guestbook-ng/guestbook-ng.pl

#!/usr/bin/env perl

# Dec 2021
# Daniel Bowling <swaggboi@slackware.uk>

use Mojolicious::Lite -signatures;
use Mojo::Pg;
use List::Util qw{shuffle};
use Regexp::Common qw{URI};
use Number::Format qw{format_number};
use WebService::Discord::Webhook;

# Load the model
use lib 'lib';
use GuestbookNg::Model::Message;
use GuestbookNg::Model::Counter;

# Plugins
plugin 'Config';
plugin 'TagHelpers::Pagination';
plugin AssetPack => {pipes => [qw{Css Combine}]};

# Helpers
helper pg => sub {
    my    $env = app->mode() eq 'development' ? 'dev_env' : 'prod_env';
    state $pg  = Mojo::Pg->new(app->config->{$env}{'pg_string'});
};

helper message => sub {
    state $message = GuestbookNg::Model::Message->new(pg => shift->pg)
};

helper counter => sub {
    state $counter = GuestbookNg::Model::Counter->new(pg => shift->pg)
};

# Routes
under sub ($c) {
    # Opt out of Google FLoC
    # https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
    $c->res->headers->header('Permissions-Policy', 'interest-cohort=()');

    unless ($c->session('counted')) {
        $c->counter->increment_visitor_count();
        $c->session(
            expires => time() + 1800,
            counted => 1
            );
    }

    $c->stash(status => 403) if $c->flash('error');

    $c->stash(
        post_count    => format_number($c->message->get_post_count),
        this_url      => $c->req->url->to_abs(),
        visitor_count => format_number($c->counter->get_visitor_count)
        );

    1;
};

get '/' => sub ($c) { $c->redirect_to(page => {page => 'view'}) };

any [qw{GET POST}], '/sign' => sub ($c) {
    my $v;

    $v = $c->validation() if $c->req->method eq 'POST';

    if ($v && $v->has_data) {
        my $name    = $c->param('name') || 'Anonymous';
        my $url     = $c->param('url');
        my $message = $c->param('message');
        my $spam    =
            !$c->param('answer')                                ? 1 :
            $message =~ /$RE{URI}{HTTP}{-scheme => qr<https?>}/ ? 1 :
            0;

        $v->required('name'   )->size(1,   63);
        $v->required('message')->size(2, 2000);
        $v->optional('url', 'not_empty')->size(1, 255)
            ->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);

        if ($v->has_error) {
            $c->stash(status => 400)
        }
        else {
            $c->message->create_post($name, $message, $url, $spam);

            if ($spam) {
                $c->flash(error => 'This message was flagged as spam')
            }
            # Send this notification if there's a Webhook URL
            elsif (app->mode() eq 'production' && -s '.tom.url') {
                my ($new_message_id, $url_file, $url, $webhook);

                eval {
                    $new_message_id = $c->message->get_last_message_id();

                    open($url_file, '.tom.url');
                    chomp($url = <$url_file>);

                    $webhook = WebService::Discord::Webhook->new(
                        url        => $url,
                        verify_SSL => 1
                        );

                    $webhook->execute(
                        'content',
                        "https://guestbook.swagg.net/message/$new_message_id"
                        );
                } or do {
                    $@ //= 'unknown error';

                    say "WEBHOOK URL $url FAILED: $@";
                }
            }

            return $c->redirect_to(page => {page => 'view'});
        }
    }
    # Throw a 400 for POST with null body too
    elsif ($v) {
        $c->stash(status => 400)
    }

    # Try to randomize things for the CAPTCHA challenge. The
    # string 'false' actually evaluates to true so this is an
    # attempt to confuse a (hypothetical) bot that would try to
    # select what it thinks is the right answer
    my @answers             = shuffle(0, 'false', undef);
    my $right_answer_label  = "I'm ready to sign (choose this one)";
    my @wrong_answer_labels = shuffle(
        "I don't want to sign (wrong answer)",
        "This is spam/I'm a bot, do not sign"
        );

    $c->stash(
        answers             => \@answers,
        right_answer_label  => $right_answer_label,
        wrong_answer_labels => \@wrong_answer_labels
        );

    $c->render();
};

group {
    under '/message';

    get '/:message_id', [message_id => qr/[0-9]+/] => sub ($c) {
        my $message_id = $c->param('message_id');
        my @view_post  = $c->message->get_post_by_id($message_id);

        $c->stash(status => 404) unless $view_post[0];

        $c->stash(view_post => @view_post);

        $c->render();
    };
};

group {
    under '/:page', [page => ['spam', 'view']];

    get '/:number', [number => qr/[0-9]+/], {number => 1} => sub ($c) {
        my $base_path  = $c->url_for(number => undef);
        my $this_page  = $c->param('number');
        my $last_page  = $base_path eq '/view'
            ? $c->message->get_last_page()
            : $c->message->get_last_page('spam');
        my $view_posts = $base_path eq '/view'
            ? $c->message->get_posts($this_page)
            : $c->message->get_spam($this_page);

        $c->stash(status => 404) unless @$view_posts[0];

        $c->stash(
            view_posts => $view_posts,
            this_page  => $this_page,
            last_page  => $last_page,
            base_path  => $base_path
            );

        $c->render();
    };
};

# Send it
app->secrets(app->config->{'secrets'}) || die $@;

app->message->max_posts(app->config->{'max_posts'})
    if app->config->{'max_posts'};

app->pg->migrations->from_dir('migrations')->migrate(8);

app->asset->process('swagg.css', 'css/swagg.css');

app->start();
Initial commit++ 2021-12-04 00:11:37 -05:00			`#!/usr/bin/env perl`

			`# Dec 2021`
			`# Daniel Bowling <swaggboi@slackware.uk>`

			`use Mojolicious::Lite -signatures;`
Initial DB implementation 2021-12-04 18:34:35 -05:00			`use Mojo::Pg;`
Make CAPTCHA more random 2021-12-31 22:32:39 -05:00			`use List::Util qw{shuffle};`
Filter URLs out of message body 2022-01-02 02:01:45 -05:00			`use Regexp::Common qw{URI};`
Implement post count 2022-01-11 19:51:45 -05:00			`use Number::Format qw{format_number};`
Added webhook URL dotfiles and module for the webhook requests 2022-07-21 23:45:03 -04:00			`use WebService::Discord::Webhook;`
Make CAPTCHA more random 2021-12-31 22:32:39 -05:00
			`# Load the model`
Implement Test model 2021-12-04 02:26:25 -05:00			`use lib 'lib';`
Implement basic guestbook signing and reading 2021-12-05 02:52:31 -05:00			`use GuestbookNg::Model::Message;`
Add helper for the new model 2022-02-09 21:17:49 -05:00			`use GuestbookNg::Model::Counter;`
Implement Test model 2021-12-04 02:26:25 -05:00
Initial DB implementation 2021-12-04 18:34:35 -05:00			`# Plugins`
			`plugin 'Config';`
Implement paging 2021-12-11 21:02:54 -05:00			`plugin 'TagHelpers::Pagination';`
housecleaning 2024-07-04 01:17:58 -04:00			`plugin AssetPack => {pipes => [qw{Css Combine}]};`
Initial DB implementation 2021-12-04 18:34:35 -05:00
			`# Helpers`
			`helper pg => sub {`
Just specify Postgres connection string in conf file 2022-01-10 14:18:49 -05:00			`my $env = app->mode() eq 'development' ? 'dev_env' : 'prod_env';`
			`state $pg = Mojo::Pg->new(app->config->{$env}{'pg_string'});`
Initial DB implementation 2021-12-04 18:34:35 -05:00			`};`

Begin Message model 2021-12-04 23:06:05 -05:00			`helper message => sub {`
Implement basic guestbook signing and reading 2021-12-05 02:52:31 -05:00			`state $message = GuestbookNg::Model::Message->new(pg => shift->pg)`
Begin Message model 2021-12-04 23:06:05 -05:00			`};`

Add helper for the new model 2022-02-09 21:17:49 -05:00			`helper counter => sub {`
			`state $counter = GuestbookNg::Model::Counter->new(pg => shift->pg)`
			`};`

Using under() for the migration didn't make sense 2021-12-05 04:22:55 -05:00			`# Routes`
Implement CAPTCHA 2021-12-18 23:03:53 -05:00			`under sub ($c) {`
			`# Opt out of Google FLoC`
			`# https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network`
			`$c->res->headers->header('Permissions-Policy', 'interest-cohort=()');`

Make the visitor counter increment when a new session is created 2022-04-03 21:34:22 -04:00			`unless ($c->session('counted')) {`
			`$c->counter->increment_visitor_count();`
			`$c->session(`
Make cookie smol 2022-04-16 18:55:22 -04:00			`expires => time() + 1800,`
			`counted => 1`
Make the visitor counter increment when a new session is created 2022-04-03 21:34:22 -04:00			`);`
			`}`
Initial flash error implementation 2022-01-01 23:37:41 -05:00
More tests 2022-01-08 22:01:51 -05:00			`$c->stash(status => 403) if $c->flash('error');`
Validate input 2022-01-08 21:21:22 -05:00
Display the visitor counter 2022-04-03 21:04:09 -04:00			`$c->stash(`
			`post_count => format_number($c->message->get_post_count),`
Small style tweaks 2022-04-08 13:10:52 -04:00			`this_url => $c->req->url->to_abs(),`
Display the visitor counter 2022-04-03 21:04:09 -04:00			`visitor_count => format_number($c->counter->get_visitor_count)`
			`);`
Fix post count 2022-01-11 20:15:53 -05:00
Implement CAPTCHA 2021-12-18 23:03:53 -05:00			`1;`
			`};`

Fix the named route for page (/view) 2022-04-09 00:52:16 -04:00			`get '/' => sub ($c) { $c->redirect_to(page => {page => 'view'}) };`
Implement /spam route 2022-01-12 15:18:34 -05:00
Some small style tweaks 2021-12-19 00:43:18 -05:00			`any [qw{GET POST}], '/sign' => sub ($c) {`
Some smol tweaks to appease `perlcritic` 2022-04-22 12:44:19 -04:00			`my $v;`

			`$v = $c->validation() if $c->req->method eq 'POST';`
Validate input 2022-01-08 21:21:22 -05:00
Throw 400s for invalid input 2022-04-09 15:35:24 -04:00			`if ($v && $v->has_data) {`
Don't require name to post 2021-12-31 23:05:34 -05:00			`my $name = $c->param('name') \|\| 'Anonymous';`
Back-end stuff to get the URL field working 2021-12-31 23:45:21 -05:00			`my $url = $c->param('url');`
Implement basic guestbook signing and reading 2021-12-05 02:52:31 -05:00			`my $message = $c->param('message');`
Fix CAPTCHA and flash error for spam 2022-01-02 17:53:43 -05:00			`my $spam =`
			`!$c->param('answer') ? 1 :`
			`$message =~ /$RE{URI}{HTTP}{-scheme => qr<https?>}/ ? 1 :`
			`0;`
Filter URLs out of message body 2022-01-02 02:01:45 -05:00
Validate input 2022-01-08 21:21:22 -05:00			`$v->required('name' )->size(1, 63);`
			`$v->required('message')->size(2, 2000);`
			`$v->optional('url', 'not_empty')->size(1, 255)`
			`->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);`

Throw 400s for invalid input 2022-04-09 15:35:24 -04:00			`if ($v->has_error) {`
			`$c->stash(status => 400)`
			`}`
			`else {`
Clean up some stuff 2022-07-22 11:06:29 -04:00			`$c->message->create_post($name, $message, $url, $spam);`
Check for presence of the webhook URL dotfile 2022-07-21 23:58:41 -04:00
			`if ($spam) {`
			`$c->flash(error => 'This message was flagged as spam')`
			`}`
Implemented the Webhook request; all my URL gone 2022-07-22 00:49:33 -04:00			`# Send this notification if there's a Webhook URL`
Only send the Webhook in prod 2022-07-22 00:56:57 -04:00			`elsif (app->mode() eq 'production' && -s '.tom.url') {`
Clean up some stuff 2022-07-22 11:06:29 -04:00			`my ($new_message_id, $url_file, $url, $webhook);`

Implement uh... try/catch sorta 2022-07-22 13:10:18 -04:00			`eval {`
			`$new_message_id = $c->message->get_last_message_id();`

			`open($url_file, '.tom.url');`
			`chomp($url = <$url_file>);`

			`$webhook = WebService::Discord::Webhook->new(`
			`url => $url,`
			`verify_SSL => 1`
			`);`

			`$webhook->execute(`
			`'content',`
			`"https://guestbook.swagg.net/message/$new_message_id"`
			`);`
			`} or do {`
			`$@ //= 'unknown error';`

			`say "WEBHOOK URL $url FAILED: $@";`
			`}`
Check for presence of the webhook URL dotfile 2022-07-21 23:58:41 -04:00			`}`
Explicit return for the redirect in the /sign route 2022-01-10 13:44:30 -05:00
Fix the named route for page (/view) 2022-04-09 00:52:16 -04:00			`return $c->redirect_to(page => {page => 'view'});`
Initial flash error implementation 2022-01-01 23:37:41 -05:00			`}`
Implement basic guestbook signing and reading 2021-12-05 02:52:31 -05:00			`}`
Throw 400s for invalid input 2022-04-09 15:35:24 -04:00			`# Throw a 400 for POST with null body too`
			`elsif ($v) {`
			`$c->stash(status => 400)`
			`}`
Validate input 2022-01-08 21:21:22 -05:00
			`# Try to randomize things for the CAPTCHA challenge. The`
			`# string 'false' actually evaluates to true so this is an`
			`# attempt to confuse a (hypothetical) bot that would try to`
			`# select what it thinks is the right answer`
			`my @answers = shuffle(0, 'false', undef);`
Some style tweaks, this was buggin me 2022-04-03 17:11:02 -04:00			`my $right_answer_label = "I'm ready to sign (choose this one)";`
Validate input 2022-01-08 21:21:22 -05:00			`my @wrong_answer_labels = shuffle(`
Some style tweaks, this was buggin me 2022-04-03 17:11:02 -04:00			`"I don't want to sign (wrong answer)",`
			`"This is spam/I'm a bot, do not sign"`
Validate input 2022-01-08 21:21:22 -05:00			`);`

			`$c->stash(`
			`answers => \@answers,`
			`right_answer_label => $right_answer_label,`
			`wrong_answer_labels => \@wrong_answer_labels`
			`);`

			`$c->render();`
Implement basic guestbook signing and reading 2021-12-05 02:52:31 -05:00			`};`

Implement get_post_by_id() and the message_id view 2022-04-04 22:56:45 -04:00			`group {`
			`under '/message';`
Implement the /message/:id route 2022-04-04 21:21:11 -04:00
Implement get_post_by_id() and the message_id view 2022-04-04 22:56:45 -04:00			`get '/:message_id', [message_id => qr/[0-9]+/] => sub ($c) {`
			`my $message_id = $c->param('message_id');`
			`my @view_post = $c->message->get_post_by_id($message_id);`
Implement the /message/:id route 2022-04-04 21:21:11 -04:00
Implement get_post_by_id() and the message_id view 2022-04-04 22:56:45 -04:00			`$c->stash(status => 404) unless $view_post[0];`

			`$c->stash(view_post => @view_post);`

Implement /view route w/ page_number placeholder 2022-04-07 21:04:41 -04:00			`$c->render();`
			`};`
			`};`

Fix <nav> hyperlink; implement placeholder for /spam too 2022-04-07 21:13:50 -04:00			`group {`
Consolidate /view and /spam base paths 2022-04-07 23:04:09 -04:00			`under '/:page', [page => ['spam', 'view']];`
Fix <nav> hyperlink; implement placeholder for /spam too 2022-04-07 21:13:50 -04:00
Use restrictive placeholder in addition to optional for page number 2022-04-07 22:14:24 -04:00			`get '/:number', [number => qr/[0-9]+/], {number => 1} => sub ($c) {`
			`my $base_path = $c->url_for(number => undef);`
Consolidate /view and /spam base paths 2022-04-07 23:04:09 -04:00			`my $this_page = $c->param('number');`
Small tweaks I've been meaning to make 2022-04-08 12:59:15 -04:00			`my $last_page = $base_path eq '/view'`
			`? $c->message->get_last_page()`
Use string 'spam' as true boolean for readability 2022-04-09 15:16:11 -04:00			`: $c->message->get_last_page('spam');`
Small tweaks I've been meaning to make 2022-04-08 12:59:15 -04:00			`my $view_posts = $base_path eq '/view'`
			`? $c->message->get_posts($this_page)`
			`: $c->message->get_spam($this_page);`
Fix <nav> hyperlink; implement placeholder for /spam too 2022-04-07 21:13:50 -04:00
Use unique <meta> tags for single message view; change status to 404 if page is not found 2022-04-08 14:17:23 -04:00			`$c->stash(status => 404) unless @$view_posts[0];`

Fix <nav> hyperlink; implement placeholder for /spam too 2022-04-07 21:13:50 -04:00			`$c->stash(`
			`view_posts => $view_posts,`
			`this_page => $this_page,`
			`last_page => $last_page,`
			`base_path => $base_path`
			`);`

			`$c->render();`
			`};`
			`};`

Initial DB implementation 2021-12-04 18:34:35 -05:00			`# Send it`
Implement session secret 2021-12-05 03:32:22 -05:00			`app->secrets(app->config->{'secrets'}) \|\| die $@;`
Move pager logic to Message model 2021-12-12 01:50:07 -05:00
			`app->message->max_posts(app->config->{'max_posts'})`
			`if app->config->{'max_posts'};`

Display the visitor counter 2022-04-03 21:04:09 -04:00			`app->pg->migrations->from_dir('migrations')->migrate(8);`
Move pager logic to Message model 2021-12-12 01:50:07 -05:00
Initial AssetPack setup 2021-12-22 23:18:35 -05:00			`app->asset->process('swagg.css', 'css/swagg.css');`

Initial commit++ 2021-12-04 00:11:37 -05:00			`app->start();`