nohype/main-site
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(comments): v2 — HTMX, Turnstile, reactions, design refresh
Some checks failed
CI / nightly-e2e (pull_request) Has been skipped
Details
CI / deploy (pull_request) Has been skipped
Details
CI / ci (pull_request) Failing after 37s
Details
CI / pr-e2e (pull_request) Failing after 2m58s
Details

Browse Source 
- Extract comment templates into reusable partials (_comment.html,
  _comment_form.html, _comment_list.html, _reply_form.html, etc.)
- Add HTMX progressive enhancement: inline form submission with
  partial responses, delta polling for live updates, form reset on
  success, success/moderation toast feedback
- Integrate Cloudflare Turnstile for invisible bot protection:
  server-side token validation with hostname check, fail-closed on
  errors/timeouts, feature-flagged via TURNSTILE_SECRET_KEY env var
- Auto-approve comments that pass Turnstile; keep manual approval
  as fallback when Turnstile is disabled (model default stays False)
- Add CommentReaction model with UniqueConstraint for session-based
  anonymous reactions (heart/thumbs-up), toggle support, separate
  rate-limit bucket (20/min)
- Add comment poll endpoint (GET /comments/poll/<id>/?after_id=N)
  for HTMX delta polling without duplicates
- Update CSP middleware to allow challenges.cloudflare.com in
  script-src, connect-src, and frame-src
- Self-host htmx.min.js (v2.0.4) to minimize CSP surface area
- Add django-htmx middleware and requests to dependencies
- Add Unapprove bulk action to Wagtail admin for moderation
- Extend PII purge command to anonymize reaction session_key
- Design refresh: neon glow avatars, solid hover shadows, gradient
  section header, cyan reply borders, grid-pattern empty state,
  neon-pink focus glow on form inputs
- Add turnstile_site_key to template context via context processor
- 18 new tests covering HTMX contracts, Turnstile success/failure/
  timeout/hostname-mismatch, polling deltas, reaction toggle/dedup/
  rate-limit, CSP headers, and PII purge extension

Closes #43

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Mark
2026-03-03 22:52:59 +00:00
parent cc25d2ad2e
commit d0a550fee6
23 changed files with 695 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
templates/comments/_reactions.html Normal file
View File

@@ -0,0 +1,12 @@
<div class="flex gap-3 mt-3 items-center" id="reactions-{{ comment.id }}">
<button hx-post="{% url 'comment_react' comment.id %}" hx-target="#reactions-{{ comment.id }}" hx-swap="outerHTML"
hx-vals='{"reaction_type": "heart"}' class="flex items-center gap-1 font-mono text-xs {% if 'heart' in user_reacted %}text-brand-pink{% else %}text-zinc-400 hover:text-brand-pink{% endif %} transition-colors hover:scale-110 transition-transform">
<svg class="w-4 h-4" fill="{% if 'heart' in user_reacted %}currentColor{% else %}none{% endif %}" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" xmlns="http://www.w3.org/2000/svg"><path stroke-linecap="round" stroke-linejoin="round" d="M21 8.25c0-2.485-2.099-4.5-4.688-4.5-1.935 0-3.597 1.126-4.312 2.733-.715-1.607-2.377-2.733-4.313-2.733C5.1 3.75 3 5.765 3 8.25c0 7.22 9 12 9 12s9-4.78 9-12Z" /></svg>
<span>{{ counts.heart|default:"0" }}</span>
</button>
<button hx-post="{% url 'comment_react' comment.id %}" hx-target="#reactions-{{ comment.id }}" hx-swap="outerHTML"
hx-vals='{"reaction_type": "plus_one"}' class="flex items-center gap-1 font-mono text-xs {% if 'plus_one' in user_reacted %}text-brand-cyan{% else %}text-zinc-400 hover:text-brand-cyan{% endif %} transition-colors hover:scale-110 transition-transform">
<svg class="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" xmlns="http://www.w3.org/2000/svg"><path stroke-linecap="round" stroke-linejoin="round" d="M6.633 10.25c.806 0 1.533-.446 2.031-1.08a9.041 9.041 0 0 1 2.861-2.4c.723-.384 1.35-.956 1.653-1.715a4.498 4.498 0 0 0 .322-1.672V2.75a.75.75 0 0 1 .75-.75 2.25 2.25 0 0 1 2.25 2.25c0 1.152-.26 2.243-.723 3.218-.266.558.107 1.282.725 1.282m0 0h3.126c1.026 0 1.945.694 2.054 1.715.045.422.068.85.068 1.285a11.95 11.95 0 0 1-2.649 7.521c-.388.482-.987.729-1.605.729H13.48c-.483 0-.964-.078-1.423-.23l-3.114-1.04a4.501 4.501 0 0 0-1.423-.23H5.904m10.598-9.75H14.25M5.904 18.5c.083.205.173.405.27.602.197.4-.078.898-.523.898h-.908c-.889 0-1.713-.518-1.972-1.368a12 12 0 0 1-.521-3.507c0-1.553.295-3.036.831-4.398C3.387 9.953 4.167 9.5 5 9.5h1.053c.472 0 .745.556.5.96a8.958 8.958 0 0 0-1.302 4.665c0 1.194.232 2.333.654 3.375Z" /></svg>
<span>{{ counts.plus_one|default:"0" }}</span>
</button>
</div>