Implementa medidas anti-spam

Toma las ideas de http://jeffcroft.com/blog/2012/jan/31/shut-down-comment-spam/
para tratar de validar si un comentario es originado por un usuario.

El algoritmo es
 - Establecer en los comentarios un input escondido
 - Cuando el usuario escribe, esperar 5 segundos para poner una llave definida en keys.py
 - Solo postear el comentario si la llave es igual a la esperada

README.markdown

@@ -14,6 +14,8 @@ cookie_key = 'UNASTRINGALEATORIAMUYLARGAUNASTRINGALEATORIAMUYLARGAUNASTRINGALEAT
 
 salt_key = 'UNASTRINGALEATORIAMUYLARGA'
 
+comment_key = 'UNASTRINGNOTANLARGAPEROSIALEATORIA'
+
 Si quisieras usar el bot de twitter tambien necesitarias agregar las siguientes llaves de la misma manera:
 
 consumer_key = ""

handlers/CommentReplyHandler.py

@@ -44,6 +44,8 @@
 class Handler(webapp.RequestHandler):
   def get(self,comment_id):
     session = get_current_session()
+    if hasattr(keys, 'comment_key'):
+      comment_key = keys.comment_key
     if session.has_key('user'):
       user = session['user']
     try:
@@ -58,7 +60,8 @@ def post(self,comment_id):
     if session.has_key('user'):
       message = helper.sanitizeHtml(self.request.get('message'))
       user = session['user']
-      if len(message) > 0:
+      key = self.request.get('comment_key')
+      if len(message) > 0 and key == keys.comment_key:
         try:
           parentComment = db.get(comment_id)
           comment = Comment(message=message,user=user,post=parentComment.post, father=parentComment)

handlers/PostHandler.py

@@ -55,8 +55,8 @@ def get(self,post_id):
     if hasattr(keys,'base_url') and hasattr(keys,'killmetrics_prod') and (helper.base_url(self) == keys.base_url or helper.base_url(self) == keys.base_url_custom_url):
       killmetrics_key = keys.killmetrics_prod
     #### Killmetrics test
-
-
+    if hasattr(keys, 'comment_key'):
+      comment_key = keys.comment_key
 
     try:
       post = Post.all().filter('nice_url =', helper.parse_post_id( post_id ) ).get()
@@ -87,7 +87,8 @@ def post(self, post_id):
     if session.has_key('user'):
       message = helper.sanitizeHtml(self.request.get('message'))
       user = session['user']
-      if len(message) > 0:
+      key = self.request.get('comment_key')
+      if len(message) > 0 and key == keys.comment_key:
         try:
           post = Post.all().filter('nice_url =', helper.parse_post_id( post_id ) ).get()
           if post  == None: #If for some reason the post doesn't have a nice url, we try the id. This is also the case of all old stories

templates/comment.html

@@ -21,9 +21,23 @@
   <form method="POST" class="validable">
     <fieldset>
       <textarea name="message" class="requerido"></textarea>
+      <input type="hidden" name="comment_key" value="">
       <br/><input type="Submit" value="Responder"/>
     </fieldset>
   </form>
 </div>
+<script type="text/javascript">
+;(function($){
+  $('textarea[name=message]').keypress(function(){
+    var $hidden = $(this).siblings('input[name=comment_key]');
+
+    if ($hidden.val() === '') {
+      setTimeout(function() {
+        $hidden.val('{{comment_key}}');
+      }, 5000);
+    }
+  });
+}(jQuery));
+</script>
 
 {% endblock %}

templates/post.html

@@ -12,9 +12,11 @@
     <form method="POST" class="validable">
       <fieldset>
         <textarea name="message" class="requerido"></textarea>
+        <input type="hidden" name="comment_key" value="">
         <br/><input type="submit" value="Agregar comentario"/>
       </fieldset>
     </form>
+
   {% else %}
     <a href="/login">Registrate</a> para responder a este mensaje, toma 10 segundos<hr/>
   {% endif %}
@@ -24,5 +26,17 @@
     {% endif %}
   {% endfor %}
 </div>
+<script type="text/javascript">
+;(function($){
+  $('textarea[name=message]').keypress(function(){
+    var $hidden = $(this).siblings('input[name=comment_key]');
 
+    if ($hidden.val() === '') {
+      setTimeout(function() {
+        $hidden.val('{{comment_key}}');
+      }, 5000);
+    }
+  });
+}(jQuery));
+</script>
 {% endblock %}