From 5a463695c3c40a3dc9a8d480b9057a269b36e920 Mon Sep 17 00:00:00 2001 From: Tykayn Date: Mon, 14 Feb 2022 13:52:51 +0100 Subject: [PATCH] :zap: add comment anonymous, move route params to custom_url instead of id --- README.md | 16 +- src/Controller/PollController.php | 2 +- src/Controller/api/v1/CommentController.php | 333 ++++++++++++-------- src/Controller/api/v1/PollController.php | 2 +- 4 files changed, 208 insertions(+), 145 deletions(-) diff --git a/README.md b/README.md index 96a785b..742b8a1 100755 --- a/README.md +++ b/README.md @@ -174,14 +174,22 @@ DATABASE_URL=mysql://database_user:db_user_password@127.0.0.1:3306/database_name this file is not versionned and should stay like this. ## cronjob to delete expired polls -add this line in your crontab to run the clearance of expired polls everyday at 0h00. -``` -0 0 * * * wget http://MYWEBSITE/api/v1/poll/clean-polls -``` you can open your crontabl in command line with : ``` crontab -e ``` + +add this line in your crontab to run the clearance of expired polls everyday at 0h00. +``` +0 0 * * * wget http://MYWEBSITE/api/v1/poll/clean-polls +``` +Cronjob to send mails from the swiftmailer spool. +``` +* * * * * php /var/www/html/date-poll-api/bin/console swiftmailer:spool:send +``` +you can disable the spooling, check the docs. + + # About made by B. Lemoine, aka Tykayn, for the framadate funky front end project, a polling libre software. diff --git a/src/Controller/PollController.php b/src/Controller/PollController.php index d25a26b..768cceb 100755 --- a/src/Controller/PollController.php +++ b/src/Controller/PollController.php @@ -35,7 +35,7 @@ class PollController extends AbstractController { } /** - * @Route("/new", name="poll_new", methods={"POST"}) + * @Route("/new", name="poll_new_old", methods={"POST"}) */ public function new( Request $request ): Response { $poll = new Poll(); diff --git a/src/Controller/api/v1/CommentController.php b/src/Controller/api/v1/CommentController.php index ddc8758..cb4af9e 100755 --- a/src/Controller/api/v1/CommentController.php +++ b/src/Controller/api/v1/CommentController.php @@ -9,7 +9,6 @@ use App\Entity\Poll; use DateTime; use FOS\RestBundle\Controller\Annotations\Delete; use FOS\RestBundle\Controller\Annotations\Get; -use FOS\RestBundle\Controller\Annotations\Post; use FOS\RestBundle\Controller\Annotations\Route; use JMS\Serializer\SerializerBuilder; use JMS\Serializer\SerializerInterface; @@ -20,161 +19,217 @@ use Symfony\Component\HttpFoundation\Response; /** * Class DefaultController * @package App\Controller - * @Route("/api/v1/comment",name="api_") + * @Route("/api/v1/comment", + * name="api_comment_") */ -class CommentController extends EmailsController { +class CommentController extends EmailsController +{ - /** - * @Get( - * path = "/poll/{id}", - * name = "get_poll_comment", - * requirements = {"id"="\d+"} - * ) - */ - public - function getPollCommentsAction( - SerializerInterface $serializer, - Poll $poll - ) { - $jsonResponse = $serializer->serialize( [ - 'message' => 'here are your comments of the poll', - 'data' => $poll->getComments(), - ], - 'json' ); + /** + * @Get( + * path = "/poll/{customUrl}", + * name = "get_poll_comment" + * ) + */ + public + function getPollCommentsAction( + SerializerInterface $serializer, + Poll $poll + ) + { + $jsonResponse = $serializer->serialize([ + 'message' => 'here are your comments of the poll', + 'data' => $poll->getComments(), + ], + 'json'); - $response = new Response( $jsonResponse ); - $response->headers->set( 'Content-Type', 'application/json' ); - $response->setStatusCode( 200 ); + $response = new Response($jsonResponse); + $response->headers->set('Content-Type', 'application/json'); + $response->setStatusCode(200); - return $response; + return $response; - } + } - /** - * add a comment on a poll - * @Post( - * path = "/poll/{id}", - * name = "new_comment", - * requirements = {"content"="\w+", "id"="\d+"} - * ) - */ - public - function newCommentAction( - Poll $poll, - Request $request - ) { - if ( ! $poll ) { - return $this->json( [ 'message' => 'poll not found' ], 404 ); - } - $data = $request->getContent(); + /** + * add a comment on a poll + * @Route( + * "/poll/{customUrl}", + * "_new_comment", + * methods={"POST"} + * ) + */ + public + function newCommentAction( + Poll $poll, + Request $request + ) + { - $serializer = SerializerBuilder::create()->build(); - $comment = $serializer->deserialize( $data, 'App\Entity\Comment', 'json' ); + $data = json_decode($request->getContent(), true); +// return $this->json(['pseudo' => $data["pseudo"]], 404); - $em = $this->getDoctrine()->getRepository( Owner::class ); + if (!$poll) { + return $this->json(['message' => 'poll not found'], 404); + } - $data = json_decode( $data, true ); - if ( ! isset( $data[ 'email' ] ) ) { - return $this->json( [ "message" => "Incorrect JSON in request" ], 400 ); - } + $comment = new Comment(); + $owner = new Owner(); + $owner + ->setPseudo($data["pseudo"]) + ->setEmail('anonymous@example.com'); - $foundOwner = $em->findOneByEmail( $data[ 'email' ] ); - // manage existing or new Owner - if ( ! $foundOwner ) { - $foundOwner = new Owner(); - $foundOwner->setPseudo( $data[ 'email' ] ) - ->setEmail( $data[ 'email' ] ) - ->setModifierToken( uniqid( '', true ) ); - } - // anti flood - $seconds_limit_lastpost = 5; - $emComment = $this->getDoctrine()->getRepository( Comment::class ); - $lastCommentOfOwner = $emComment->findBy( [ 'owner' => $foundOwner ], [ 'id' => 'desc' ] ); + $comment->setOwner($owner) + ->setPseudo($data["pseudo"]) + ->setText($data["text"]) + ->setCreatedAt(new DateTime()) + ->setPoll($poll); + $owner + ->addComment($comment); - // TODO anti flood by session / IP + $em = $this->getDoctrine()->getManager(); + $em->persist($owner); + $em->persist($comment); + $em->flush(); - if ( $lastCommentOfOwner ) { + if ($poll->getMailOnComment()) { + $this->sendCommentNotificationAction($owner, $comment); + } - // check time of last comment - $now = new DateTime(); - $now = $now->format( 'Y-m-d H:i:s' ); - $date_first = strtotime( $lastCommentOfOwner[ 0 ]->getCreatedAt()->format( 'Y-m-d H:i:s' ) ); - $date_second = strtotime( $now ); - - if ( ( $date_second - $date_first ) < $seconds_limit_lastpost ) { - return $this->json( [ - 'message' => 'anti flood déclenché', - 'details' => 'votre deriner commentaire a été envoyé il y a moins de ' . $seconds_limit_lastpost . ' secondes', - ], - 403 ); - } - - // check similar text content - if ( $lastCommentOfOwner[ 0 ]->getText() == $comment->getText() ) { - return $this->json( [ - 'message' => 'anti flood déclenché', - 'details' => 'votre deriner commentaire a exactement le même contenu que celui ci, il n\'a donc pas été créé', - ], - 403 ); - } - } - $comment->setOwner( $foundOwner ) - ->setCreatedAt( new DateTime() ) - ->setPoll( $poll ); - $foundOwner->addComment( $comment ); - - $em = $this->getDoctrine()->getManager(); - $em->persist( $foundOwner ); - $em->persist( $comment ); - $em->flush(); - - if ( $poll->getMailOnComment() ) { - $this->sendCommentNotificationAction( $foundOwner, $comment ); - } + return $this->json( $comment->display(), - return $this->json( [ - 'message' => 'you created a comment', - 'data' => [ - 'your_comment' => $comment->display(), - ], - ], - 201 ); - } + 201); - /** - * Erase all comments of a poll - * @Delete( - * path = "/poll/{id}", - * name = "poll_comments_delete", - * requirements = {"accessToken"="\w+", "id"="\d+"} - * ) - * - * @param Poll $poll - * @param $accessToken - * - * @return JsonResponse - */ - public - function deletePollCommentsAction( - Poll $poll, - $accessToken - ) { - if ( $accessToken == $poll->getAdminKey() ) { - $em = $this->getDoctrine()->getManager(); - $length = count( $poll->getComments() ); - $em->remove( $poll->getComments() ); - $em->flush(); + } - return $this->json( [ - 'message' => 'boom! les ' . $length . ' commentaires du sondage ont été supprimés', - ] ); - } else { - return $this->json( [ - 'message' => 'le token d\'autorisation est invalide, vous ne pouvez pas modifier ce sondage', - ] ); - } - } + /** + * add a comment on a poll + * @Route( + * "/poll/{customUrl}/by-owner", + * "_new_comment_by_owner", + * methods={"POST"} + * ) + */ + public + function newCommentByOwnerAction( + Poll $poll, + Request $request + ) + { + if (!$poll) { + return $this->json(['message' => 'poll not found'], 404); + } + $data = $request->getContent(); + + $serializer = SerializerBuilder::create()->build(); + $comment = $serializer->deserialize($data, 'App\Entity\Comment', 'json'); + + $em = $this->getDoctrine()->getRepository(Owner::class); + + $data = json_decode($data, true); + if (!isset($data['email'])) { + return $this->json(["message" => "Incorrect JSON in request"], 400); + } + + $foundOwner = $em->findOneByEmail($data['email']); + // manage existing or new Owner + if (!$foundOwner) { + $foundOwner = new Owner(); + $foundOwner->setPseudo($data['pseudo']) + ->setEmail($data['email']) + ->setModifierToken(uniqid('', true)); + } + // anti flood + $seconds_limit_lastpost = 5; + $emComment = $this->getDoctrine()->getRepository(Comment::class); + $lastCommentOfOwner = $emComment->findBy(['owner' => $foundOwner], ['id' => 'desc']); + + // TODO anti flood by session / IP + + if ($lastCommentOfOwner) { + + + // check time of last comment + $now = new DateTime(); + $now = $now->format('Y-m-d H:i:s'); + $date_first = strtotime($lastCommentOfOwner[0]->getCreatedAt()->format('Y-m-d H:i:s')); + $date_second = strtotime($now); + + if (($date_second - $date_first) < $seconds_limit_lastpost) { + return $this->json([ + 'message' => 'anti flood déclenché', + 'details' => 'votre deriner commentaire a été envoyé il y a moins de ' . $seconds_limit_lastpost . ' secondes', + ], + 403); + } + + // check similar text content + if ($lastCommentOfOwner[0]->getText() == $comment->getText()) { + return $this->json([ + 'message' => 'anti flood déclenché', + 'details' => 'votre deriner commentaire a exactement le même contenu que celui ci, il n\'a donc pas été créé', + ], + 403); + } + } + $comment->setOwner($foundOwner) + ->setCreatedAt(new DateTime()) + ->setPoll($poll); + $foundOwner->addComment($comment); + + $em = $this->getDoctrine()->getManager(); + $em->persist($foundOwner); + $em->persist($comment); + $em->flush(); + + if ($poll->getMailOnComment()) { + $this->sendCommentNotificationAction($foundOwner, $comment); + } + + + return $this->json([ + 'message' => 'you created a comment', + 'data' => [ + 'your_comment' => $comment->display(), + ], + ], + 201); + } + + /** + * Erase all comments of a poll + * @Delete( + * path = "/poll/{customUrl}", + * name = "poll_comments_delete" + * ) + * + * @param Poll $poll + * @param $accessToken + * + * @return JsonResponse + */ + public + function deletePollCommentsAction( + Poll $poll, + $accessToken + ) + { + if ($accessToken == $poll->getAdminKey()) { + $em = $this->getDoctrine()->getManager(); + $length = count($poll->getComments()); + $em->remove($poll->getComments()); + $em->flush(); + + return $this->json([ + 'message' => 'boom! les ' . $length . ' commentaires du sondage ont été supprimés', + ]); + } else { + return $this->json([ + 'message' => 'le token d\'autorisation est invalide, vous ne pouvez pas modifier ce sondage', + ]); + } + } } diff --git a/src/Controller/api/v1/PollController.php b/src/Controller/api/v1/PollController.php index 030d4c1..3f1732b 100755 --- a/src/Controller/api/v1/PollController.php +++ b/src/Controller/api/v1/PollController.php @@ -295,7 +295,7 @@ class PollController extends EmailsController /** * @Route( * "/", - * "_new_poll", + * "_new_poll_v1", * methods={"POST"} * ) * @param Request $request