guestbook-ng/guestbook-ng.pl

#!/usr/bin/env perl

# Dec 2021
# Daniel Bowling <swaggboi@slackware.uk>

use Mojolicious::Lite -signatures;
use Mojo::Pg;
use List::Util qw{shuffle};
use Regexp::Common qw{URI};
use Number::Format qw{format_number};
#use Data::Dumper; # Uncomment for debugging

# Load the model
use lib 'lib';
use GuestbookNg::Model::Message;
use GuestbookNg::Model::Counter;

# Plugins
plugin 'Config';
plugin 'TagHelpers::Pagination';
plugin AssetPack => {pipes => [qw{Css JavaScript Combine}]};

# Helpers
helper pg => sub {
    my    $env = app->mode() eq 'development' ? 'dev_env' : 'prod_env';
    state $pg  = Mojo::Pg->new(app->config->{$env}{'pg_string'});
};

helper message => sub {
    state $message = GuestbookNg::Model::Message->new(pg => shift->pg)
};

helper counter => sub {
    state $counter = GuestbookNg::Model::Counter->new(pg => shift->pg)
};

# Routes
under sub ($c) {
    # Opt out of Google FLoC
    # https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
    $c->res->headers->header('Permissions-Policy', 'interest-cohort=()');

    unless ($c->session('counted')) {
        $c->counter->increment_visitor_count();
        $c->session(
            expiration => 1800,
            counted    => 1
            );
    }

    $c->stash(status => 403) if $c->flash('error');

    $c->stash(
        post_count    => format_number($c->message->get_post_count),
        visitor_count => format_number($c->counter->get_visitor_count)
        );

    1;
};

get '/' => sub ($c) {
    $c->redirect_to('view');
};

any [qw{GET POST}], '/sign' => sub ($c) {
    my $v = $c->validation();

    if ($c->req->method eq 'POST' && $v->has_data) {
        my $name    = $c->param('name') || 'Anonymous';
        my $url     = $c->param('url');
        my $message = $c->param('message');
        my $spam    =
            !$c->param('answer')                                ? 1 :
            $message =~ /$RE{URI}{HTTP}{-scheme => qr<https?>}/ ? 1 :
            0;

        $v->required('name'   )->size(1,   63);
        $v->required('message')->size(2, 2000);
        $v->optional('url', 'not_empty')->size(1, 255)
            ->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);

        unless ($v->has_error) {
            $c->message->create_post($name, $message, $url, $spam);

            $c->flash(error => 'This message was flagged as spam') if $spam;

            return $c->redirect_to('view');
        }
    }

    # Try to randomize things for the CAPTCHA challenge. The
    # string 'false' actually evaluates to true so this is an
    # attempt to confuse a (hypothetical) bot that would try to
    # select what it thinks is the right answer
    my @answers             = shuffle(0, 'false', undef);
    my $right_answer_label  = "I'm ready to sign (choose this one)";
    my @wrong_answer_labels = shuffle(
        "I don't want to sign (wrong answer)",
        "This is spam/I'm a bot, do not sign"
        );

    $c->stash(
        answers             => \@answers,
        right_answer_label  => $right_answer_label,
        wrong_answer_labels => \@wrong_answer_labels
        );

    $c->render();
};

group {
    under '/message';

    get '/:message_id', [message_id => qr/[0-9]+/] => sub ($c) {
        my $message_id = $c->param('message_id');
        my @view_post  = $c->message->get_post_by_id($message_id);

        $c->stash(status => 404) unless $view_post[0];

        $c->stash(view_post => @view_post);

        $c->render();
    };
};

group {
    under '/:page', [page => ['spam', 'view']];

    get '/:number', [number => qr/[0-9]+/], {number => 1} => sub ($c) {
        my $base_path  = $c->url_for(number => undef);
        my $this_page  = $c->param('number');
        my $last_page  = $base_path eq '/view'
            ? $c->message->get_last_page()
            : $c->message->get_last_page(1);
        my $view_posts = $base_path eq '/view'
            ? $c->message->get_posts($this_page)
            : $c->message->get_spam($this_page);

        $c->stash(
            view_posts => $view_posts,
            this_page  => $this_page,
            last_page  => $last_page,
            base_path  => $base_path
            );

        $c->render();
    };
};

# Send it
app->secrets(app->config->{'secrets'}) || die $@;

app->message->max_posts(app->config->{'max_posts'})
    if app->config->{'max_posts'};

app->pg->migrations->from_dir('migrations')->migrate(8);

app->asset->process('swagg.css', 'css/swagg.css');

app->start();
Initial commit++ 2021-12-04 05:11:37 +00:00			`#!/usr/bin/env perl`

			`# Dec 2021`
			`# Daniel Bowling <swaggboi@slackware.uk>`

			`use Mojolicious::Lite -signatures;`
Initial DB implementation 2021-12-04 23:34:35 +00:00			`use Mojo::Pg;`
Make CAPTCHA more random 2022-01-01 03:32:39 +00:00			`use List::Util qw{shuffle};`
Filter URLs out of message body 2022-01-02 07:01:45 +00:00			`use Regexp::Common qw{URI};`
Implement post count 2022-01-12 00:51:45 +00:00			`use Number::Format qw{format_number};`
Getting things ready to deploy 2022-01-10 17:53:10 +00:00			`#use Data::Dumper; # Uncomment for debugging`
Make CAPTCHA more random 2022-01-01 03:32:39 +00:00
			`# Load the model`
Implement Test model 2021-12-04 07:26:25 +00:00			`use lib 'lib';`
Implement basic guestbook signing and reading 2021-12-05 07:52:31 +00:00			`use GuestbookNg::Model::Message;`
Add helper for the new model 2022-02-10 02:17:49 +00:00			`use GuestbookNg::Model::Counter;`
Implement Test model 2021-12-04 07:26:25 +00:00
Initial DB implementation 2021-12-04 23:34:35 +00:00			`# Plugins`
			`plugin 'Config';`
Implement paging 2021-12-12 02:02:54 +00:00			`plugin 'TagHelpers::Pagination';`
Initial AssetPack setup 2021-12-23 04:18:35 +00:00			`plugin AssetPack => {pipes => [qw{Css JavaScript Combine}]};`
Initial DB implementation 2021-12-04 23:34:35 +00:00
			`# Helpers`
			`helper pg => sub {`
Just specify Postgres connection string in conf file 2022-01-10 19:18:49 +00:00			`my $env = app->mode() eq 'development' ? 'dev_env' : 'prod_env';`
			`state $pg = Mojo::Pg->new(app->config->{$env}{'pg_string'});`
Initial DB implementation 2021-12-04 23:34:35 +00:00			`};`

Begin Message model 2021-12-05 04:06:05 +00:00			`helper message => sub {`
Implement basic guestbook signing and reading 2021-12-05 07:52:31 +00:00			`state $message = GuestbookNg::Model::Message->new(pg => shift->pg)`
Begin Message model 2021-12-05 04:06:05 +00:00			`};`

Add helper for the new model 2022-02-10 02:17:49 +00:00			`helper counter => sub {`
			`state $counter = GuestbookNg::Model::Counter->new(pg => shift->pg)`
			`};`

Using under() for the migration didn't make sense 2021-12-05 09:22:55 +00:00			`# Routes`
Implement CAPTCHA 2021-12-19 04:03:53 +00:00			`under sub ($c) {`
			`# Opt out of Google FLoC`
			`# https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network`
			`$c->res->headers->header('Permissions-Policy', 'interest-cohort=()');`

Make the visitor counter increment when a new session is created 2022-04-04 01:34:22 +00:00			`unless ($c->session('counted')) {`
			`$c->counter->increment_visitor_count();`
			`$c->session(`
expires vs expiration It appears I have misunderstood the difference between `expires => time() + 3600` and `expiration => 3600` as I thought `expires` would just set the expiration one time and not update for subsequent requests. Per this discussion thread, that does not appear to be correct: https://github.com/mojolicious/mojo/discussions/1833 Thus I felt it best to just set the expiry period to 30 min and allow that to reset on subsequent requests rather than reinvent the wheel 2022-04-04 21:22:23 +00:00			`expiration => 1800,`
			`counted => 1`
Make the visitor counter increment when a new session is created 2022-04-04 01:34:22 +00:00			`);`
			`}`
Initial flash error implementation 2022-01-02 04:37:41 +00:00
More tests 2022-01-09 03:01:51 +00:00			`$c->stash(status => 403) if $c->flash('error');`
Validate input 2022-01-09 02:21:22 +00:00
Display the visitor counter 2022-04-04 01:04:09 +00:00			`$c->stash(`
			`post_count => format_number($c->message->get_post_count),`
			`visitor_count => format_number($c->counter->get_visitor_count)`
			`);`
Fix post count 2022-01-12 01:15:53 +00:00
Implement CAPTCHA 2021-12-19 04:03:53 +00:00			`1;`
			`};`

Implement /view route w/ page_number placeholder 2022-04-08 01:04:41 +00:00			`get '/' => sub ($c) {`
			`$c->redirect_to('view');`
			`};`
Implement /spam route 2022-01-12 20:18:34 +00:00
Some small style tweaks 2021-12-19 05:43:18 +00:00			`any [qw{GET POST}], '/sign' => sub ($c) {`
Validate input 2022-01-09 02:21:22 +00:00			`my $v = $c->validation();`

			`if ($c->req->method eq 'POST' && $v->has_data) {`
Don't require name to post 2022-01-01 04:05:34 +00:00			`my $name = $c->param('name') \|\| 'Anonymous';`
Back-end stuff to get the URL field working 2022-01-01 04:45:21 +00:00			`my $url = $c->param('url');`
Implement basic guestbook signing and reading 2021-12-05 07:52:31 +00:00			`my $message = $c->param('message');`
Fix CAPTCHA and flash error for spam 2022-01-02 22:53:43 +00:00			`my $spam =`
			`!$c->param('answer') ? 1 :`
			`$message =~ /$RE{URI}{HTTP}{-scheme => qr<https?>}/ ? 1 :`
			`0;`
Filter URLs out of message body 2022-01-02 07:01:45 +00:00
Validate input 2022-01-09 02:21:22 +00:00			`$v->required('name' )->size(1, 63);`
			`$v->required('message')->size(2, 2000);`
			`$v->optional('url', 'not_empty')->size(1, 255)`
			`->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);`

			`unless ($v->has_error) {`
Implement is_spam column 2022-01-02 06:31:33 +00:00			`$c->message->create_post($name, $message, $url, $spam);`
Fix CAPTCHA and flash error for spam 2022-01-02 22:53:43 +00:00
			`$c->flash(error => 'This message was flagged as spam') if $spam;`
Explicit return for the redirect in the /sign route 2022-01-10 18:44:30 +00:00
Consolidate /view and /spam base paths 2022-04-08 03:04:09 +00:00			`return $c->redirect_to('view');`
Initial flash error implementation 2022-01-02 04:37:41 +00:00			`}`
Implement basic guestbook signing and reading 2021-12-05 07:52:31 +00:00			`}`
Validate input 2022-01-09 02:21:22 +00:00
			`# Try to randomize things for the CAPTCHA challenge. The`
			`# string 'false' actually evaluates to true so this is an`
			`# attempt to confuse a (hypothetical) bot that would try to`
			`# select what it thinks is the right answer`
			`my @answers = shuffle(0, 'false', undef);`
Some style tweaks, this was buggin me 2022-04-03 21:11:02 +00:00			`my $right_answer_label = "I'm ready to sign (choose this one)";`
Validate input 2022-01-09 02:21:22 +00:00			`my @wrong_answer_labels = shuffle(`
Some style tweaks, this was buggin me 2022-04-03 21:11:02 +00:00			`"I don't want to sign (wrong answer)",`
			`"This is spam/I'm a bot, do not sign"`
Validate input 2022-01-09 02:21:22 +00:00			`);`

			`$c->stash(`
			`answers => \@answers,`
			`right_answer_label => $right_answer_label,`
			`wrong_answer_labels => \@wrong_answer_labels`
			`);`

			`$c->render();`
Implement basic guestbook signing and reading 2021-12-05 07:52:31 +00:00			`};`

Implement get_post_by_id() and the message_id view 2022-04-05 02:56:45 +00:00			`group {`
			`under '/message';`
Implement the /message/:id route 2022-04-05 01:21:11 +00:00
Implement get_post_by_id() and the message_id view 2022-04-05 02:56:45 +00:00			`get '/:message_id', [message_id => qr/[0-9]+/] => sub ($c) {`
			`my $message_id = $c->param('message_id');`
			`my @view_post = $c->message->get_post_by_id($message_id);`
Implement the /message/:id route 2022-04-05 01:21:11 +00:00
Implement get_post_by_id() and the message_id view 2022-04-05 02:56:45 +00:00			`$c->stash(status => 404) unless $view_post[0];`

			`$c->stash(view_post => @view_post);`

Implement /view route w/ page_number placeholder 2022-04-08 01:04:41 +00:00			`$c->render();`
			`};`
			`};`

Fix <nav> hyperlink; implement placeholder for /spam too 2022-04-08 01:13:50 +00:00			`group {`
Consolidate /view and /spam base paths 2022-04-08 03:04:09 +00:00			`under '/:page', [page => ['spam', 'view']];`
Fix <nav> hyperlink; implement placeholder for /spam too 2022-04-08 01:13:50 +00:00
Use restrictive placeholder in addition to optional for page number 2022-04-08 02:14:24 +00:00			`get '/:number', [number => qr/[0-9]+/], {number => 1} => sub ($c) {`
			`my $base_path = $c->url_for(number => undef);`
Consolidate /view and /spam base paths 2022-04-08 03:04:09 +00:00			`my $this_page = $c->param('number');`
Small tweaks I've been meaning to make 2022-04-08 16:59:15 +00:00			`my $last_page = $base_path eq '/view'`
			`? $c->message->get_last_page()`
			`: $c->message->get_last_page(1);`
			`my $view_posts = $base_path eq '/view'`
			`? $c->message->get_posts($this_page)`
			`: $c->message->get_spam($this_page);`
Fix <nav> hyperlink; implement placeholder for /spam too 2022-04-08 01:13:50 +00:00
			`$c->stash(`
			`view_posts => $view_posts,`
			`this_page => $this_page,`
			`last_page => $last_page,`
			`base_path => $base_path`
			`);`

			`$c->render();`
			`};`
			`};`

Initial DB implementation 2021-12-04 23:34:35 +00:00			`# Send it`
Implement session secret 2021-12-05 08:32:22 +00:00			`app->secrets(app->config->{'secrets'}) \|\| die $@;`
Move pager logic to Message model 2021-12-12 06:50:07 +00:00
			`app->message->max_posts(app->config->{'max_posts'})`
			`if app->config->{'max_posts'};`

Display the visitor counter 2022-04-04 01:04:09 +00:00			`app->pg->migrations->from_dir('migrations')->migrate(8);`
Move pager logic to Message model 2021-12-12 06:50:07 +00:00
Initial AssetPack setup 2021-12-23 04:18:35 +00:00			`app->asset->process('swagg.css', 'css/swagg.css');`

Initial commit++ 2021-12-04 05:11:37 +00:00			`app->start();`