Resolve PR review gaps across comments, security, feeds, and UX

apps/comments/views.py

@@ -1,7 +1,9 @@
 from __future__ import annotations
 
+from django.conf import settings
 from django.contrib import messages
 from django.core.cache import cache
+from django.core.exceptions import ValidationError
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.views import View
@@ -11,9 +13,18 @@ from apps.comments.forms import CommentForm
 from apps.comments.models import Comment
 
 
+def client_ip_from_request(request) -> str:
+    remote_addr = request.META.get("REMOTE_ADDR", "").strip()
+    trusted_proxies = getattr(settings, "TRUSTED_PROXY_IPS", [])
+    x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR", "")
+    if remote_addr in trusted_proxies and x_forwarded_for:
+        return x_forwarded_for.split(",")[0].strip()
+    return remote_addr
+
+
 class CommentCreateView(View):
     def post(self, request):
-        ip = (request.META.get("HTTP_X_FORWARDED_FOR") or request.META.get("REMOTE_ADDR", "")).split(",")[0].strip()
+        ip = client_ip_from_request(request)
         key = f"comment-rate:{ip}"
         count = cache.get(key, 0)
         if count >= 3:
@@ -34,6 +45,11 @@ class CommentCreateView(View):
             if parent_id:
                 comment.parent = Comment.objects.filter(pk=parent_id, article=article).first()
             comment.ip_address = ip or None
+            try:
+                comment.full_clean()
+            except ValidationError:
+                messages.error(request, "Reply depth exceeds the allowed limit")
+                return redirect(article.url)
             comment.save()
             messages.success(request, "Your comment is awaiting moderation")
             return redirect(f"{article.url}?commented=1")