From 6167c8a0618540f2a356087b922bf0b26600e7d5 Mon Sep 17 00:00:00 2001
From: Jeduan Cornejo <jeduan@gmail.com>
Date: Wed, 8 Feb 2012 02:29:13 -0600
Subject: [PATCH] Implementa medidas anti-spam

Toma las ideas de http://jeffcroft.com/blog/2012/jan/31/shut-down-comment-spam/
para tratar de validar si un comentario es originado por un usuario.

El algoritmo es
 - Establecer en los comentarios un input escondido
 - Cuando el usuario escribe, esperar 5 segundos para poner una llave definida en keys.py
 - Solo postear el comentario si la llave es igual a la esperada
---
 README.markdown                 |  2 ++
 handlers/CommentReplyHandler.py |  5 ++++-
 handlers/PostHandler.py         |  7 ++++---
 templates/comment.html          | 14 ++++++++++++++
 templates/post.html             | 14 ++++++++++++++
 5 files changed, 38 insertions(+), 4 deletions(-)
 mode change 100644 => 100755 handlers/CommentReplyHandler.py
 mode change 100644 => 100755 handlers/PostHandler.py

diff --git a/README.markdown b/README.markdown
index 9596af5..80bb158 100644
--- a/README.markdown
+++ b/README.markdown
@@ -14,6 +14,8 @@ cookie_key = 'UNASTRINGALEATORIAMUYLARGAUNASTRINGALEATORIAMUYLARGAUNASTRINGALEAT
 
 salt_key = 'UNASTRINGALEATORIAMUYLARGA'
 
+comment_key = 'UNASTRINGNOTANLARGAPEROSIALEATORIA'
+
 Si quisieras usar el bot de twitter tambien necesitarias agregar las siguientes llaves de la misma manera:
 
 consumer_key = ""
diff --git a/handlers/CommentReplyHandler.py b/handlers/CommentReplyHandler.py
old mode 100644
new mode 100755
index c809411..99440c2
--- a/handlers/CommentReplyHandler.py
+++ b/handlers/CommentReplyHandler.py
@@ -44,6 +44,8 @@
 class Handler(webapp.RequestHandler):
   def get(self,comment_id):
     session = get_current_session()
+    if hasattr(keys, 'comment_key'):
+      comment_key = keys.comment_key
     if session.has_key('user'):
       user = session['user']
     try:
@@ -58,7 +60,8 @@ def post(self,comment_id):
     if session.has_key('user'):
       message = helper.sanitizeHtml(self.request.get('message'))
       user = session['user']
-      if len(message) > 0:
+      key = self.request.get('comment_key')
+      if len(message) > 0 and key == keys.comment_key:
         try:
           parentComment = db.get(comment_id)
           comment = Comment(message=message,user=user,post=parentComment.post, father=parentComment)
diff --git a/handlers/PostHandler.py b/handlers/PostHandler.py
old mode 100644
new mode 100755
index 7b0c148..a7b7936
--- a/handlers/PostHandler.py
+++ b/handlers/PostHandler.py
@@ -55,8 +55,8 @@ def get(self,post_id):
     if hasattr(keys,'base_url') and hasattr(keys,'killmetrics_prod') and (helper.base_url(self) == keys.base_url or helper.base_url(self) == keys.base_url_custom_url):
       killmetrics_key = keys.killmetrics_prod
     #### Killmetrics test
-
-   
+    if hasattr(keys, 'comment_key'):
+      comment_key = keys.comment_key
 
     try:
       post = Post.all().filter('nice_url =', helper.parse_post_id( post_id ) ).get()
@@ -87,7 +87,8 @@ def post(self, post_id):
     if session.has_key('user'):
       message = helper.sanitizeHtml(self.request.get('message'))
       user = session['user']
-      if len(message) > 0:
+      key = self.request.get('comment_key')
+      if len(message) > 0 and key == keys.comment_key:
         try:
           post = Post.all().filter('nice_url =', helper.parse_post_id( post_id ) ).get()
           if post  == None: #If for some reason the post doesn't have a nice url, we try the id. This is also the case of all old stories
diff --git a/templates/comment.html b/templates/comment.html
index f7addd5..37c647f 100644
--- a/templates/comment.html
+++ b/templates/comment.html
@@ -21,9 +21,23 @@
   <form method="POST" class="validable">
     <fieldset>
       <textarea name="message" class="requerido"></textarea>
+      <input type="hidden" name="comment_key" value="">
       <br/><input type="Submit" value="Responder"/>
     </fieldset>
   </form>
 </div>
+<script type="text/javascript">
+;(function($){
+  $('textarea[name=message]').keypress(function(){
+    var $hidden = $(this).siblings('input[name=comment_key]');
+
+    if ($hidden.val() === '') {
+      setTimeout(function() {
+        $hidden.val('{{comment_key}}');
+      }, 5000);
+    }
+  });
+}(jQuery));
+</script>
 
 {% endblock %}
diff --git a/templates/post.html b/templates/post.html
index fa16246..d2a9fdb 100644
--- a/templates/post.html
+++ b/templates/post.html
@@ -12,9 +12,11 @@
     <form method="POST" class="validable">
       <fieldset>
         <textarea name="message" class="requerido"></textarea>
+        <input type="hidden" name="comment_key" value="">
         <br/><input type="submit" value="Agregar comentario"/>
       </fieldset>
     </form>
+
   {% else %}
     <a href="/login">Registrate</a> para responder a este mensaje, toma 10 segundos<hr/>
   {% endif %}
@@ -24,5 +26,17 @@
     {% endif %}
   {% endfor %}
 </div>
+<script type="text/javascript">
+;(function($){
+  $('textarea[name=message]').keypress(function(){
+    var $hidden = $(this).siblings('input[name=comment_key]');
 
+    if ($hidden.val() === '') {
+      setTimeout(function() {
+        $hidden.val('{{comment_key}}');
+      }, 5000);
+    }
+  });
+}(jQuery));
+</script>
 {% endblock %}