
-                               print c.to_html()
-                               print template.get_comment_footer(c)
+                       render_comments(a, template, form_data)
        print template.get_main_footer()
 
 def render_artlist(articles, db, actyear = None):
        print template.get_main_footer()
 
 def render_artlist(articles, db, actyear = None):
@@ -785,7 +1087,9 @@ def handle_cgi():
        atom = False
        style = False
        post = False
        atom = False
        style = False
        post = False
+       post_preview = False
        artlist = False
        artlist = False
+       comment = False
 
        if os.environ.has_key('PATH_INFO'):
                path_info = os.environ['PATH_INFO']
 
        if os.environ.has_key('PATH_INFO'):
                path_info = os.environ['PATH_INFO']
@@ -793,9 +1097,11 @@ def handle_cgi():
                atom = path_info == '/atom'
                tag = path_info.startswith('/tag/')
                post = path_info.startswith('/post/')
                atom = path_info == '/atom'
                tag = path_info.startswith('/tag/')
                post = path_info.startswith('/post/')
+               post_preview = path_info.startswith('/preview/post/')
                artlist = path_info.startswith('/list')
                artlist = path_info.startswith('/list')
-               if not style and not atom and not post and not tag \
-                               and not artlist:
+               comment = path_info.startswith('/comment/') and enable_comments
+               if not style and not atom and not post and not post_preview \
+                               and not tag and not comment and not artlist:
                        date = path_info.split('/')[1:]
                        try:
                                if len(date) > 1 and date[0]:
                        date = path_info.split('/')[1:]
                        try:
                                if len(date) > 1 and date[0]:
@@ -809,11 +1115,28 @@ def handle_cgi():
                elif post:
                        uuid = path_info.replace('/post/', '')
                        uuid = uuid.replace('/', '')
                elif post:
                        uuid = path_info.replace('/post/', '')
                        uuid = uuid.replace('/', '')
+               elif post_preview:
+                       art_path = path_info.replace('/preview/post/', '')
+                       art_path = urllib.unquote_plus(art_path)
+                       art_path = os.path.join(data_path, art_path)
+                       art_path = os.path.realpath(art_path)
+                       common = os.path.commonprefix([data_path, art_path])
+                       if common != data_path: # something nasty happened
+                               post_preview = False
+                       art_path = art_path[len(data_path)+1:]
                elif tag:
                        t = path_info.replace('/tag/', '')
                        t = t.replace('/', '')
                        t = urllib.unquote_plus(t)
                        tags = set((t,))
                elif tag:
                        t = path_info.replace('/tag/', '')
                        t = t.replace('/', '')
                        t = urllib.unquote_plus(t)
                        tags = set((t,))
+               elif comment:
+                       uuid = path_info.replace('/comment/', '')
+                       uuid = uuid.replace('#comment', '')
+                       uuid = uuid.replace('/', '')
+                       author = form.getfirst('comformauthor', '')
+                       link = form.getfirst('comformlink', '')
+                       captcha = form.getfirst('comformcaptcha', '')
+                       body = form.getfirst('comformbody', '')
 
        db = ArticleDB(os.path.join(data_path, 'db'))
        if atom:
 
        db = ArticleDB(os.path.join(data_path, 'db'))
        if atom:
@@ -824,10 +1147,60 @@ def handle_cgi():
                render_style()
        elif post:
                render_html( [db.get_article(uuid)], db, year, enable_comments )
                render_style()
        elif post:
                render_html( [db.get_article(uuid)], db, year, enable_comments )
+       elif post_preview:
+               article = Article(art_path, datetime.datetime.now(),
+                                       datetime.datetime.now())
+               render_html( [article], db, year, enable_comments )
        elif artlist:
                articles = db.get_articles()
                articles.sort(cmp = Article.title_cmp)
                render_artlist(articles, db)
        elif artlist:
                articles = db.get_articles()
                articles.sort(cmp = Article.title_cmp)
                render_artlist(articles, db)
+       elif comment:
+               form_data = CommentFormData(author.strip().replace('\n', ' '),
+                               link.strip().replace('\n', ' '), captcha,
+                               body.replace('\r', ''))
+               article = db.get_article(uuid)
+               captcha = Captcha(article)
+               redirect = False
+               valid = True
+               if not form_data.author:
+                       form_data.author_error = 'please, enter your name'
+                       valid = False
+               if form_data.link:
+                       link = valid_link(form_data.link)
+                       if link:
+                               form_data.link = link
+                       else:
+                               form_data.link_error = 'please, enter a ' \
+                                               'valid link'
+                               valid = False
+               if not captcha.validate(form_data):
+                       form_data.captcha_error = captcha.help
+                       valid = False
+               if not form_data.body:
+                       form_data.body_error = 'please, write a comment'
+                       valid = False
+               else:
+                       error = validate_rst(form_data.body, secure=False)
+                       if error is not None:
+                               (line, desc, ctx) = error
+                               at = ''
+                               if line:
+                                       at = ' at line %d' % line
+                               form_data.body_error = 'error%s: %s' \
+                                               % (at, desc)
+                               valid = False
+               if valid:
+                       c = article.add_comment(form_data.author,
+                                       form_data.body, form_data.link)
+                       c.save()
+                       cdb = CommentDB(article)
+                       cdb.comments = article.comments
+                       cdb.save()
+                       redirect = blog_url + '/post/' + uuid + '#comment-' \
+                                       + str(c.number)
+               render_html( [article], db, year, enable_comments, redirect,
+                               form_data )
        else:
                articles = db.get_articles(year, month, day, tags)
                articles.sort(reverse = True)
        else:
                articles = db.get_articles(year, month, day, tags)
                articles.sort(reverse = True)
@@ -867,6 +1240,17 @@ def handle_cmd():
                                return 1
                db.articles.append(article)
                db.save()
                                return 1
                db.articles.append(article)
                db.save()
+               if enable_comments:
+                       comment_dir = os.path.join(comments_path, article.uuid)
+                       try:
+                               os.mkdir(comment_dir, 0775)
+                       except OSError, e:
+                               if e.errno != errno.EEXIST:
+                                       print "Error: can't create comments " \
+                                               "directory %s (%s)" \
+                                                       % (comment_dir, e)
+                               # otherwise is probably a removed and re-added
+                               # article
        elif cmd == 'rm':
                article = Article(art_path)
                for a in db.articles:
        elif cmd == 'rm':
                article = Article(art_path)
                for a in db.articles:
@@ -875,8 +1259,12 @@ def handle_cmd():
                else:
                        print "Error: no such article"
                        return 1
                else:
                        print "Error: no such article"
                        return 1
+               if enable_comments:
+                       r = raw_input('Remove comments [y/N]? ')
                db.articles.remove(a)
                db.save()
                db.articles.remove(a)
                db.save()
+               if enable_comments and r.lower() == 'y':
+                       shutil.rmtree(os.path.join(comments_path, a.uuid))
        elif cmd == 'update':
                article = Article(art_path)
                for a in db.articles:
        elif cmd == 'update':
                article = Article(art_path)
                for a in db.articles:
@@ -895,7 +1283,10 @@ def handle_cmd():
 
 
 if os.environ.has_key('GATEWAY_INTERFACE'):
 
 
 if os.environ.has_key('GATEWAY_INTERFACE'):
+       i = datetime.datetime.now()
        handle_cgi()
        handle_cgi()
+       f = datetime.datetime.now()
+       print '<!-- render time: %s -->' % (f-i)
 else:
        sys.exit(handle_cmd())
 
 else:
        sys.exit(handle_cmd())