def fetch(self, environ, request, uri): rv = list(self.comments.fetch(uri)) if not rv: raise NotFound for item in rv: key = item['email'] or item['remote_addr'] val = self.cache.get('hash', key.encode('utf-8')) if val is None: val = pbkdf2(key, self.isso.salt, 1000, 6).decode("utf-8") self.cache.set('hash', key.encode('utf-8'), val) item['hash'] = val for key in set(item.keys()) - API.FIELDS: item.pop(key) if request.args.get('plain', '0') == '0': for item in rv: item['text'] = self.isso.render(item['text']) return JSON(rv, 200)
def _process_fetched_list(self, fetched_list, plain=False): for item in fetched_list: key = item['email'] or item['remote_addr'] val = self.cache.get('hash', key.encode('utf-8')) if val is None: val = pbkdf2(key, self.isso.salt, 1000, 6).decode("utf-8") self.cache.set('hash', key.encode('utf-8'), val) item['hash'] = val for key in set(item.keys()) - API.FIELDS: item.pop(key) if plain: for item in fetched_list: item['text'] = self.isso.render(item['text']) return fetched_list
def new(self, environ, request, uri): data = request.get_json() for field in set(data.keys()) - API.ACCEPT: data.pop(field) for key in ("author", "email", "website", "parent"): data.setdefault(key, None) valid, reason = API.verify(data) if not valid: return BadRequest(reason) for field in ("author", "email"): if data.get(field) is not None: data[field] = cgi.escape(data[field]) data['mode'] = 2 if self.moderated else 1 data['remote_addr'] = utils.anonymize(str(request.remote_addr)) with self.isso.lock: if uri not in self.threads: with http.curl('GET', local("origin"), uri) as resp: if resp and resp.status == 200: uri, title = parse.thread(resp.read(), id=uri) else: return NotFound('URI does not exist') thread = self.threads.new(uri, title) self.signal("comments.new:new-thread", thread) else: thread = self.threads[uri] # notify extensions that the new comment is about to save self.signal("comments.new:before-save", thread, data) valid, reason = self.guard.validate(uri, data) if not valid: self.signal("comments.new:guard", reason) raise Forbidden(reason) with self.isso.lock: rv = self.comments.add(uri, data) # notify extension, that the new comment has been successfully saved self.signal("comments.new:after-save", thread, rv) cookie = functools.partial(dump_cookie, value=self.isso.sign([rv["id"], sha1(rv["text"])]), max_age=self.conf.getint('max-age')) rv["text"] = self.isso.render(rv["text"]) rv["hash"] = pbkdf2(rv['email'] or rv['remote_addr'], self.isso.salt, 1000, 6).decode("utf-8") self.cache.set('hash', (rv['email'] or rv['remote_addr']).encode('utf-8'), rv['hash']) for key in set(rv.keys()) - API.FIELDS: rv.pop(key) # success! self.signal("comments.new:finish", thread, rv) resp = JSON(rv, 202 if rv["mode"] == 2 else 201) resp.headers.add("Set-Cookie", cookie(str(rv["id"]))) resp.headers.add("X-Set-Cookie", cookie("isso-%i" % rv["id"])) return resp