From 84800a2b6f3b2a12f1ce12038be88a94f0b8be8b Mon Sep 17 00:00:00 2001
From: Bobby <bobbyskhs@gmail.com>
Date: Sun, 4 Jun 2023 21:05:02 -0400
Subject: Enable Akismet Spam Filter

---
 blog/context_processors.py | 15 +++++++++++++
 blog/views.py              | 52 +++++++++++++++++++++++++++++++++++++++++++++-
 requirements.txt           |  1 +
 templates/blog/post.html   | 29 ++++++++++++++++++--------
 4 files changed, 87 insertions(+), 10 deletions(-)

diff --git a/blog/context_processors.py b/blog/context_processors.py
index f08c0a1b..92f3b71c 100644
--- a/blog/context_processors.py
+++ b/blog/context_processors.py
@@ -1,3 +1,4 @@
+import akismet
 import os
 import re
 import dotenv
@@ -15,6 +16,20 @@ from .models import Category, Comment, Post
 
 dotenv.load_dotenv()
 
+akismet_api = akismet.Akismet(
+    key=os.getenv('AKISMET_API_KEY'),
+    blog_url='https://preview.thatcomputerscientist.com' if settings.DEBUG else 'https://thatcomputerscientist.com',
+)
+
+def check_spam(user_ip, user_agent, comment, author):
+    akismet_data = {
+        'comment_type': 'comment',
+        'comment_author': author,
+        'comment_content': comment,
+        'is_test': settings.DEBUG,
+    }
+    return akismet_api.comment_check(user_ip, user_agent, **akismet_data)
+
 def add_excerpt(post):
     soup = BeautifulSoup(post.body, 'html.parser')
 
diff --git a/blog/views.py b/blog/views.py
index e1c71276..14318a46 100644
--- a/blog/views.py
+++ b/blog/views.py
@@ -25,7 +25,7 @@ from users.tokens import CaptchaTokenGenerator
 
 from .context_processors import (add_excerpt, add_num_comments, avatar_list,
                                  comment_processor, highlight_code_blocks,
-                                 recent_posts)
+                                 recent_posts, check_spam)
 from .models import AnonymousCommentUser, Category, Comment, Post
 from .recommender import next_read
 
@@ -189,6 +189,19 @@ def comment(request, slug):
     if request.method == 'POST':
         if request.user.is_authenticated:
             try:
+                 # check for spam first
+                user_ip = request.META.get('HTTP_X_FORWARDED_FOR')
+                if user_ip:
+                    user_ip = user_ip.split(',')[0]
+                else:
+                    user_ip = request.META.get('REMOTE_ADDR')
+                user_agent_string = request.META.get('HTTP_USER_AGENT', '')
+                user_agent = parse(user_agent_string)
+                if check_spam(user_ip=user_ip, user_agent=user_agent, comment=request.POST.get('body'), author=request.user.username):
+                    messages.error(request, request.POST.get('body'), extra_tags='spam')
+                    return redirect(reverse('blog:post', kwargs={'slug': slug}) + '#comment-' + str(comment.id))
+                
+                # then we continue
                 post = Post.objects.get(slug=slug)
                 if post.is_public:
                     comment = Comment.objects.create(user=request.user, post=post, body=request.POST.get('comment'))
@@ -213,6 +226,19 @@ def anon_comment(request, slug):
             # not allowed this is anonymous comment form
             return redirect(reverse('blog:post', kwargs={'slug': slug}))
         else:
+            # check for spam first
+            user_ip = request.META.get('HTTP_X_FORWARDED_FOR')
+            if user_ip:
+                user_ip = user_ip.split(',')[0]
+            else:
+                user_ip = request.META.get('REMOTE_ADDR')
+            user_agent_string = request.META.get('HTTP_USER_AGENT', '')
+            user_agent = parse(user_agent_string)
+            if check_spam(user_ip=user_ip, user_agent=user_agent, comment=anonymous_comment, author=anonymous_name):
+                messages.error(request, anonymous_comment, extra_tags='spam')
+                return redirect(reverse('blog:post', kwargs={'slug': slug}) + '#new-comment')
+
+            # now continue with the comment
             anonymous_name = request.POST.get('anonymous-name')
             anonymous_email = request.POST.get('anonymous-email')
             anonymous_token, at = request.POST.get('anonymous-token'), request.POST.get('anonymous-token')
@@ -272,6 +298,18 @@ def anon_comment(request, slug):
 def edit_comment(request, slug):
     if request.method == 'POST':
         if request.user.is_authenticated:
+            # check for spam first
+            user_ip = request.META.get('HTTP_X_FORWARDED_FOR')
+            if user_ip:
+                user_ip = user_ip.split(',')[0]
+            else:
+                user_ip = request.META.get('REMOTE_ADDR')
+            user_agent_string = request.META.get('HTTP_USER_AGENT', '')
+            user_agent = parse(user_agent_string)
+            if check_spam(user_ip=user_ip, user_agent=user_agent, comment=request.POST.get('body'), author=request.user.username):
+                messages.error(request, request.POST.get('body'), extra_tags='spam')
+                return redirect(reverse('blog:post', kwargs={'slug': slug}) + '#comment-' + str(comment.id))
+
             try:
                 comment = Comment.objects.get(id=request.POST.get('comment_id'))
                 if comment.user == request.user:
@@ -295,6 +333,18 @@ def anon_edit_comment(request, slug):
             # not allowed this is anonymous comment form
             return redirect(reverse('blog:post', kwargs={'slug': slug}))
         else:
+            # check for spam first
+            user_ip = request.META.get('HTTP_X_FORWARDED_FOR')
+            if user_ip:
+                user_ip = user_ip.split(',')[0]
+            else:
+                user_ip = request.META.get('REMOTE_ADDR')
+            user_agent_string = request.META.get('HTTP_USER_AGENT', '')
+            user_agent = parse(user_agent_string)
+            if check_spam(user_ip=user_ip, user_agent=user_agent, comment=request.POST.get('body'), author=comment.anonymous_user.name):
+                messages.error(request, request.POST.get('body'), extra_tags='spam')
+                return redirect(reverse('blog:post', kwargs={'slug': slug}) + '#comment-' + str(comment.id))
+
             anonymous_token = request.COOKIES.get('anonymous_token')
             if not anonymous_token:
                 return HttpResponse('Unauthorized!', status=401)
diff --git a/requirements.txt b/requirements.txt
index d3b692e7..d602b266 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,3 +23,4 @@ daphne
 user_agents
 numpy
 scikit-learn
+akismet
diff --git a/templates/blog/post.html b/templates/blog/post.html
index 5348ffaa..6b1f2bf9 100644
--- a/templates/blog/post.html
+++ b/templates/blog/post.html
@@ -234,7 +234,7 @@
     <div  id="anonymous-comment-form" style="display: none;">
     <form action="{% url 'blog:anon_comment' post.slug %}" method="POST">
         {% csrf_token %}
-        <div id="anonymous-comment">
+        <div id="anonymous-comment-area">
             <div id="anonymous-profile-info">
                 <div>
                     <label for="anonymous-name"><b>Name </b> <i>{% if request.COOKIES.anonymous_name and request.COOKIES.anonymous_email and request.COOKIES.anonymous_token %}(Pre-Filled){% else %}(Required){% endif %}</i>:</label>
@@ -323,18 +323,18 @@
             <div id="gotchas" style="display: none;">
                 <p>Athough its cool to be anonymous, there are a few things which will not work if you choose to comment anonymously:</p>
                 <ul>
-                    <li>If you do not set a Email and secret token, you will not be able to edit your comment later. This information will be stored locally and the site will remember your information, so you don't have to enter it again.</li>
+                    <li>Custom Email and Token allow you to edit / delete your comments from other devices. This information will be stored locally and the site will remember your information, so you don't have to enter it again.</li>
+                    <li>If you do not fill the email and secret token fields, a random (non-existent) email and secret token will be generated for you. As long as you do not clear your browser data, you will be able to edit your comment later.</li>
+                    <li>Anytime, you wish to update your name, just change it in the name field. This will update your name for all your previous comments as well.</li>
+                    <li>Anytime, you wish to change your secret token, this can be done by entering a new secret token in the 'Credentials' area. It will be stored locally and the site will remember your information, so you don't have to enter it again.</li>
                     <li>If you lose your secret token, that's basically permanent damage. You can always set a new secret token for the same email, but you will not be able to edit your previous comments.</li>
                     <li>You will not be able to customize your avatar. You will be assigned a random site specific avatar.</li>
-                    <li>Anytime, you wish to change your secret token, this can be done by entering your email and new secret token. Also, you do not fill your secret token everytime you comment. It will be stored locally and the site will remember your information, so you don't have to enter it again.</li>
-                    <li>If you do not fill the email and secret token fields, a random (non-existent) email and secret token will be generated for you. As long as you do not clear your browser data, you will be able to edit your comment later.</li>
-                    {% comment %} <li>All comments will be passed through Akismet spam filter. If your comment is marked as spam, it will be immediately rejected. If you think this is a mistake, please contact me.</li> {% endcomment %}
                     <li>If anytime, you wish to <a href="{% url 'blog:register' %}">register</a> for a full account, you can do so with the same email address. However, your previous comments will not be migrated to your new account.</li>
                 </ul>
             </div>
         </div>
         <input type="submit" value="Submit" class="button button-special">
-        <input type="button" value="Close" class="button" onclick="document.getElementById('anonymous-comment-form').style.display = 'none'; document.getElementById('ancmClick').style.display = 'block';">
+        <input type="button" value="Close" class="button" onclick="toggleAnon()">
     </form>
     {% comment %} <br>
         <button class="button" onclick="cd()">Clear Form Data</button> {% endcomment %}
@@ -345,6 +345,16 @@
 {% endif %}
 {% endblock %}
 {% block scripts %}
+{% comment %} check if there are error messages with extra tags 'spam' to see if the comment was spam {% endcomment %}
+{% if messages %}
+{% for message in messages %}
+{% if 'spam' in message.tags %}
+<script type="text/javascript">
+    alert('Your comment was marked as spam. If you think this is a mistake, please contact me.');
+</script>
+{% endif %}
+{% endfor %}
+{% endif %}
 <script type="text/javascript">
     function editComment(id) {
         document.getElementById('comment-body-' + id).style.display = 'none';
@@ -375,8 +385,8 @@
     }
 
     function toggleAnon() {
-        $('#ancmClick').hide();
-        $('#anonymous-comment-form').show();
+        $('#ancmClick').toggle();
+        $('#anonymous-comment-form').slideToggle('fast');
     };
 
     function toggleCreds() {
@@ -398,7 +408,8 @@
     }
 
     {% if request.COOKIES.anonymous_name and request.COOKIES.anonymous_email and request.COOKIES.anonymous_token %}
-        toggleAnon();
+    $('#ancmClick').toggle();
+    $('#anonymous-comment-form').toggle();
     {% endif %}
 </script>
 
-- 
cgit v1.2.3