nohype/main-site
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nohype:main
Branches Tags
nohype:main nohype:fix/comments-followup-reply-turnstile nohype:ci/retrigger-deploy nohype:fix/csp-google-fonts nohype:fix/deploy-workdir nohype:fix/deploy-no-sudo nohype:fix/prod-site-hostname nohype:feat/deploy-pipeline nohype:fix/dev-whitenoise nohype:fix/dev-static-files nohype:tests/e2e
..
compare: nohype:c47a62df5c90b50a6df751298f2b4de67d233256
Branches Tags
nohype:main nohype:fix/comments-followup-reply-turnstile nohype:ci/retrigger-deploy nohype:fix/csp-google-fonts nohype:fix/deploy-workdir nohype:fix/deploy-no-sudo nohype:fix/prod-site-hostname nohype:feat/deploy-pipeline nohype:fix/dev-whitenoise nohype:fix/dev-static-files nohype:tests/e2e

1 Commits
main ... c47a62df5c

Author SHA1 Message Date
Mark
c47a62df5c feat: redesign comments section for better UX/UI
Some checks failed
CI / nightly-e2e (pull_request) Has been skipped
Details
CI / deploy (pull_request) Has been skipped
Details
CI / pr-e2e (pull_request) Successful in 1m39s
Details
CI / ci (pull_request) Failing after 2m26s
Details 
- Redesigned comment cards with improved spacing and typography
- Added vertical line indicator for reply nesting
- Implemented native details/summary toggle for reply forms (replacing JS)
- Styled 'Join the conversation' section to be more distinct from existing comments
- Added solid-pink shadow to Tailwind configuration
- Updated E2E tests to match new UI structure and elements
 2026-03-04 10:20:54 +00:00
54 changed files with 244 additions and 2646 deletions
Expand all files Collapse all files

36
.gitea/workflows/ci.yml
View File

@@ -215,34 +215,12 @@ jobs:
deploy: deploy:
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: runs-on: ubuntu-latest
- ubuntu-latest
- agent-workspace
env:
BAO_TOKEN_FILE: /run/openbao-agent-ci_runner/token
steps: steps:
- name: Configure SSH via OpenBao CA
shell: bash
run: |
set -euo pipefail
: "${OPENBAO_ADDR:?OPENBAO_ADDR must be set by the runner environment}"
mkdir -p ~/.ssh && chmod 700 ~/.ssh
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N "" -q
BAO_TOKEN="$(<"$BAO_TOKEN_FILE")"
SIGNED_KEY=$(curl -fsS \
-H "X-Vault-Token: $BAO_TOKEN" \
-H "X-Vault-Request: true" \
-X POST \
-d "{\"public_key\": \"$(cat ~/.ssh/id_ed25519.pub)\", \"valid_principals\": \"${{ vars.DEPLOY_USER }}\"}" \
"${OPENBAO_ADDR}/v1/ssh/sign/${{ vars.DEPLOY_SSH_ROLE }}" \
| jq -r '.data.signed_key')
[ -n "$SIGNED_KEY" ] && [ "$SIGNED_KEY" != "null" ] \
|| { echo "ERROR: failed to sign SSH key via OpenBao CA" >&2; exit 1; }
printf '%s\n' "$SIGNED_KEY" > ~/.ssh/id_ed25519-cert.pub
unset BAO_TOKEN SIGNED_KEY
- name: Add deploy host to known_hosts
run: ssh-keyscan -H "${{ vars.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null
- name: Deploy to lintel-prod-01 - name: Deploy to lintel-prod-01
run: ssh "${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }}" "bash /srv/sum/nohype/app/deploy/deploy.sh" uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.PROD_SSH_HOST }}
username: deploy
key: ${{ secrets.PROD_SSH_KEY }}
script: bash /srv/sum/nohype/app/deploy/deploy.sh

5
Dockerfile
View File

@@ -50,9 +50,4 @@ RUN pip install --upgrade pip && pip install -r requirements/base.txt
COPY . /app COPY . /app
ARG GIT_SHA=unknown
ARG BUILD_ID=unknown
ENV GIT_SHA=${GIT_SHA} \
BUILD_ID=${BUILD_ID}
CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"] CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]

17
apps/blog/migrations/0005_fix_category_verbose_name_plural.py
View File

@@ -1,17 +0,0 @@
# Generated by Django 5.2.12 on 2026-03-19 00:10
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('blog', '0004_backfill_published_date'),
]
operations = [
migrations.AlterModelOptions(
name='category',
options={'ordering': ['sort_order', 'name'], 'verbose_name_plural': 'categories'},
),
]

267
apps/blog/models.py
View File

@@ -1,6 +1,5 @@
from __future__ import annotations from __future__ import annotations
import hashlib
import re import re
from math import ceil from math import ceil
from typing import Any from typing import Any
@@ -9,12 +8,9 @@ from django.core.paginator import EmptyPage, PageNotAnInteger, Paginator
from django.db import models from django.db import models
from django.db.models import CASCADE, PROTECT, SET_NULL, Prefetch from django.db.models import CASCADE, PROTECT, SET_NULL, Prefetch
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from django.utils.html import strip_tags
from django.utils.text import slugify
from modelcluster.contrib.taggit import ClusterTaggableManager from modelcluster.contrib.taggit import ClusterTaggableManager
from modelcluster.fields import ParentalKey from modelcluster.fields import ParentalKey
from taggit.models import Tag, TaggedItemBase from taggit.models import Tag, TaggedItemBase
from wagtail.admin.forms.pages import WagtailAdminPageForm
from wagtail.admin.panels import FieldPanel, ObjectList, PageChooserPanel, TabbedInterface from wagtail.admin.panels import FieldPanel, ObjectList, PageChooserPanel, TabbedInterface
from wagtail.contrib.routable_page.models import RoutablePageMixin, route from wagtail.contrib.routable_page.models import RoutablePageMixin, route
from wagtail.fields import RichTextField, StreamField from wagtail.fields import RichTextField, StreamField
@@ -22,29 +18,9 @@ from wagtail.models import Page
from wagtail.search import index from wagtail.search import index
from wagtailseo.models import SeoMixin from wagtailseo.models import SeoMixin
from apps.authors.models import Author
from apps.blog.blocks import ARTICLE_BODY_BLOCKS from apps.blog.blocks import ARTICLE_BODY_BLOCKS
def _generate_summary_from_stream(body: Any, *, max_chars: int = 220) -> str:
parts: list[str] = []
if body is None:
return ""
for block in body:
if getattr(block, "block_type", None) == "code":
continue
value = getattr(block, "value", block)
text = value.source if hasattr(value, "source") else str(value)
clean_text = strip_tags(text)
if clean_text:
parts.append(clean_text)
summary = re.sub(r"\s+", " ", " ".join(parts)).strip()
if len(summary) <= max_chars:
return summary
truncated = summary[:max_chars].rsplit(" ", 1)[0].strip()
return truncated or summary[:max_chars].strip()
class HomePage(Page): class HomePage(Page):
featured_article = models.ForeignKey( featured_article = models.ForeignKey(
"blog.ArticlePage", null=True, blank=True, on_delete=SET_NULL, related_name="+" "blog.ArticlePage", null=True, blank=True, on_delete=SET_NULL, related_name="+"
@@ -169,93 +145,25 @@ class Category(models.Model):
class Meta: class Meta:
ordering = ["sort_order", "name"] ordering = ["sort_order", "name"]
verbose_name_plural = "categories"
def __str__(self): def __str__(self):
return self.name return self.name
# ── Tag colour palette ────────────────────────────────────────────────────────
# Deterministic hash-based colour assignment for tags. Each entry is a dict
# with Tailwind CSS class strings for bg, text, and border.
TAG_COLOUR_PALETTE: list[dict[str, str]] = [
{
"bg": "bg-brand-cyan/10",
"text": "text-brand-cyan",
"border": "border-brand-cyan/20",
},
{
"bg": "bg-brand-pink/10",
"text": "text-brand-pink",
"border": "border-brand-pink/20",
},
{
"bg": "bg-amber-500/10",
"text": "text-amber-400",
"border": "border-amber-500/20",
},
{
"bg": "bg-emerald-500/10",
"text": "text-emerald-400",
"border": "border-emerald-500/20",
},
{
"bg": "bg-violet-500/10",
"text": "text-violet-400",
"border": "border-violet-500/20",
},
{
"bg": "bg-rose-500/10",
"text": "text-rose-400",
"border": "border-rose-500/20",
},
{
"bg": "bg-sky-500/10",
"text": "text-sky-400",
"border": "border-sky-500/20",
},
{
"bg": "bg-lime-500/10",
"text": "text-lime-400",
"border": "border-lime-500/20",
},
{
"bg": "bg-orange-500/10",
"text": "text-orange-400",
"border": "border-orange-500/20",
},
{
"bg": "bg-fuchsia-500/10",
"text": "text-fuchsia-400",
"border": "border-fuchsia-500/20",
},
{
"bg": "bg-teal-500/10",
"text": "text-teal-400",
"border": "border-teal-500/20",
},
{
"bg": "bg-indigo-500/10",
"text": "text-indigo-400",
"border": "border-indigo-500/20",
},
]
def get_auto_tag_colour_css(tag_name: str) -> dict[str, str]:
"""Deterministically assign a colour from the palette based on tag name."""
digest = hashlib.md5(tag_name.lower().encode(), usedforsecurity=False).hexdigest() # noqa: S324
index = int(digest, 16) % len(TAG_COLOUR_PALETTE)
return TAG_COLOUR_PALETTE[index]
class TagMetadata(models.Model): class TagMetadata(models.Model):
COLOUR_CHOICES = [("cyan", "Cyan"), ("pink", "Pink"), ("neutral", "Neutral")] COLOUR_CHOICES = [("cyan", "Cyan"), ("pink", "Pink"), ("neutral", "Neutral")]
tag = models.OneToOneField("taggit.Tag", on_delete=CASCADE, related_name="metadata") tag = models.OneToOneField("taggit.Tag", on_delete=CASCADE, related_name="metadata")
colour = models.CharField(max_length=20, choices=COLOUR_CHOICES, default="neutral") colour = models.CharField(max_length=20, choices=COLOUR_CHOICES, default="neutral")
@classmethod
def get_fallback_css(cls) -> dict[str, str]:
return {
"bg": "bg-zinc-800 dark:bg-zinc-100",
"text": "text-white dark:text-black",
"border": "border-zinc-600/20 dark:border-zinc-400/20",
}
def get_css_classes(self) -> dict[str, str]: def get_css_classes(self) -> dict[str, str]:
mapping = { mapping = {
"cyan": { "cyan": {
@@ -268,114 +176,9 @@ class TagMetadata(models.Model):
"text": "text-brand-pink", "text": "text-brand-pink",
"border": "border-brand-pink/20", "border": "border-brand-pink/20",
}, },
"neutral": { "neutral": self.get_fallback_css(),
"bg": "bg-zinc-800 dark:bg-zinc-100",
"text": "text-white dark:text-black",
"border": "border-zinc-600/20 dark:border-zinc-400/20",
},
} }
css = mapping.get(self.colour) return mapping.get(self.colour, self.get_fallback_css())
if css is not None:
return css
return get_auto_tag_colour_css(self.tag.name)
class ArticlePageAdminForm(WagtailAdminPageForm):
SUMMARY_MAX_CHARS = 220
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
for name in ("slug", "author", "category", "summary"):
if name in self.fields:
self.fields[name].required = False
default_author = self._get_default_author(create=False)
if default_author and not self.initial.get("author"):
self.initial["author"] = default_author.pk
default_category = self._get_default_category(create=False)
if default_category and not self.initial.get("category"):
self.initial["category"] = default_category.pk
def clean(self):
cleaned_data = getattr(self, "cleaned_data", {})
self._apply_defaults(cleaned_data)
self.cleaned_data = cleaned_data
cleaned_data = super().clean()
self._apply_defaults(cleaned_data)
if not cleaned_data.get("slug"):
self.add_error("slug", "Slug is required.")
if not cleaned_data.get("author"):
self.add_error("author", "Author is required.")
if not cleaned_data.get("category"):
self.add_error("category", "Category is required.")
if not cleaned_data.get("summary"):
self.add_error("summary", "Summary is required.")
return cleaned_data
def _apply_defaults(self, cleaned_data: dict[str, Any]) -> dict[str, Any]:
title = (cleaned_data.get("title") or "").strip()
if not cleaned_data.get("slug") and title:
cleaned_data["slug"] = self._build_unique_page_slug(title)
if not cleaned_data.get("author"):
cleaned_data["author"] = self._get_default_author(create=True)
if not cleaned_data.get("category"):
cleaned_data["category"] = self._get_default_category(create=True)
if not cleaned_data.get("summary"):
cleaned_data["summary"] = _generate_summary_from_stream(
cleaned_data.get("body"),
max_chars=self.SUMMARY_MAX_CHARS,
) or title
if not cleaned_data.get("search_description") and cleaned_data.get("summary"):
cleaned_data["search_description"] = cleaned_data["summary"]
return cleaned_data
def _get_default_author(self, *, create: bool) -> Author | None:
user = self.for_user
if not user or not user.is_authenticated:
return None
existing = Author.objects.filter(user=user).first()
if existing or not create:
return existing
base_name = (user.get_full_name() or user.get_username() or f"user-{user.pk}").strip()
base_slug = slugify(base_name) or f"user-{user.pk}"
slug = base_slug
suffix = 2
while Author.objects.filter(slug=slug).exists():
slug = f"{base_slug}-{suffix}"
suffix += 1
return Author.objects.create(user=user, name=base_name, slug=slug)
def _get_default_category(self, *, create: bool):
existing = Category.objects.filter(slug="general").first()
if existing or not create:
return existing
category, _ = Category.objects.get_or_create(
slug="general",
defaults={"name": "General", "description": "General articles", "colour": "neutral"},
)
return category
def _build_unique_page_slug(self, title: str) -> str:
base_slug = slugify(title) or "article"
parent_page = self.parent_page
if parent_page is None and self.instance.pk:
parent_page = self.instance.get_parent()
if parent_page is None:
return base_slug
sibling_pages = parent_page.get_children().exclude(pk=self.instance.pk)
slug = base_slug
suffix = 2
while sibling_pages.filter(slug=slug).exists():
slug = f"{base_slug}-{suffix}"
suffix += 1
return slug
class ArticlePage(SeoMixin, Page): class ArticlePage(SeoMixin, Page):
@@ -397,7 +200,6 @@ class ArticlePage(SeoMixin, Page):
parent_page_types = ["blog.ArticleIndexPage"] parent_page_types = ["blog.ArticleIndexPage"]
subpage_types: list[str] = [] subpage_types: list[str] = []
base_form_class = ArticlePageAdminForm
content_panels = [ content_panels = [
FieldPanel("title"), FieldPanel("title"),
@@ -424,7 +226,10 @@ class ArticlePage(SeoMixin, Page):
ObjectList(content_panels, heading="Content"), ObjectList(content_panels, heading="Content"),
ObjectList(metadata_panels, heading="Metadata"), ObjectList(metadata_panels, heading="Metadata"),
ObjectList(publishing_panels, heading="Publishing"), ObjectList(publishing_panels, heading="Publishing"),
ObjectList(SeoMixin.seo_panels, heading="SEO"), ObjectList(
Page.promote_panels + SeoMixin.seo_panels,
heading="SEO",
),
] ]
) )
@@ -452,46 +257,16 @@ class ArticlePage(SeoMixin, Page):
return " ".join(parts) return " ".join(parts)
def save(self, *args: Any, **kwargs: Any) -> None: def save(self, *args: Any, **kwargs: Any) -> None:
if not getattr(self, "slug", "") and self.title:
self.slug = self._auto_slug_from_title()
if not self.category_id: if not self.category_id:
self.category, _ = Category.objects.get_or_create( self.category, _ = Category.objects.get_or_create(
slug="general", slug="general",
defaults={"name": "General", "description": "General articles", "colour": "neutral"}, defaults={"name": "General", "description": "General articles", "colour": "neutral"},
) )
if not (self.summary or "").strip():
self.summary = _generate_summary_from_stream(self.body) or self.title
if not getattr(self, "search_description", "") and self.summary:
self.search_description = self.summary
if not self.published_date and self.first_published_at: if not self.published_date and self.first_published_at:
self.published_date = self.first_published_at self.published_date = self.first_published_at
if self._should_refresh_read_time(): self.read_time_mins = self._compute_read_time()
self.read_time_mins = self._compute_read_time()
return super().save(*args, **kwargs) return super().save(*args, **kwargs)
def _auto_slug_from_title(self) -> str:
base_slug = slugify(self.title) or "article"
parent = self.get_parent() if self.pk else None
if parent is None:
return base_slug
sibling_pages = parent.get_children().exclude(pk=self.pk)
slug = base_slug
suffix = 2
while sibling_pages.filter(slug=slug).exists():
slug = f"{base_slug}-{suffix}"
suffix += 1
return slug
def _should_refresh_read_time(self) -> bool:
if not self.pk:
return True
previous = type(self).objects.only("body").filter(pk=self.pk).first()
if previous is None:
return True
return previous.body_text != self.body_text
def _compute_read_time(self) -> int: def _compute_read_time(self) -> int:
words = [] words = []
for block in self.body: for block in self.body:
@@ -528,20 +303,12 @@ class ArticlePage(SeoMixin, Page):
def get_context(self, request, *args, **kwargs): def get_context(self, request, *args, **kwargs):
ctx = super().get_context(request, *args, **kwargs) ctx = super().get_context(request, *args, **kwargs)
ctx["related_articles"] = self.get_related_articles() ctx["related_articles"] = self.get_related_articles()
from django.conf import settings
from apps.comments.models import Comment from apps.comments.models import Comment
from apps.comments.views import _annotate_reaction_counts, _get_session_key
approved_replies = Comment.objects.filter(is_approved=True).select_related("parent") approved_replies = Comment.objects.filter(is_approved=True).select_related("parent")
comments = list( ctx["approved_comments"] = self.comments.filter(is_approved=True, parent__isnull=True).prefetch_related(
self.comments.filter(is_approved=True, parent__isnull=True).prefetch_related( Prefetch("replies", queryset=approved_replies)
Prefetch("replies", queryset=approved_replies)
)
) )
_annotate_reaction_counts(comments, _get_session_key(request))
ctx["approved_comments"] = comments
ctx["turnstile_site_key"] = getattr(settings, "TURNSTILE_SITE_KEY", "")
return ctx return ctx

222
apps/blog/tests/test_admin_experience.py
View File

@@ -1,14 +1,10 @@
from datetime import timedelta from datetime import timedelta
from types import SimpleNamespace
import pytest import pytest
from django.contrib import messages
from django.contrib.messages.storage.fallback import FallbackStorage
from django.contrib.sessions.middleware import SessionMiddleware
from django.test import override_settings from django.test import override_settings
from django.utils import timezone from django.utils import timezone
from apps.blog.models import ArticleIndexPage, ArticlePage, ArticlePageAdminForm, Category from apps.blog.models import ArticleIndexPage, ArticlePage
from apps.blog.tests.factories import AuthorFactory from apps.blog.tests.factories import AuthorFactory
@@ -277,219 +273,3 @@ def test_article_search_fields_include_summary():
f.field_name for f in ArticlePage.search_fields if hasattr(f, "field_name") f.field_name for f in ArticlePage.search_fields if hasattr(f, "field_name")
] ]
assert "summary" in field_names assert "summary" in field_names
@pytest.mark.django_db
def test_article_admin_form_relaxes_initial_required_fields(article_index, django_user_model):
"""Slug/author/category/summary should not block initial draft validation."""
user = django_user_model.objects.create_user(
username="writer",
email="writer@example.com",
password="writer-pass",
)
form_class = ArticlePage.get_edit_handler().get_form_class()
form = form_class(parent_page=article_index, for_user=user)
assert form.fields["slug"].required is False
assert form.fields["author"].required is False
assert form.fields["category"].required is False
assert form.fields["summary"].required is False
@pytest.mark.django_db
def test_article_admin_form_clean_applies_defaults(article_index, django_user_model, monkeypatch):
"""Form clean should populate defaults before parent validation runs."""
user = django_user_model.objects.create_user(
username="writer",
email="writer@example.com",
password="writer-pass",
first_name="Writer",
last_name="User",
)
form_class = ArticlePage.get_edit_handler().get_form_class()
form = form_class(parent_page=article_index, for_user=user)
body = [
SimpleNamespace(block_type="code", value=SimpleNamespace(raw_code="print('ignore')")),
SimpleNamespace(block_type="rich_text", value=SimpleNamespace(source="<p>Hello world body text.</p>")),
]
form.cleaned_data = {
"title": "Auto Defaults Title",
"slug": "",
"author": None,
"category": None,
"summary": "",
"body": body,
}
observed = {}
def fake_super_clean(_self):
observed["slug_before_parent_clean"] = _self.cleaned_data.get("slug")
return _self.cleaned_data
mro = form.__class__.__mro__
super_form_class = mro[mro.index(ArticlePageAdminForm) + 1]
monkeypatch.setattr(super_form_class, "clean", fake_super_clean)
cleaned = form.clean()
assert observed["slug_before_parent_clean"] == "auto-defaults-title"
assert cleaned["slug"] == "auto-defaults-title"
assert cleaned["author"] is not None
assert cleaned["author"].user_id == user.id
assert cleaned["category"] is not None
assert cleaned["category"].slug == "general"
assert cleaned["summary"] == "Hello world body text."
@pytest.mark.django_db
def test_article_seo_tab_fields_not_duplicated():
"""SEO tab should include each promote/SEO field only once."""
handler = ArticlePage.get_edit_handler()
seo_tab = next(panel for panel in handler.children if panel.heading == "SEO")
def flatten_field_names(panel):
names = []
for child in panel.children:
if hasattr(child, "field_name"):
names.append(child.field_name)
else:
names.extend(flatten_field_names(child))
return names
field_names = flatten_field_names(seo_tab)
assert field_names.count("slug") == 1
assert field_names.count("seo_title") == 1
assert field_names.count("search_description") == 1
assert field_names.count("show_in_menus") == 1
@pytest.mark.django_db
def test_article_save_autogenerates_summary_when_missing(article_index):
"""Model save fallback should generate summary from prose blocks."""
category = Category.objects.create(name="Guides", slug="guides")
author = AuthorFactory()
article = ArticlePage(
title="Summary Auto",
slug="summary-auto",
author=author,
category=category,
summary="",
body=[
("code", {"language": "python", "filename": "", "raw_code": "print('skip')"}),
("rich_text", "<p>This should become the summary text.</p>"),
],
)
article_index.add_child(instance=article)
article.save()
assert article.summary == "This should become the summary text."
@pytest.mark.django_db
def test_category_verbose_name_plural():
"""Category Meta should define verbose_name_plural as 'categories'."""
assert Category._meta.verbose_name_plural == "categories"
@pytest.mark.django_db
@override_settings(ALLOWED_HOSTS=["testserver", "localhost", "127.0.0.1"])
def test_snippet_category_listing_shows_categories(client, django_user_model):
"""Categories created in the database should appear in the Snippets listing."""
Category.objects.create(name="Reviews", slug="reviews")
Category.objects.create(name="Tutorials", slug="tutorials")
admin = django_user_model.objects.create_superuser(
username="admin-cat", email="admin-cat@example.com", password="admin-pass"
)
client.force_login(admin)
response = client.get("/cms/snippets/blog/category/")
content = response.content.decode()
assert response.status_code == 200
assert "Reviews" in content
assert "Tutorials" in content
@pytest.mark.django_db
def test_article_admin_form_clean_auto_populates_search_description(article_index, django_user_model, monkeypatch):
"""Form clean should auto-populate search_description from summary."""
user = django_user_model.objects.create_user(
username="writer",
email="writer@example.com",
password="writer-pass",
first_name="Writer",
last_name="User",
)
form_class = ArticlePage.get_edit_handler().get_form_class()
form = form_class(parent_page=article_index, for_user=user)
body = [
SimpleNamespace(block_type="rich_text", value=SimpleNamespace(source="<p>Article body text.</p>")),
]
form.cleaned_data = {
"title": "SEO Test",
"slug": "",
"author": None,
"category": None,
"summary": "",
"search_description": "",
"body": body,
}
mro = form.__class__.__mro__
super_form_class = mro[mro.index(ArticlePageAdminForm) + 1]
monkeypatch.setattr(super_form_class, "clean", lambda _self: _self.cleaned_data)
cleaned = form.clean()
assert cleaned["summary"] == "Article body text."
assert cleaned["search_description"] == "Article body text."
@pytest.mark.django_db
def test_article_admin_form_preserves_explicit_search_description(article_index, django_user_model, monkeypatch):
"""Form clean should not overwrite an explicit search_description."""
user = django_user_model.objects.create_user(
username="writer2",
email="writer2@example.com",
password="writer-pass",
)
form_class = ArticlePage.get_edit_handler().get_form_class()
form = form_class(parent_page=article_index, for_user=user)
body = [
SimpleNamespace(block_type="rich_text", value=SimpleNamespace(source="<p>Body.</p>")),
]
form.cleaned_data = {
"title": "SEO Explicit Test",
"slug": "seo-explicit-test",
"author": None,
"category": None,
"summary": "My summary.",
"search_description": "Custom SEO text.",
"body": body,
}
mro = form.__class__.__mro__
super_form_class = mro[mro.index(ArticlePageAdminForm) + 1]
monkeypatch.setattr(super_form_class, "clean", lambda _self: _self.cleaned_data)
cleaned = form.clean()
assert cleaned["search_description"] == "Custom SEO text."
@pytest.mark.django_db
def test_article_page_omits_admin_messages_on_frontend(article_page, rf):
"""Frontend templates should not render admin session messages."""
request = rf.get(article_page.url)
SessionMiddleware(lambda req: None).process_request(request)
request.session.save()
setattr(request, "_messages", FallbackStorage(request))
messages.success(request, "Page 'Test' has been published.")
response = article_page.serve(request)
response.render()
content = response.content.decode()
assert "Page 'Test' has been published." not in content
assert 'aria-label="Messages"' not in content

141
apps/blog/tests/test_models.py
View File

@@ -2,15 +2,7 @@ import pytest
from django.db import IntegrityError from django.db import IntegrityError
from taggit.models import Tag from taggit.models import Tag
from apps.blog.models import ( from apps.blog.models import ArticleIndexPage, ArticlePage, Category, HomePage, TagMetadata
TAG_COLOUR_PALETTE,
ArticleIndexPage,
ArticlePage,
Category,
HomePage,
TagMetadata,
get_auto_tag_colour_css,
)
from apps.blog.tests.factories import AuthorFactory from apps.blog.tests.factories import AuthorFactory
@@ -67,32 +59,6 @@ def test_article_default_category_is_assigned(home_page):
assert article.category.slug == "general" assert article.category.slug == "general"
@pytest.mark.django_db
def test_article_read_time_is_not_recomputed_when_body_text_is_unchanged(home_page, monkeypatch):
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(
title="Stable read time",
slug="stable-read-time",
author=author,
summary="s",
body=[("rich_text", "<p>body words</p>")],
)
index.add_child(instance=article)
article.save()
def fail_compute():
raise AssertionError("read time should not be recomputed when body text is unchanged")
monkeypatch.setattr(article, "_compute_read_time", fail_compute)
article.title = "Retitled"
article.save()
article.refresh_from_db()
assert article.read_time_mins == 1
@pytest.mark.django_db @pytest.mark.django_db
def test_category_ordering(): def test_category_ordering():
Category.objects.get_or_create(name="General", slug="general") Category.objects.get_or_create(name="General", slug="general")
@@ -100,108 +66,3 @@ def test_category_ordering():
Category.objects.create(name="A", slug="a", sort_order=1) Category.objects.create(name="A", slug="a", sort_order=1)
names = list(Category.objects.values_list("name", flat=True)) names = list(Category.objects.values_list("name", flat=True))
assert names == ["General", "A", "Z"] assert names == ["General", "A", "Z"]
# ── Auto tag colour tests ────────────────────────────────────────────────────
def test_auto_tag_colour_is_deterministic():
"""Same tag name always produces the same colour."""
css1 = get_auto_tag_colour_css("python")
css2 = get_auto_tag_colour_css("python")
assert css1 == css2
def test_auto_tag_colour_is_case_insensitive():
"""Tag colour assignment is case-insensitive."""
assert get_auto_tag_colour_css("Python") == get_auto_tag_colour_css("python")
def test_auto_tag_colour_returns_valid_palette_entry():
"""Returned CSS dict must be from the palette."""
css = get_auto_tag_colour_css("llms")
assert css in TAG_COLOUR_PALETTE
def test_auto_tag_colour_distributes_across_palette():
"""Different tag names should map to multiple palette entries."""
sample_tags = ["python", "javascript", "rust", "go", "ruby", "java",
"typescript", "css", "html", "sql", "llms", "mlops"]
colours = {get_auto_tag_colour_css(t)["text"] for t in sample_tags}
assert len(colours) >= 3, "Tags should spread across at least 3 palette colours"
@pytest.mark.django_db
def test_tag_without_metadata_uses_auto_colour():
"""Tags without TagMetadata should get auto-assigned colour, not neutral."""
tag = Tag.objects.create(name="fastapi", slug="fastapi")
expected = get_auto_tag_colour_css("fastapi")
# Verify no metadata exists
assert not TagMetadata.objects.filter(tag=tag).exists()
# The template tag helper should fall back to auto colour
from apps.core.templatetags.core_tags import _resolve_tag_css
assert _resolve_tag_css(tag) == expected
@pytest.mark.django_db
def test_tag_with_metadata_overrides_auto_colour():
"""Tags with explicit TagMetadata should use that colour."""
tag = Tag.objects.create(name="django", slug="django")
TagMetadata.objects.create(tag=tag, colour="pink")
from apps.core.templatetags.core_tags import _resolve_tag_css
css = _resolve_tag_css(tag)
assert css["text"] == "text-brand-pink"
# ── Auto slug tests ──────────────────────────────────────────────────────────
@pytest.mark.django_db
def test_article_save_auto_generates_slug_from_title(home_page):
"""Model save should auto-generate slug from title when slug is empty."""
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(
title="My Great Article",
slug="",
author=author,
summary="summary",
body=[("rich_text", "<p>body</p>")],
)
index.add_child(instance=article)
article.refresh_from_db()
assert article.slug == "my-great-article"
@pytest.mark.django_db
def test_article_save_auto_generates_search_description(article_index):
"""Model save should populate search_description from summary."""
author = AuthorFactory()
article = ArticlePage(
title="SEO Auto",
slug="seo-auto",
author=author,
summary="This is the article summary.",
body=[("rich_text", "<p>body</p>")],
)
article_index.add_child(instance=article)
article.save()
assert article.search_description == "This is the article summary."
@pytest.mark.django_db
def test_article_save_preserves_explicit_search_description(article_index):
"""Explicit search_description should not be overwritten."""
author = AuthorFactory()
article = ArticlePage(
title="SEO Explicit",
slug="seo-explicit",
author=author,
summary="Generated summary.",
search_description="Custom SEO description.",
body=[("rich_text", "<p>body</p>")],
)
article_index.add_child(instance=article)
article.save()
assert article.search_description == "Custom SEO description."

7
apps/blog/tests/test_more_models.py
View File

@@ -1,5 +1,7 @@
import pytest import pytest
from apps.blog.models import TagMetadata
@pytest.mark.django_db @pytest.mark.django_db
def test_home_context_lists_articles(home_page, article_page): def test_home_context_lists_articles(home_page, article_page):
@@ -20,7 +22,6 @@ def test_get_related_articles_fallback(article_page, article_index):
assert isinstance(related, list) assert isinstance(related, list)
def test_auto_tag_colour_returns_valid_css(): def test_tag_metadata_fallback_classes():
from apps.blog.models import get_auto_tag_colour_css css = TagMetadata.get_fallback_css()
css = get_auto_tag_colour_css("test-tag")
assert css["bg"].startswith("bg-") assert css["bg"].startswith("bg-")

50
apps/blog/tests/test_views.py
View File

@@ -1,5 +1,3 @@
import re
import pytest import pytest
from taggit.models import Tag from taggit.models import Tag
@@ -140,54 +138,6 @@ def test_article_page_renders_approved_comments_and_reply_form(client, home_page
assert "Top level" in html assert "Top level" in html
assert "Reply" in html assert "Reply" in html
assert f'name="parent_id" value="{comment.id}"' in html assert f'name="parent_id" value="{comment.id}"' in html
match = re.search(r'id="comments-empty-state"[^>]*class="([^"]+)"', html)
assert match is not None
assert "hidden" in match.group(1).split()
@pytest.mark.django_db
def test_article_page_shows_empty_state_when_no_approved_comments(client, home_page):
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(
title="Main",
slug="main",
author=author,
summary="summary",
body=[("rich_text", "<p>body</p>")],
)
index.add_child(instance=article)
article.save_revision().publish()
resp = client.get("/articles/main/")
html = resp.content.decode()
assert resp.status_code == 200
assert 'id="comments-empty-state"' in html
assert "No comments yet. Be the first to comment." in html
@pytest.mark.django_db
def test_article_page_loads_comment_client_script(client, home_page):
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(
title="Main",
slug="main",
author=author,
summary="summary",
body=[("rich_text", "<p>body</p>")],
)
index.add_child(instance=article)
article.save_revision().publish()
resp = client.get("/articles/main/")
html = resp.content.decode()
assert resp.status_code == 200
assert 'src="/static/js/comments.js"' in html
@pytest.mark.django_db @pytest.mark.django_db

9
apps/comments/management/commands/purge_old_comment_data.py
View File

@@ -5,7 +5,7 @@ from datetime import timedelta
from django.core.management.base import BaseCommand from django.core.management.base import BaseCommand
from django.utils import timezone from django.utils import timezone
from apps.comments.models import Comment, CommentReaction from apps.comments.models import Comment
class Command(BaseCommand): class Command(BaseCommand):
@@ -29,10 +29,3 @@ class Command(BaseCommand):
.update(author_email="", ip_address=None) .update(author_email="", ip_address=None)
) )
self.stdout.write(self.style.SUCCESS(f"Purged personal data for {purged} comment(s).")) self.stdout.write(self.style.SUCCESS(f"Purged personal data for {purged} comment(s)."))
reactions_purged = (
CommentReaction.objects.filter(created_at__lt=cutoff)
.exclude(session_key="")
.update(session_key="")
)
self.stdout.write(self.style.SUCCESS(f"Purged session keys for {reactions_purged} reaction(s)."))

27
apps/comments/migrations/0002_commentreaction.py
View File

@@ -1,27 +0,0 @@
# Generated by Django 5.2.11 on 2026-03-03 22:49
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('comments', '0001_initial'),
]
operations = [
migrations.CreateModel(
name='CommentReaction',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('reaction_type', models.CharField(choices=[('heart', '❤️'), ('plus_one', '👍')], max_length=20)),
('session_key', models.CharField(max_length=64)),
('created_at', models.DateTimeField(auto_now_add=True)),
('comment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='reactions', to='comments.comment')),
],
options={
'constraints': [models.UniqueConstraint(fields=('comment', 'reaction_type', 'session_key'), name='unique_comment_reaction_per_session')],
},
),
]

18
apps/comments/models.py
View File

@@ -23,21 +23,3 @@ class Comment(models.Model):
def __str__(self) -> str: def __str__(self) -> str:
return f"Comment by {self.author_name}" return f"Comment by {self.author_name}"
class CommentReaction(models.Model):
comment = models.ForeignKey(Comment, on_delete=models.CASCADE, related_name="reactions")
reaction_type = models.CharField(max_length=20, choices=[("heart", "❤️"), ("plus_one", "👍")])
session_key = models.CharField(max_length=64)
created_at = models.DateTimeField(auto_now_add=True)
class Meta:
constraints = [
models.UniqueConstraint(
fields=["comment", "reaction_type", "session_key"],
name="unique_comment_reaction_per_session",
)
]
def __str__(self) -> str:
return f"{self.reaction_type} on comment {self.comment_id}"

350
apps/comments/tests/test_v2.py
View File

@@ -1,350 +0,0 @@
"""Tests for Comments v2: HTMX, Turnstile, reactions, polling, CSP."""
from __future__ import annotations
from datetime import timedelta
from unittest.mock import patch
import pytest
from django.core.cache import cache
from django.core.management import call_command
from django.test import override_settings
from django.utils import timezone
from apps.blog.models import ArticleIndexPage, ArticlePage
from apps.blog.tests.factories import AuthorFactory
from apps.comments.models import Comment, CommentReaction
# ── Fixtures ──────────────────────────────────────────────────────────────────
@pytest.fixture
def _article(home_page):
"""Create a published article with comments enabled."""
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(
title="Test Article",
slug="test-article",
author=author,
summary="summary",
body=[("rich_text", "<p>body</p>")],
)
index.add_child(instance=article)
article.save_revision().publish()
return article
@pytest.fixture
def approved_comment(_article):
return Comment.objects.create(
article=_article,
author_name="Alice",
author_email="alice@example.com",
body="Great article!",
is_approved=True,
)
def _post_comment(client, article, extra=None, htmx=False):
cache.clear()
payload = {
"article_id": article.id,
"author_name": "Test",
"author_email": "test@example.com",
"body": "Hello world",
"honeypot": "",
}
if extra:
payload.update(extra)
headers = {}
if htmx:
headers["HTTP_HX_REQUEST"] = "true"
return client.post("/comments/post/", payload, **headers)
# ── HTMX Response Contracts ──────────────────────────────────────────────────
@pytest.mark.django_db
def test_htmx_post_returns_form_with_moderation_on_success(client, _article):
"""HTMX POST with Turnstile disabled returns fresh form + moderation message."""
resp = _post_comment(client, _article, htmx=True)
assert resp.status_code == 200
assert b"awaiting moderation" in resp.content
# Response swaps the form container (contains form + success message)
assert b"comment-form-container" in resp.content
assert "HX-Request" in resp["Vary"]
@pytest.mark.django_db
@override_settings(TURNSTILE_SECRET_KEY="test-secret")
def test_htmx_post_returns_form_plus_oob_comment_when_approved(client, _article):
"""HTMX POST with successful Turnstile returns fresh form + OOB comment."""
with patch("apps.comments.views._verify_turnstile", return_value=True):
resp = _post_comment(client, _article, extra={"cf-turnstile-response": "tok"}, htmx=True)
assert resp.status_code == 200
content = resp.content.decode()
# Fresh form container is the primary response
assert "comment-form-container" in content
assert "Comment posted!" in content
# OOB swap appends the comment to #comments-list
assert "hx-swap-oob" in content
assert "Hello world" in content
assert 'id="comments-empty-state" hx-swap-oob="delete"' in content
comment = Comment.objects.get()
assert comment.is_approved is True
@pytest.mark.django_db
def test_htmx_post_returns_form_with_errors_on_invalid(client, _article):
"""HTMX POST with invalid data returns form with errors (HTTP 200)."""
cache.clear()
resp = client.post(
"/comments/post/",
{"article_id": _article.id, "author_name": "T", "author_email": "t@t.com", "body": " ", "honeypot": ""},
HTTP_HX_REQUEST="true",
)
assert resp.status_code == 200
assert b"comment-form-container" in resp.content
assert b"Comment form errors" in resp.content
assert "HX-Request" in resp["Vary"]
assert Comment.objects.count() == 0
@pytest.mark.django_db
@override_settings(TURNSTILE_SECRET_KEY="test-secret")
def test_htmx_reply_returns_oob_reply_when_approved(client, _article, approved_comment):
"""Approved reply via HTMX returns compact reply partial via OOB swap."""
cache.clear()
with patch("apps.comments.views._verify_turnstile", return_value=True):
resp = client.post(
"/comments/post/",
{
"article_id": _article.id,
"parent_id": approved_comment.id,
"author_name": "Replier",
"author_email": "r@r.com",
"body": "Nice reply",
"honeypot": "",
"cf-turnstile-response": "tok",
},
HTTP_HX_REQUEST="true",
)
content = resp.content.decode()
assert resp.status_code == 200
# OOB targets a stable, explicit replies container for the parent comment.
assert f'hx-swap-oob="beforeend:#replies-for-{approved_comment.id}"' in content
# Verify content is rendered (not empty due to context mismatch)
assert "Replier" in content
assert "Nice reply" in content
reply = Comment.objects.exclude(pk=approved_comment.pk).get()
assert f"comment-{reply.id}" in content
assert reply.parent_id == approved_comment.id
assert reply.is_approved is True
@pytest.mark.django_db
def test_non_htmx_post_still_redirects(client, _article):
"""Non-HTMX POST continues to redirect (progressive enhancement)."""
resp = _post_comment(client, _article)
assert resp.status_code == 302
assert resp["Location"].endswith("?commented=pending")
@pytest.mark.django_db
def test_htmx_error_with_tampered_parent_id_falls_back_to_main_form(client, _article):
"""Tampered/non-numeric parent_id falls back to main form error response."""
cache.clear()
resp = client.post(
"/comments/post/",
{"article_id": _article.id, "parent_id": "not-a-number", "author_name": "T",
"author_email": "t@t.com", "body": " ", "honeypot": ""},
HTTP_HX_REQUEST="true",
)
assert resp.status_code == 200
assert b"comment-form-container" in resp.content
@pytest.mark.django_db
def test_htmx_invalid_reply_rerenders_reply_form_with_values(client, _article, approved_comment):
"""Invalid reply keeps user input and returns the reply form container."""
cache.clear()
resp = client.post(
"/comments/post/",
{
"article_id": _article.id,
"parent_id": approved_comment.id,
"author_name": "Reply User",
"author_email": "reply@example.com",
"body": " ",
"honeypot": "",
},
HTTP_HX_REQUEST="true",
)
assert resp.status_code == 200
content = resp.content.decode()
assert f'id="reply-form-container-{approved_comment.id}"' in content
assert "Comment form errors" in content
assert 'value="Reply User"' in content
assert "reply@example.com" in content
# ── Turnstile Integration ────────────────────────────────────────────────────
@pytest.mark.django_db
@override_settings(TURNSTILE_SECRET_KEY="test-secret")
def test_turnstile_failure_keeps_comment_unapproved(client, _article):
"""When Turnstile verification fails, comment stays unapproved."""
with patch("apps.comments.views._verify_turnstile", return_value=False):
_post_comment(client, _article, extra={"cf-turnstile-response": "bad-tok"})
comment = Comment.objects.get()
assert comment.is_approved is False
@pytest.mark.django_db
def test_turnstile_disabled_keeps_comment_unapproved(client, _article):
"""When TURNSTILE_SECRET_KEY is empty, comment stays unapproved."""
_post_comment(client, _article)
comment = Comment.objects.get()
assert comment.is_approved is False
@pytest.mark.django_db
@override_settings(TURNSTILE_SECRET_KEY="test-secret", TURNSTILE_EXPECTED_HOSTNAME="nohypeai.com")
def test_turnstile_hostname_mismatch_rejects(client, _article):
"""Turnstile hostname mismatch keeps comment unapproved."""
mock_resp = type("R", (), {"json": lambda self: {"success": True, "hostname": "evil.com"}})()
with patch("apps.comments.views.http_requests.post", return_value=mock_resp):
_post_comment(client, _article, extra={"cf-turnstile-response": "tok"})
comment = Comment.objects.get()
assert comment.is_approved is False
@pytest.mark.django_db
@override_settings(TURNSTILE_SECRET_KEY="test-secret")
def test_turnstile_timeout_fails_closed(client, _article):
"""Network error during Turnstile verification fails closed."""
with patch("apps.comments.views.http_requests.post", side_effect=Exception("timeout")):
_post_comment(client, _article, extra={"cf-turnstile-response": "tok"})
comment = Comment.objects.get()
assert comment.is_approved is False
# ── Polling ───────────────────────────────────────────────────────────────────
@pytest.mark.django_db
def test_comment_poll_returns_new_comments(_article, client, approved_comment):
"""Poll endpoint returns only comments after the given ID."""
resp = client.get(f"/comments/poll/{_article.id}/?after_id=0")
assert resp.status_code == 200
assert b"Alice" in resp.content
resp2 = client.get(f"/comments/poll/{_article.id}/?after_id={approved_comment.id}")
assert resp2.status_code == 200
assert b"Alice" not in resp2.content
@pytest.mark.django_db
def test_comment_poll_no_duplicates(_article, client, approved_comment):
"""Polling with current latest ID returns empty."""
resp = client.get(f"/comments/poll/{_article.id}/?after_id={approved_comment.id}")
assert b"comment-" not in resp.content
# ── Reactions ─────────────────────────────────────────────────────────────────
@pytest.mark.django_db
def test_react_creates_reaction(client, approved_comment):
cache.clear()
resp = client.post(
f"/comments/{approved_comment.id}/react/",
{"reaction_type": "heart"},
HTTP_HX_REQUEST="true",
)
assert resp.status_code == 200
assert CommentReaction.objects.count() == 1
@pytest.mark.django_db
def test_react_toggle_removes_reaction(client, approved_comment):
"""Second reaction of same type removes it (toggle)."""
cache.clear()
client.post(f"/comments/{approved_comment.id}/react/", {"reaction_type": "heart"})
client.post(f"/comments/{approved_comment.id}/react/", {"reaction_type": "heart"})
assert CommentReaction.objects.count() == 0
@pytest.mark.django_db
def test_react_different_types_coexist(client, approved_comment):
cache.clear()
client.post(f"/comments/{approved_comment.id}/react/", {"reaction_type": "heart"})
client.post(f"/comments/{approved_comment.id}/react/", {"reaction_type": "plus_one"})
assert CommentReaction.objects.count() == 2
@pytest.mark.django_db
def test_react_invalid_type_returns_400(client, approved_comment):
cache.clear()
resp = client.post(f"/comments/{approved_comment.id}/react/", {"reaction_type": "invalid"})
assert resp.status_code == 400
@pytest.mark.django_db
def test_react_on_unapproved_comment_returns_404(client, _article):
cache.clear()
comment = Comment.objects.create(
article=_article, author_name="B", author_email="b@b.com", body="x", is_approved=False,
)
resp = client.post(f"/comments/{comment.id}/react/", {"reaction_type": "heart"})
assert resp.status_code == 404
@pytest.mark.django_db
@override_settings(REACTION_RATE_LIMIT_PER_MINUTE=2)
def test_react_rate_limit(client, approved_comment):
cache.clear()
for _ in range(2):
client.post(f"/comments/{approved_comment.id}/react/", {"reaction_type": "heart"})
resp = client.post(f"/comments/{approved_comment.id}/react/", {"reaction_type": "plus_one"})
assert resp.status_code == 429
# ── CSP ───────────────────────────────────────────────────────────────────────
@pytest.mark.django_db
def test_csp_allows_turnstile(client, _article):
"""CSP header includes Cloudflare Turnstile domains."""
resp = client.get(_article.url)
csp = resp.get("Content-Security-Policy", "")
assert "challenges.cloudflare.com" in csp
assert "frame-src" in csp
# ── Purge Command Extension ──────────────────────────────────────────────────
@pytest.mark.django_db
def test_purge_clears_reaction_session_keys(home_page):
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(title="A", slug="a", author=author, summary="s", body=[("rich_text", "<p>b</p>")])
index.add_child(instance=article)
article.save_revision().publish()
comment = Comment.objects.create(
article=article, author_name="X", author_email="x@x.com", body="y", is_approved=True,
)
reaction = CommentReaction.objects.create(
comment=comment, reaction_type="heart", session_key="abc123",
)
CommentReaction.objects.filter(pk=reaction.pk).update(created_at=timezone.now() - timedelta(days=800))
call_command("purge_old_comment_data")
reaction.refresh_from_db()
assert reaction.session_key == ""

58
apps/comments/tests/test_views.py
View File

@@ -1,5 +1,3 @@
from unittest.mock import patch
import pytest import pytest
from django.core.cache import cache from django.core.cache import cache
from django.test import override_settings from django.test import override_settings
@@ -30,64 +28,10 @@ def test_comment_post_flow(client, home_page):
}, },
) )
assert resp.status_code == 302 assert resp.status_code == 302
assert resp["Location"].endswith("?commented=pending") assert resp["Location"].endswith("?commented=1")
assert Comment.objects.count() == 1 assert Comment.objects.count() == 1
@pytest.mark.django_db
def test_comment_post_redirect_banner_renders_on_article_page(client, home_page):
cache.clear()
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(title="A", slug="a", author=author, summary="s", body=[("rich_text", "<p>body</p>")])
index.add_child(instance=article)
article.save_revision().publish()
resp = client.post(
"/comments/post/",
{
"article_id": article.id,
"author_name": "Test",
"author_email": "test@example.com",
"body": "Hello",
"honeypot": "",
},
follow=True,
)
assert resp.status_code == 200
assert b"Your comment has been posted and is awaiting moderation." in resp.content
@pytest.mark.django_db
@override_settings(TURNSTILE_SECRET_KEY="test-secret")
def test_comment_post_redirect_banner_renders_approved_state(client, home_page):
cache.clear()
index = ArticleIndexPage(title="Articles", slug="articles")
home_page.add_child(instance=index)
author = AuthorFactory()
article = ArticlePage(title="A", slug="a", author=author, summary="s", body=[("rich_text", "<p>body</p>")])
index.add_child(instance=article)
article.save_revision().publish()
with patch("apps.comments.views._verify_turnstile", return_value=True):
resp = client.post(
"/comments/post/",
{
"article_id": article.id,
"author_name": "Test",
"author_email": "test@example.com",
"body": "Hello",
"honeypot": "",
"cf-turnstile-response": "tok",
},
follow=True,
)
assert resp.status_code == 200
assert b"Comment posted!" in resp.content
@pytest.mark.django_db @pytest.mark.django_db
def test_comment_post_rejected_when_comments_disabled(client, home_page): def test_comment_post_rejected_when_comments_disabled(client, home_page):
cache.clear() cache.clear()

4
apps/comments/urls.py
View File

@@ -1,9 +1,7 @@
from django.urls import path from django.urls import path
from apps.comments.views import CommentCreateView, comment_poll, comment_react from apps.comments.views import CommentCreateView
urlpatterns = [ urlpatterns = [
path("post/", CommentCreateView.as_view(), name="comment_post"), path("post/", CommentCreateView.as_view(), name="comment_post"),
path("poll/<int:article_id>/", comment_poll, name="comment_poll"),
path("<int:comment_id>/react/", comment_react, name="comment_react"),
] ]

281
apps/comments/views.py
View File

@@ -1,25 +1,16 @@
from __future__ import annotations from __future__ import annotations
import logging
import requests as http_requests
from django.conf import settings from django.conf import settings
from django.contrib import messages
from django.core.cache import cache from django.core.cache import cache
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
from django.db import IntegrityError from django.http import HttpResponse
from django.db.models import Count, Prefetch
from django.http import HttpResponse, JsonResponse
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
from django.template.loader import render_to_string
from django.utils.cache import patch_vary_headers
from django.views import View from django.views import View
from django.views.decorators.http import require_GET, require_POST
from apps.blog.models import ArticlePage from apps.blog.models import ArticlePage
from apps.comments.forms import CommentForm from apps.comments.forms import CommentForm
from apps.comments.models import Comment, CommentReaction from apps.comments.models import Comment
logger = logging.getLogger(__name__)
def client_ip_from_request(request) -> str: def client_ip_from_request(request) -> str:
@@ -31,159 +22,12 @@ def client_ip_from_request(request) -> str:
return remote_addr return remote_addr
def _is_htmx(request) -> bool:
return request.headers.get("HX-Request") == "true"
def _add_vary_header(response):
patch_vary_headers(response, ["HX-Request"])
return response
def _comment_redirect(article: ArticlePage, *, approved: bool):
state = "approved" if approved else "pending"
return redirect(f"{article.url}?commented={state}")
def _verify_turnstile(token: str, ip: str) -> bool:
secret = getattr(settings, "TURNSTILE_SECRET_KEY", "")
if not secret:
return False
try:
resp = http_requests.post(
"https://challenges.cloudflare.com/turnstile/v0/siteverify",
data={"secret": secret, "response": token, "remoteip": ip},
timeout=5,
)
result = resp.json()
if not result.get("success"):
return False
expected_hostname = getattr(settings, "TURNSTILE_EXPECTED_HOSTNAME", "")
if expected_hostname and result.get("hostname") != expected_hostname:
logger.warning("Turnstile hostname mismatch: %s", result.get("hostname"))
return False
return True
except Exception:
logger.exception("Turnstile verification failed")
return False
def _turnstile_enabled() -> bool:
return bool(getattr(settings, "TURNSTILE_SECRET_KEY", ""))
def _get_session_key(request) -> str:
session = getattr(request, "session", None)
return (session.session_key or "") if session else ""
def _turnstile_site_key():
return getattr(settings, "TURNSTILE_SITE_KEY", "")
def _annotate_reaction_counts(comments, session_key=""):
"""Hydrate each comment with reaction_counts dict and user_reacted set."""
comment_ids = [c.id for c in comments]
if not comment_ids:
return comments
counts_qs = (
CommentReaction.objects.filter(comment_id__in=comment_ids)
.values("comment_id", "reaction_type")
.annotate(count=Count("id"))
)
counts_map = {}
for row in counts_qs:
counts_map.setdefault(row["comment_id"], {"heart": 0, "plus_one": 0})
counts_map[row["comment_id"]][row["reaction_type"]] = row["count"]
user_map = {}
if session_key:
user_qs = CommentReaction.objects.filter(
comment_id__in=comment_ids, session_key=session_key
).values_list("comment_id", "reaction_type")
for cid, rtype in user_qs:
user_map.setdefault(cid, set()).add(rtype)
for comment in comments:
comment.reaction_counts = counts_map.get(comment.id, {"heart": 0, "plus_one": 0})
comment.user_reacted = user_map.get(comment.id, set())
return comments
def _comment_template_context(comment, article, request):
"""Build template context for a single comment partial."""
_annotate_reaction_counts([comment], _get_session_key(request))
return {
"comment": comment,
"page": article,
"turnstile_site_key": _turnstile_site_key(),
}
class CommentCreateView(View): class CommentCreateView(View):
def _render_htmx_error(self, request, article, form): def _render_article_with_errors(self, request, article, form):
"""Return error form partial for HTMX — swaps the form container itself.""" context = article.get_context(request)
raw_parent_id = request.POST.get("parent_id") context["page"] = article
if raw_parent_id: context["comment_form"] = form
try: return render(request, "blog/article_page.html", context, status=200)
parent_id = int(raw_parent_id)
except (ValueError, TypeError):
parent_id = None
parent = Comment.objects.filter(pk=parent_id, article=article).first() if parent_id else None
if parent:
ctx = {
"comment": parent, "page": article,
"turnstile_site_key": _turnstile_site_key(),
"reply_form_errors": form.errors,
"reply_form": form,
}
return _add_vary_header(render(request, "comments/_reply_form.html", ctx))
ctx = {
"comment_form": form, "page": article,
"turnstile_site_key": _turnstile_site_key(),
}
return _add_vary_header(render(request, "comments/_comment_form.html", ctx))
def _render_htmx_success(self, request, article, comment):
"""Return fresh form + OOB-appended comment (if approved)."""
tsk = _turnstile_site_key()
oob_parts = []
if comment.is_approved:
ctx = _comment_template_context(comment, article, request)
if comment.parent_id:
# _reply.html expects 'reply' context key
reply_ctx = ctx.copy()
reply_ctx["reply"] = reply_ctx.pop("comment")
comment_html = render_to_string("comments/_reply.html", reply_ctx, request)
oob_parts.append(
f'<div hx-swap-oob="beforeend:#replies-for-{comment.parent_id}">{comment_html}</div>'
)
else:
comment_html = render_to_string("comments/_comment.html", ctx, request)
oob_parts.append(f'<div hx-swap-oob="beforeend:#comments-list">{comment_html}</div>')
# Ensure stale empty-state copy is removed when the first approved comment appears.
oob_parts.append('<div id="comments-empty-state" hx-swap-oob="delete"></div>')
if comment.parent_id:
parent = Comment.objects.filter(pk=comment.parent_id, article=article).first()
msg = "Reply posted!" if comment.is_approved else "Your reply is awaiting moderation."
form_html = render_to_string("comments/_reply_form.html", {
"comment": parent, "page": article,
"turnstile_site_key": tsk, "reply_success_message": msg,
}, request)
else:
msg = (
"Comment posted!" if comment.is_approved
else "Your comment has been posted and is awaiting moderation."
)
form_html = render_to_string("comments/_comment_form.html", {
"page": article, "turnstile_site_key": tsk, "success_message": msg,
}, request)
resp = HttpResponse(form_html + "".join(oob_parts))
return _add_vary_header(resp)
def post(self, request): def post(self, request):
ip = client_ip_from_request(request) ip = client_ip_from_request(request)
@@ -201,21 +45,9 @@ class CommentCreateView(View):
if form.is_valid(): if form.is_valid():
if form.cleaned_data.get("honeypot"): if form.cleaned_data.get("honeypot"):
if _is_htmx(request): return redirect(f"{article.url}?commented=1")
return _add_vary_header(
render(request, "comments/_comment_success.html", {"message": "Comment posted!"})
)
return _comment_redirect(article, approved=True)
# Turnstile verification
turnstile_ok = False
if _turnstile_enabled():
token = request.POST.get("cf-turnstile-response", "")
turnstile_ok = _verify_turnstile(token, ip)
comment = form.save(commit=False) comment = form.save(commit=False)
comment.article = article comment.article = article
comment.is_approved = turnstile_ok
parent_id = form.cleaned_data.get("parent_id") parent_id = form.cleaned_data.get("parent_id")
if parent_id: if parent_id:
comment.parent = Comment.objects.filter(pk=parent_id, article=article).first() comment.parent = Comment.objects.filter(pk=parent_id, article=article).first()
@@ -224,96 +56,9 @@ class CommentCreateView(View):
comment.full_clean() comment.full_clean()
except ValidationError: except ValidationError:
form.add_error(None, "Reply depth exceeds the allowed limit") form.add_error(None, "Reply depth exceeds the allowed limit")
if _is_htmx(request): return self._render_article_with_errors(request, article, form)
return self._render_htmx_error(request, article, form)
context = article.get_context(request)
context.update({"page": article, "comment_form": form})
return render(request, "blog/article_page.html", context, status=200)
comment.save() comment.save()
messages.success(request, "Your comment is awaiting moderation")
return redirect(f"{article.url}?commented=1")
if _is_htmx(request): return self._render_article_with_errors(request, article, form)
return self._render_htmx_success(request, article, comment)
return _comment_redirect(article, approved=comment.is_approved)
if _is_htmx(request):
return self._render_htmx_error(request, article, form)
context = article.get_context(request)
context.update({"page": article, "comment_form": form})
return render(request, "blog/article_page.html", context, status=200)
@require_GET
def comment_poll(request, article_id):
"""Return comments newer than after_id for HTMX polling."""
article = get_object_or_404(ArticlePage, pk=article_id)
after_id = request.GET.get("after_id", "0")
try:
after_id = int(after_id)
except (ValueError, TypeError):
after_id = 0
approved_replies = Comment.objects.filter(is_approved=True).select_related("parent")
comments = list(
article.comments.filter(is_approved=True, parent__isnull=True, id__gt=after_id)
.prefetch_related(Prefetch("replies", queryset=approved_replies))
.order_by("created_at", "id")
)
_annotate_reaction_counts(comments, _get_session_key(request))
resp = render(request, "comments/_comment_list_inner.html", {
"approved_comments": comments,
"page": article,
"turnstile_site_key": _turnstile_site_key(),
})
return _add_vary_header(resp)
@require_POST
def comment_react(request, comment_id):
"""Toggle a reaction on a comment."""
ip = client_ip_from_request(request)
key = f"reaction-rate:{ip}"
count = cache.get(key, 0)
rate_limit = getattr(settings, "REACTION_RATE_LIMIT_PER_MINUTE", 20)
if count >= rate_limit:
return HttpResponse(status=429)
cache.set(key, count + 1, timeout=60)
comment = get_object_or_404(Comment, pk=comment_id, is_approved=True)
reaction_type = request.POST.get("reaction_type", "heart")
if reaction_type not in ("heart", "plus_one"):
return HttpResponse(status=400)
if not request.session.session_key:
request.session.create()
session_key = request.session.session_key
try:
existing = CommentReaction.objects.filter(
comment=comment, reaction_type=reaction_type, session_key=session_key
).first()
if existing:
existing.delete()
else:
CommentReaction.objects.create(
comment=comment, reaction_type=reaction_type, session_key=session_key
)
except IntegrityError:
pass
counts = {}
for rt in ("heart", "plus_one"):
counts[rt] = comment.reactions.filter(reaction_type=rt).count()
user_reacted = set(
comment.reactions.filter(session_key=session_key).values_list("reaction_type", flat=True)
)
if _is_htmx(request):
resp = render(request, "comments/_reactions.html", {
"comment": comment, "counts": counts, "user_reacted": user_reacted,
})
return _add_vary_header(resp)
return JsonResponse({"counts": counts, "user_reacted": list(user_reacted)})

29
apps/comments/wagtail_hooks.py
View File

@@ -41,34 +41,6 @@ class ApproveCommentBulkAction(SnippetBulkAction):
) % {"count": num_parent_objects} ) % {"count": num_parent_objects}
class UnapproveCommentBulkAction(SnippetBulkAction):
display_name = _("Unapprove")
action_type = "unapprove"
aria_label = _("Unapprove selected comments")
template_name = "comments/confirm_bulk_unapprove.html"
action_priority = 30
models = [Comment]
def check_perm(self, snippet):
if getattr(self, "can_change_items", None) is None:
self.can_change_items = self.request.user.has_perm(get_permission_name("change", self.model))
return self.can_change_items
@classmethod
def execute_action(cls, objects, **kwargs):
updated = kwargs["self"].model.objects.filter(pk__in=[obj.pk for obj in objects], is_approved=True).update(
is_approved=False
)
return updated, 0
def get_success_message(self, num_parent_objects, num_child_objects):
return ngettext(
"%(count)d comment unapproved.",
"%(count)d comments unapproved.",
num_parent_objects,
) % {"count": num_parent_objects}
class CommentViewSet(SnippetViewSet): class CommentViewSet(SnippetViewSet):
model = Comment model = Comment
queryset = Comment.objects.all() queryset = Comment.objects.all()
@@ -98,4 +70,3 @@ class CommentViewSet(SnippetViewSet):
register_snippet(CommentViewSet) register_snippet(CommentViewSet)
hooks.register("register_bulk_action", ApproveCommentBulkAction) hooks.register("register_bulk_action", ApproveCommentBulkAction)
hooks.register("register_bulk_action", UnapproveCommentBulkAction)

6
apps/core/context_processors.py
View File

@@ -1,4 +1,3 @@
from django.conf import settings as django_settings
from wagtail.models import Site from wagtail.models import Site
from apps.core.models import SiteSettings from apps.core.models import SiteSettings
@@ -7,7 +6,4 @@ from apps.core.models import SiteSettings
def site_settings(request): def site_settings(request):
site = Site.find_for_request(request) site = Site.find_for_request(request)
settings_obj = SiteSettings.for_site(site) if site else None settings_obj = SiteSettings.for_site(site) if site else None
return { return {"site_settings": settings_obj}
"site_settings": settings_obj,
"turnstile_site_key": getattr(django_settings, "TURNSTILE_SITE_KEY", ""),
}

30
apps/core/middleware.py
View File

@@ -1,9 +1,6 @@
from __future__ import annotations from __future__ import annotations
import secrets import secrets
from typing import Any, cast
from django.contrib.messages import get_messages
from .consent import ConsentService from .consent import ConsentService
@@ -31,37 +28,14 @@ class SecurityHeadersMiddleware:
return response return response
response["Content-Security-Policy"] = ( response["Content-Security-Policy"] = (
f"default-src 'self'; " f"default-src 'self'; "
f"script-src 'self' 'nonce-{nonce}' https://challenges.cloudflare.com; " f"script-src 'self' 'nonce-{nonce}'; "
"style-src 'self' https://fonts.googleapis.com; " "style-src 'self' https://fonts.googleapis.com; "
"img-src 'self' data: blob:; " "img-src 'self' data: blob:; "
"font-src 'self' https://fonts.gstatic.com; " "font-src 'self' https://fonts.gstatic.com; "
"connect-src 'self' https://challenges.cloudflare.com; " "connect-src 'self'; "
"frame-src https://challenges.cloudflare.com; "
"object-src 'none'; " "object-src 'none'; "
"base-uri 'self'; " "base-uri 'self'; "
"frame-ancestors 'self'" "frame-ancestors 'self'"
) )
response["Permissions-Policy"] = "camera=(), microphone=(), geolocation=()" response["Permissions-Policy"] = "camera=(), microphone=(), geolocation=()"
return response return response
class AdminMessageGuardMiddleware:
ADMIN_PREFIXES = ("/cms/", "/django-admin/")
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# The public site has no legitimate use of Django's shared flash queue.
# Drain any stale admin messages before frontend rendering can see them.
if not request.path.startswith(self.ADMIN_PREFIXES):
storage = cast(Any, get_messages(request))
list(storage)
storage._queued_messages = []
storage._loaded_data = []
for sub_storage in getattr(storage, "storages", []):
sub_storage._queued_messages = []
sub_storage._loaded_data = []
sub_storage.used = True
storage.used = True
return self.get_response(request)

22
apps/core/templatetags/core_tags.py
View File

@@ -4,7 +4,7 @@ from django import template
from django.utils.safestring import mark_safe from django.utils.safestring import mark_safe
from wagtail.models import Site from wagtail.models import Site
from apps.blog.models import ArticleIndexPage, Category, TagMetadata, get_auto_tag_colour_css from apps.blog.models import ArticleIndexPage, Category, TagMetadata
from apps.core.models import SiteSettings from apps.core.models import SiteSettings
from apps.legal.models import LegalPage from apps.legal.models import LegalPage
@@ -70,24 +70,20 @@ def get_categories_nav(context):
] ]
def _resolve_tag_css(tag) -> dict[str, str]:
"""Return CSS classes for a tag, using TagMetadata if set, else auto-colour."""
meta = getattr(tag, "metadata", None)
if meta is None:
meta = TagMetadata.objects.filter(tag=tag).first()
if meta:
return meta.get_css_classes()
return get_auto_tag_colour_css(tag.name)
@register.simple_tag @register.simple_tag
@register.filter @register.filter
def get_tag_css(tag): def get_tag_css(tag):
classes = _resolve_tag_css(tag) meta = getattr(tag, "metadata", None)
if meta is None:
meta = TagMetadata.objects.filter(tag=tag).first()
classes = meta.get_css_classes() if meta else TagMetadata.get_fallback_css()
return mark_safe(f"{classes['bg']} {classes['text']}") return mark_safe(f"{classes['bg']} {classes['text']}")
@register.filter @register.filter
def get_tag_border_css(tag): def get_tag_border_css(tag):
classes = _resolve_tag_css(tag) meta = getattr(tag, "metadata", None)
if meta is None:
meta = TagMetadata.objects.filter(tag=tag).first()
classes = meta.get_css_classes() if meta else TagMetadata.get_fallback_css()
return mark_safe(classes.get("border", "")) return mark_safe(classes.get("border", ""))

2
apps/core/tests/test_commands.py
View File

@@ -25,8 +25,6 @@ def test_check_content_integrity_fails_for_blank_summary(home_page):
) )
index.add_child(instance=article) index.add_child(instance=article)
article.save_revision().publish() article.save_revision().publish()
# Simulate legacy/bad data by bypassing model save() auto-summary fallback.
ArticlePage.objects.filter(pk=article.pk).update(summary=" ")
with pytest.raises(CommandError, match="empty summary"): with pytest.raises(CommandError, match="empty summary"):
call_command("check_content_integrity") call_command("check_content_integrity")

120
apps/core/tests/test_message_handling.py
View File

@@ -1,120 +0,0 @@
from __future__ import annotations
import pytest
from django.contrib import messages
from django.contrib.auth.models import AnonymousUser
from django.contrib.messages import get_messages
from django.contrib.messages.storage.fallback import FallbackStorage
from django.contrib.sessions.middleware import SessionMiddleware
from django.http import HttpResponse
from django.shortcuts import render
from django.test import RequestFactory, override_settings
from django.urls import include, path
from apps.core.middleware import AdminMessageGuardMiddleware
def admin_message_test_view(request):
messages.success(request, "Page 'Test page' has been updated.")
messages.success(request, "Page 'Test page' has been published.")
return render(request, "wagtailadmin/base.html", {})
urlpatterns = [
path("cms/__tests__/admin-messages/", admin_message_test_view),
path("", include("config.urls")),
]
def _build_request(rf: RequestFactory, path: str):
request = rf.get(path)
SessionMiddleware(lambda req: None).process_request(request)
request.session.save()
request.user = AnonymousUser()
setattr(request, "_messages", FallbackStorage(request))
return request
@pytest.mark.django_db
def test_admin_message_guard_clears_stale_messages_on_frontend(rf):
request = _build_request(rf, "/articles/test/")
messages.success(request, "Page 'Test page' has been updated.")
response = AdminMessageGuardMiddleware(lambda req: HttpResponse("ok"))(request)
assert response.status_code == 200
assert list(get_messages(request)) == []
@pytest.mark.django_db
def test_admin_message_guard_preserves_admin_messages(rf):
request = _build_request(rf, "/cms/pages/1/edit/")
messages.success(request, "Page 'Test page' has been updated.")
response = AdminMessageGuardMiddleware(lambda req: HttpResponse("ok"))(request)
remaining = list(get_messages(request))
assert response.status_code == 200
assert len(remaining) == 1
assert remaining[0].message == "Page 'Test page' has been updated."
@pytest.mark.django_db
@override_settings(ROOT_URLCONF="apps.core.tests.test_message_handling")
def test_admin_messages_have_auto_clear(client, django_user_model):
"""The messages container must set auto-clear so messages dismiss themselves."""
admin = django_user_model.objects.create_superuser(
username="admin-autoclear",
email="admin-autoclear@example.com",
password="admin-pass",
)
client.force_login(admin)
response = client.get("/cms/__tests__/admin-messages/")
content = response.content.decode()
assert response.status_code == 200
assert "data-w-messages-auto-clear-value" in content
@pytest.mark.django_db
@override_settings(ROOT_URLCONF="apps.core.tests.test_message_handling")
def test_server_rendered_messages_have_auto_dismiss_script(client, django_user_model):
"""Server-rendered messages must include an inline script that removes them
after a timeout, because the w-messages Stimulus controller only auto-clears
messages added via JavaScript — not ones already in the HTML."""
admin = django_user_model.objects.create_superuser(
username="admin-dismiss",
email="admin-dismiss@example.com",
password="admin-pass",
)
client.force_login(admin)
response = client.get("/cms/__tests__/admin-messages/")
content = response.content.decode()
assert response.status_code == 200
# Messages are rendered with the data-server-rendered marker
assert "data-server-rendered" in content
# The auto-dismiss script targets those markers
assert "querySelectorAll" in content
assert "[data-server-rendered]" in content
@pytest.mark.django_db
@override_settings(ROOT_URLCONF="apps.core.tests.test_message_handling")
def test_admin_messages_render_all_messages(client, django_user_model):
"""All messages should be rendered (no de-duplication filtering)."""
admin = django_user_model.objects.create_superuser(
username="admin-render",
email="admin-render@example.com",
password="admin-pass",
)
client.force_login(admin)
response = client.get("/cms/__tests__/admin-messages/")
content = response.content.decode()
assert response.status_code == 200
assert "has been updated." in content
assert "has been published." in content

11
apps/core/tests/test_more.py
View File

@@ -21,20 +21,17 @@ def test_context_processor_returns_sitesettings(home_page):
@pytest.mark.django_db @pytest.mark.django_db
def test_get_tag_css_auto_colour(): def test_get_tag_css_fallback():
"""Tags without metadata get a deterministic auto-assigned colour."""
tag = Tag.objects.create(name="x", slug="x") tag = Tag.objects.create(name="x", slug="x")
value = core_tags.get_tag_css(tag) value = core_tags.get_tag_css(tag)
assert "bg-" in value assert "bg-zinc" in value
assert "text-" in value
@pytest.mark.django_db @pytest.mark.django_db
def test_get_tag_border_css_auto_colour(): def test_get_tag_border_css_fallback():
"""Tags without metadata get a deterministic auto-assigned border colour."""
tag = Tag.objects.create(name="y", slug="y") tag = Tag.objects.create(name="y", slug="y")
value = core_tags.get_tag_border_css(tag) value = core_tags.get_tag_border_css(tag)
assert "border-" in value assert "border-zinc" in value
@pytest.mark.django_db @pytest.mark.django_db

1
apps/health/__init__.py
View File

@@ -1 +0,0 @@

6
apps/health/apps.py
View File

@@ -1,6 +0,0 @@
from django.apps import AppConfig
class HealthConfig(AppConfig):
default_auto_field = "django.db.models.BigAutoField"
name = "apps.health"

80
apps/health/checks.py
View File

@@ -1,80 +0,0 @@
from __future__ import annotations
import importlib
import os
import time
import uuid
from pathlib import Path
from django.core.cache import cache
from django.db import connection
BACKUP_MAX_AGE_SECONDS = 48 * 60 * 60
def check_db() -> dict[str, float | str]:
started = time.perf_counter()
try:
with connection.cursor() as cursor:
cursor.execute("SELECT 1")
except Exception as exc:
return {"status": "fail", "detail": str(exc)}
return {"status": "ok", "latency_ms": (time.perf_counter() - started) * 1000}
def check_cache() -> dict[str, float | str]:
cache_key = f"health:{uuid.uuid4().hex}"
probe_value = uuid.uuid4().hex
started = time.perf_counter()
try:
cache.set(cache_key, probe_value, timeout=5)
cached_value = cache.get(cache_key)
if cached_value != probe_value:
return {"status": "fail", "detail": "Cache probe returned unexpected value"}
cache.delete(cache_key)
except Exception as exc:
return {"status": "fail", "detail": str(exc)}
return {"status": "ok", "latency_ms": (time.perf_counter() - started) * 1000}
def check_celery() -> dict[str, str]:
broker_url = os.environ.get("CELERY_BROKER_URL")
if not broker_url:
return {"status": "ok", "detail": "Celery not configured: CELERY_BROKER_URL is unset"}
try:
kombu = importlib.import_module("kombu")
except ImportError:
return {"status": "ok", "detail": "Celery broker check skipped: kombu is not installed"}
try:
with kombu.Connection(broker_url, connect_timeout=3) as broker_connection:
broker_connection.ensure_connection(max_retries=1)
except Exception as exc:
return {"status": "fail", "detail": str(exc)}
return {"status": "ok"}
def check_backup() -> dict[str, str]:
backup_status_file = os.environ.get("BACKUP_STATUS_FILE")
if not backup_status_file:
return {"status": "fail", "detail": "Backup monitoring not configured: BACKUP_STATUS_FILE is unset"}
try:
raw_timestamp = Path(backup_status_file).read_text(encoding="utf-8").strip()
except FileNotFoundError:
return {"status": "fail", "detail": f"Backup status file not found: {backup_status_file}"}
except OSError as exc:
return {"status": "fail", "detail": str(exc)}
try:
last_backup_at = float(raw_timestamp)
except ValueError:
return {"status": "fail", "detail": "Invalid backup status file"}
age_seconds = time.time() - last_backup_at
if age_seconds > BACKUP_MAX_AGE_SECONDS:
age_hours = age_seconds / 3600
return {"status": "fail", "detail": f"Last backup is {age_hours:.1f} hours old (> 48 h)"}
return {"status": "ok"}

1
apps/health/tests/__init__.py
View File

@@ -1 +0,0 @@

205
apps/health/tests/test_checks.py
View File

@@ -1,205 +0,0 @@
from __future__ import annotations
import importlib
import time
from types import SimpleNamespace
import pytest
from django.db.utils import OperationalError
from apps.health import checks
class SuccessfulCursor:
def __enter__(self):
return self
def __exit__(self, exc_type, exc, tb):
return False
def execute(self, query):
self.query = query
class FailingCursor:
def __enter__(self):
return self
def __exit__(self, exc_type, exc, tb):
return False
def execute(self, query):
raise OperationalError("database unavailable")
class FakeCache:
def __init__(self, value_to_return=None):
self.value_to_return = value_to_return
self.stored = {}
def set(self, key, value, timeout=None):
self.stored[key] = value
def get(self, key):
if self.value_to_return is not None:
return self.value_to_return
return self.stored.get(key)
def delete(self, key):
self.stored.pop(key, None)
@pytest.mark.django_db
def test_db_ok(monkeypatch):
monkeypatch.setattr(checks.connection, "cursor", lambda: SuccessfulCursor())
result = checks.check_db()
assert result["status"] == "ok"
assert "latency_ms" in result
@pytest.mark.django_db
def test_db_fail(monkeypatch):
monkeypatch.setattr(checks.connection, "cursor", lambda: FailingCursor())
result = checks.check_db()
assert result == {"status": "fail", "detail": "database unavailable"}
@pytest.mark.django_db
def test_cache_ok(monkeypatch):
monkeypatch.setattr(checks, "cache", FakeCache())
result = checks.check_cache()
assert result["status"] == "ok"
assert "latency_ms" in result
@pytest.mark.django_db
def test_cache_fail(monkeypatch):
monkeypatch.setattr(checks, "cache", FakeCache(value_to_return="wrong-value"))
result = checks.check_cache()
assert result == {"status": "fail", "detail": "Cache probe returned unexpected value"}
def test_celery_no_broker(monkeypatch):
monkeypatch.delenv("CELERY_BROKER_URL", raising=False)
result = checks.check_celery()
assert result["status"] == "ok"
assert "CELERY_BROKER_URL is unset" in result["detail"]
def test_celery_no_kombu(monkeypatch):
monkeypatch.setenv("CELERY_BROKER_URL", "redis://broker")
def raise_import_error(name):
raise ImportError(name)
monkeypatch.setattr(importlib, "import_module", raise_import_error)
result = checks.check_celery()
assert result["status"] == "ok"
assert "kombu is not installed" in result["detail"]
def test_celery_ok(monkeypatch):
monkeypatch.setenv("CELERY_BROKER_URL", "redis://broker")
class FakeBrokerConnection:
def __init__(self, url, connect_timeout):
self.url = url
self.connect_timeout = connect_timeout
def __enter__(self):
return self
def __exit__(self, exc_type, exc, tb):
return False
def ensure_connection(self, max_retries):
self.max_retries = max_retries
monkeypatch.setattr(importlib, "import_module", lambda name: SimpleNamespace(Connection=FakeBrokerConnection))
result = checks.check_celery()
assert result == {"status": "ok"}
def test_celery_fail(monkeypatch):
monkeypatch.setenv("CELERY_BROKER_URL", "redis://broker")
class BrokenBrokerConnection:
def __init__(self, url, connect_timeout):
self.url = url
self.connect_timeout = connect_timeout
def __enter__(self):
raise OSError("broker down")
def __exit__(self, exc_type, exc, tb):
return False
monkeypatch.setattr(importlib, "import_module", lambda name: SimpleNamespace(Connection=BrokenBrokerConnection))
result = checks.check_celery()
assert result == {"status": "fail", "detail": "broker down"}
def test_backup_no_env(monkeypatch):
monkeypatch.delenv("BACKUP_STATUS_FILE", raising=False)
result = checks.check_backup()
assert result["status"] == "fail"
assert "BACKUP_STATUS_FILE is unset" in result["detail"]
def test_backup_missing_file(monkeypatch, tmp_path):
status_file = tmp_path / "missing-backup-status"
monkeypatch.setenv("BACKUP_STATUS_FILE", str(status_file))
result = checks.check_backup()
assert result == {"status": "fail", "detail": f"Backup status file not found: {status_file}"}
def test_backup_fresh(monkeypatch, tmp_path):
status_file = tmp_path / "backup-status"
status_file.write_text(str(time.time() - 60), encoding="utf-8")
monkeypatch.setenv("BACKUP_STATUS_FILE", str(status_file))
result = checks.check_backup()
assert result == {"status": "ok"}
def test_backup_stale(monkeypatch, tmp_path):
status_file = tmp_path / "backup-status"
stale_timestamp = time.time() - (checks.BACKUP_MAX_AGE_SECONDS + 1)
status_file.write_text(str(stale_timestamp), encoding="utf-8")
monkeypatch.setenv("BACKUP_STATUS_FILE", str(status_file))
result = checks.check_backup()
assert result["status"] == "fail"
assert "Last backup is" in result["detail"]
def test_backup_invalid(monkeypatch, tmp_path):
status_file = tmp_path / "backup-status"
status_file.write_text("not-a-timestamp", encoding="utf-8")
monkeypatch.setenv("BACKUP_STATUS_FILE", str(status_file))
result = checks.check_backup()
assert result == {"status": "fail", "detail": "Invalid backup status file"}

103
apps/health/tests/test_views.py
View File

@@ -1,103 +0,0 @@
from __future__ import annotations
import re
import pytest
def _mock_checks(monkeypatch, **overrides):
payloads = {
"db": {"status": "ok", "latency_ms": 1.0},
"cache": {"status": "ok", "latency_ms": 1.0},
"celery": {"status": "ok"},
"backup": {"status": "ok"},
}
payloads.update(overrides)
monkeypatch.setattr("apps.health.views.check_db", lambda: payloads["db"])
monkeypatch.setattr("apps.health.views.check_cache", lambda: payloads["cache"])
monkeypatch.setattr("apps.health.views.check_celery", lambda: payloads["celery"])
monkeypatch.setattr("apps.health.views.check_backup", lambda: payloads["backup"])
@pytest.mark.django_db
def test_healthy(client, monkeypatch):
_mock_checks(monkeypatch)
response = client.get("/health/")
assert response.status_code == 200
assert response.json()["status"] == "ok"
@pytest.mark.django_db
def test_degraded_celery(client, monkeypatch):
_mock_checks(monkeypatch, celery={"status": "fail", "detail": "broker down"})
response = client.get("/health/")
assert response.status_code == 200
assert response.json()["status"] == "degraded"
@pytest.mark.django_db
def test_degraded_backup(client, monkeypatch):
_mock_checks(monkeypatch, backup={"status": "fail", "detail": "backup missing"})
response = client.get("/health/")
assert response.status_code == 200
assert response.json()["status"] == "degraded"
@pytest.mark.django_db
def test_unhealthy_db(client, monkeypatch):
_mock_checks(monkeypatch, db={"status": "fail", "detail": "db down"})
response = client.get("/health/")
assert response.status_code == 503
assert response.json()["status"] == "unhealthy"
@pytest.mark.django_db
def test_unhealthy_cache(client, monkeypatch):
_mock_checks(monkeypatch, cache={"status": "fail", "detail": "cache down"})
response = client.get("/health/")
assert response.status_code == 503
assert response.json()["status"] == "unhealthy"
@pytest.mark.django_db
def test_response_shape(client, monkeypatch):
_mock_checks(monkeypatch)
payload = client.get("/health/").json()
assert set(payload) == {"status", "version", "checks", "timestamp"}
assert set(payload["version"]) == {"git_sha", "build"}
assert set(payload["checks"]) == {"db", "cache", "celery", "backup"}
assert re.fullmatch(r"\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z", payload["timestamp"])
@pytest.mark.django_db
def test_version_fields(client, monkeypatch):
_mock_checks(monkeypatch)
monkeypatch.setenv("GIT_SHA", "59cc1c4")
monkeypatch.setenv("BUILD_ID", "build-20260306-59cc1c4")
payload = client.get("/health/").json()
assert payload["version"]["git_sha"] == "59cc1c4"
assert payload["version"]["build"] == "build-20260306-59cc1c4"
@pytest.mark.django_db
def test_no_cache_headers(client, monkeypatch):
_mock_checks(monkeypatch)
response = client.get("/health/")
assert "no-cache" in response["Cache-Control"]

7
apps/health/urls.py
View File

@@ -1,7 +0,0 @@
from django.urls import path
from apps.health.views import health_view
urlpatterns = [
path("", health_view, name="health"),
]

42
apps/health/views.py
View File

@@ -1,42 +0,0 @@
from __future__ import annotations
import os
from collections.abc import Mapping
from datetime import UTC, datetime
from typing import cast
from django.http import JsonResponse
from django.views.decorators.cache import never_cache
from apps.health.checks import check_backup, check_cache, check_celery, check_db
CRITICAL_CHECKS = {"db", "cache"}
@never_cache
def health_view(request):
checks: dict[str, Mapping[str, object]] = {
"db": check_db(),
"cache": check_cache(),
"celery": check_celery(),
"backup": check_backup(),
}
if any(cast(str, checks[name]["status"]) == "fail" for name in CRITICAL_CHECKS):
overall_status = "unhealthy"
elif any(cast(str, check["status"]) == "fail" for check in checks.values()):
overall_status = "degraded"
else:
overall_status = "ok"
payload = {
"status": overall_status,
"version": {
"git_sha": os.environ.get("GIT_SHA", "unknown"),
"build": os.environ.get("BUILD_ID", "unknown"),
},
"checks": checks,
"timestamp": datetime.now(UTC).strftime("%Y-%m-%dT%H:%M:%SZ"),
}
response_status = 503 if overall_status == "unhealthy" else 200
return JsonResponse(payload, status=response_status)

9
config/settings/base.py
View File

@@ -48,8 +48,6 @@ INSTALLED_APPS = [
"wagtailseo", "wagtailseo",
"tailwind", "tailwind",
"theme", "theme",
"django_htmx",
"apps.health",
"apps.core", "apps.core",
"apps.blog", "apps.blog",
"apps.authors", "apps.authors",
@@ -67,9 +65,7 @@ MIDDLEWARE = [
"django.middleware.csrf.CsrfViewMiddleware", "django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware", "django.contrib.messages.middleware.MessageMiddleware",
"apps.core.middleware.AdminMessageGuardMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware",
"django_htmx.middleware.HtmxMiddleware",
"wagtail.contrib.redirects.middleware.RedirectMiddleware", "wagtail.contrib.redirects.middleware.RedirectMiddleware",
"apps.core.middleware.ConsentMiddleware", "apps.core.middleware.ConsentMiddleware",
] ]
@@ -158,11 +154,6 @@ STORAGES = {
TAILWIND_APP_NAME = "theme" TAILWIND_APP_NAME = "theme"
# Cloudflare Turnstile (comment spam protection)
TURNSTILE_SITE_KEY = os.getenv("TURNSTILE_SITE_KEY", "")
TURNSTILE_SECRET_KEY = os.getenv("TURNSTILE_SECRET_KEY", "")
TURNSTILE_EXPECTED_HOSTNAME = os.getenv("TURNSTILE_EXPECTED_HOSTNAME", "")
WAGTAILSEARCH_BACKENDS = { WAGTAILSEARCH_BACKENDS = {
"default": { "default": {
"BACKEND": "wagtail.search.backends.database", "BACKEND": "wagtail.search.backends.database",

1
config/urls.py
View File

@@ -15,7 +15,6 @@ urlpatterns = [
path("cms/", include("wagtail.admin.urls")), path("cms/", include("wagtail.admin.urls")),
path("documents/", include("wagtail.documents.urls")), path("documents/", include("wagtail.documents.urls")),
path("comments/", include("apps.comments.urls")), path("comments/", include("apps.comments.urls")),
path("health/", include("apps.health.urls")),
path("newsletter/", include("apps.newsletter.urls")), path("newsletter/", include("apps.newsletter.urls")),
path("consent/", consent_view, name="consent"), path("consent/", consent_view, name="consent"),
path("robots.txt", robots_txt, name="robots_txt"), path("robots.txt", robots_txt, name="robots_txt"),

47
deploy/caddy/nohype.caddy
View File

@@ -1,26 +1,23 @@
www.nohypeai.net { nohypeai.net, www.nohypeai.net {
redir https://nohypeai.net{uri} permanent encode gzip zstd
}
header {
nohypeai.net { X-Content-Type-Options nosniff
encode gzip zstd X-Frame-Options DENY
Referrer-Policy strict-origin-when-cross-origin
header { Permissions-Policy "geolocation=(), microphone=(), camera=()"
X-Content-Type-Options nosniff X-Forwarded-Proto https
Referrer-Policy strict-origin-when-cross-origin }
Permissions-Policy "geolocation=(), microphone=(), camera=()"
X-Forwarded-Proto https handle_path /static/* {
} root * /srv/sum/nohype/static
file_server
handle_path /static/* { }
root * /srv/sum/nohype/static
file_server handle_path /media/* {
} root * /srv/sum/nohype/media
file_server
handle_path /media/* { }
root * /srv/sum/nohype/media
file_server reverse_proxy localhost:8001
}
reverse_proxy localhost:8001
} }

6
deploy/deploy.sh
View File

@@ -11,10 +11,6 @@ cd "${SITE_DIR}"
echo "==> Pulling latest code" echo "==> Pulling latest code"
git -C "${APP_DIR}" pull origin main git -C "${APP_DIR}" pull origin main
GIT_SHA=$(git -C "${APP_DIR}" rev-parse --short HEAD)
BUILD_ID="build-$(date +%Y%m%d)-${GIT_SHA}"
export GIT_SHA BUILD_ID
echo "==> Updating compose file" echo "==> Updating compose file"
cp "${APP_DIR}/docker-compose.prod.yml" "${SITE_DIR}/docker-compose.prod.yml" cp "${APP_DIR}/docker-compose.prod.yml" "${SITE_DIR}/docker-compose.prod.yml"
@@ -26,7 +22,7 @@ docker compose -f "${SITE_DIR}/docker-compose.prod.yml" up -d --no-deps --build
echo "==> Waiting for health check" echo "==> Waiting for health check"
for i in $(seq 1 30); do for i in $(seq 1 30); do
if curl -fsS -H "Host: nohypeai.net" http://localhost:8001/health/ >/dev/null 2>&1; then if curl -fsS -H "Host: nohypeai.net" http://localhost:8001/ >/dev/null 2>&1; then
echo "==> Site is up" echo "==> Site is up"
exit 0 exit 0
fi fi

9
deploy/entrypoint.prod.sh
View File

@@ -7,16 +7,11 @@ python manage.py migrate --noinput
python manage.py collectstatic --noinput python manage.py collectstatic --noinput
python manage.py update_index python manage.py update_index
# Set Wagtail site hostname from WAGTAILADMIN_BASE_URL when available. # Set Wagtail site hostname from first entry in ALLOWED_HOSTS
# This keeps preview/page URLs on the same origin as the admin host.
python manage.py shell -c " python manage.py shell -c "
from wagtail.models import Site from wagtail.models import Site
import os import os
from urllib.parse import urlparse hostname = os.environ.get('ALLOWED_HOSTS', 'localhost').split(',')[0].strip()
admin_base = os.environ.get('WAGTAILADMIN_BASE_URL', '').strip()
parsed = urlparse(admin_base) if admin_base else None
hostname = parsed.hostname if parsed and parsed.hostname else os.environ.get('ALLOWED_HOSTS', 'localhost').split(',')[0].strip()
Site.objects.update(hostname=hostname, port=443, site_name='No Hype AI') Site.objects.update(hostname=hostname, port=443, site_name='No Hype AI')
" "

8
docker-compose.prod.yml
View File

@@ -1,18 +1,12 @@
services: services:
web: web:
build: build: app
context: app
args:
GIT_SHA: ${GIT_SHA:-unknown}
BUILD_ID: ${BUILD_ID:-unknown}
working_dir: /app working_dir: /app
command: /app/deploy/entrypoint.prod.sh command: /app/deploy/entrypoint.prod.sh
env_file: .env env_file: .env
environment: environment:
BACKUP_STATUS_FILE: /srv/sum/nohype/backup_status
DJANGO_SETTINGS_MODULE: config.settings.production DJANGO_SETTINGS_MODULE: config.settings.production
volumes: volumes:
- /srv/sum/nohype:/srv/sum/nohype:ro
- /srv/sum/nohype/static:/app/staticfiles - /srv/sum/nohype/static:/app/staticfiles
- /srv/sum/nohype/media:/app/media - /srv/sum/nohype/media:/app/media
ports: ports:

19
e2e/test_comments.py
View File

@@ -23,12 +23,12 @@ def _submit_comment(page: Page, *, name: str = "E2E Tester", email: str = "e2e@e
@pytest.mark.e2e @pytest.mark.e2e
def test_valid_comment_shows_moderation_message(page: Page, base_url: str) -> None: def test_valid_comment_shows_moderation_message(page: Page, base_url: str) -> None:
"""Successful comment submission must show the awaiting-moderation message.""" """Successful comment submission must show the awaiting-moderation banner."""
_go_to_article(page, base_url) _go_to_article(page, base_url)
_submit_comment(page, body="This is a test comment from Playwright.") _submit_comment(page, body="This is a test comment from Playwright.")
# HTMX swaps the form container inline — wait for the moderation message page.wait_for_url(lambda url: "commented=1" in url, timeout=10_000)
expect(page.get_by_text("awaiting moderation")).to_be_visible(timeout=10_000) expect(page.get_by_text("Your comment is awaiting moderation")).to_be_visible()
@pytest.mark.e2e @pytest.mark.e2e
@@ -38,8 +38,7 @@ def test_valid_comment_not_immediately_visible(page: Page, base_url: str) -> Non
unique_body = "Unique unmoderated comment body xq7z" unique_body = "Unique unmoderated comment body xq7z"
_submit_comment(page, body=unique_body) _submit_comment(page, body=unique_body)
# Wait for HTMX response to settle page.wait_for_url(lambda url: "commented=1" in url, timeout=10_000)
expect(page.get_by_text("awaiting moderation")).to_be_visible(timeout=10_000)
expect(page.get_by_text(unique_body)).not_to_be_visible() expect(page.get_by_text(unique_body)).not_to_be_visible()
@@ -49,7 +48,7 @@ def test_empty_body_shows_form_errors(page: Page, base_url: str) -> None:
_submit_comment(page, body=" ") # whitespace-only body _submit_comment(page, body=" ") # whitespace-only body
page.wait_for_load_state("networkidle") page.wait_for_load_state("networkidle")
expect(page.locator('[aria-label="Comment form errors"]')).to_be_visible(timeout=10_000) expect(page.locator('[aria-label="Comment form errors"]')).to_be_visible()
assert "commented=1" not in page.url assert "commented=1" not in page.url
@@ -79,8 +78,8 @@ def test_reply_form_visible_on_approved_comment(page: Page, base_url: str) -> No
@pytest.mark.e2e @pytest.mark.e2e
def test_reply_submission_shows_moderation_message(page: Page, base_url: str) -> None: def test_reply_submission_redirects(page: Page, base_url: str) -> None:
"""Submitting a reply to an approved comment should show moderation message.""" """Submitting a reply to an approved comment should redirect with commented=1."""
_go_to_article(page, base_url) _go_to_article(page, base_url)
# Click the Reply toggle (summary element) # Click the Reply toggle (summary element)
@@ -98,8 +97,8 @@ def test_reply_submission_shows_moderation_message(page: Page, base_url: str) ->
reply_container.locator('textarea[name="body"]').fill("This is a test reply.") reply_container.locator('textarea[name="body"]').fill("This is a test reply.")
post_reply_btn.click() post_reply_btn.click()
# HTMX swaps the reply form container inline page.wait_for_url(lambda url: "commented=1" in url, timeout=10_000)
expect(page.get_by_text("awaiting moderation")).to_be_visible(timeout=10_000) expect(page.get_by_text("Your comment is awaiting moderation")).to_be_visible()
@pytest.mark.e2e @pytest.mark.e2e

4
pyproject.toml
View File

@@ -28,10 +28,6 @@ ignore_missing_imports = true
module = ["apps.authors.models"] module = ["apps.authors.models"]
ignore_errors = true ignore_errors = true
[[tool.mypy.overrides]]
module = ["apps.comments.views"]
ignore_errors = true
[tool.django-stubs] [tool.django-stubs]
django_settings_module = "config.settings.development" django_settings_module = "config.settings.development"

2
requirements/base.txt
View File

@@ -10,8 +10,6 @@ python-dotenv~=1.0.0
dj-database-url~=2.2.0 dj-database-url~=2.2.0
django-tailwind~=3.8.0 django-tailwind~=3.8.0
django-csp~=3.8.0 django-csp~=3.8.0
django-htmx~=1.21.0
requests~=2.32.0
pytest~=8.3.0 pytest~=8.3.0
pytest-django~=4.9.0 pytest-django~=4.9.0
pytest-cov~=5.0.0 pytest-cov~=5.0.0

91
static/js/comments.js
View File

@@ -1,91 +0,0 @@
(function () {
function renderTurnstileWidgets(root) {
if (!root || !window.turnstile || typeof window.turnstile.render !== "function") {
return;
}
const widgets = [];
if (root.matches && root.matches(".cf-turnstile")) {
widgets.push(root);
}
if (root.querySelectorAll) {
widgets.push(...root.querySelectorAll(".cf-turnstile"));
}
widgets.forEach(function (widget) {
if (widget.dataset.turnstileRendered === "true") {
return;
}
if (widget.querySelector("iframe")) {
widget.dataset.turnstileRendered = "true";
return;
}
const sitekey = widget.dataset.sitekey;
if (!sitekey) {
return;
}
const options = {
sitekey: sitekey,
theme: widget.dataset.theme || "auto",
};
if (widget.dataset.size) {
options.size = widget.dataset.size;
}
if (widget.dataset.action) {
options.action = widget.dataset.action;
}
if (widget.dataset.appearance) {
options.appearance = widget.dataset.appearance;
}
window.turnstile.render(widget, options);
widget.dataset.turnstileRendered = "true";
});
}
function syncCommentsEmptyState() {
const emptyState = document.getElementById("comments-empty-state");
const commentsList = document.getElementById("comments-list");
if (!emptyState || !commentsList) {
return;
}
const hasComments = commentsList.querySelector("[data-comment-item='true']") !== null;
emptyState.classList.toggle("hidden", hasComments);
}
function onTurnstileReady(root) {
if (!window.turnstile || typeof window.turnstile.ready !== "function") {
return;
}
window.turnstile.ready(function () {
renderTurnstileWidgets(root || document);
});
}
document.addEventListener("DOMContentLoaded", function () {
syncCommentsEmptyState();
onTurnstileReady(document);
});
document.addEventListener("htmx:afterSwap", function (event) {
const target = event.detail && event.detail.target ? event.detail.target : document;
syncCommentsEmptyState();
onTurnstileReady(target);
});
document.addEventListener("toggle", function (event) {
const details = event.target;
if (!details || details.tagName !== "DETAILS" || !details.open) {
return;
}
onTurnstileReady(details);
});
window.addEventListener("load", function () {
syncCommentsEmptyState();
onTurnstileReady(document);
});
})();

1
static/js/htmx.min.js vendored
View File

File diff suppressed because one or more lines are too long

12
templates/base.html
View File

@@ -18,14 +18,18 @@
<script src="{% static 'js/theme.js' %}" defer></script> <script src="{% static 'js/theme.js' %}" defer></script>
<script src="{% static 'js/prism.js' %}" defer></script> <script src="{% static 'js/prism.js' %}" defer></script>
<script src="{% static 'js/newsletter.js' %}" defer></script> <script src="{% static 'js/newsletter.js' %}" defer></script>
<script src="{% static 'js/comments.js' %}" defer></script>
<script src="{% static 'js/htmx.min.js' %}" nonce="{{ request.csp_nonce|default:'' }}" defer></script>
{% if turnstile_site_key %}<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer nonce="{{ request.csp_nonce|default:'' }}"></script>{% endif %}
</head> </head>
<body class="bg-brand-light dark:bg-brand-dark text-brand-dark dark:text-brand-light antialiased min-h-screen flex flex-col relative" hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'> <body class="bg-brand-light dark:bg-brand-dark text-brand-dark dark:text-brand-light antialiased min-h-screen flex flex-col relative">
<div class="fixed inset-0 bg-grid-pattern pointer-events-none z-[-1]"></div> <div class="fixed inset-0 bg-grid-pattern pointer-events-none z-[-1]"></div>
{% include 'components/nav.html' %} {% include 'components/nav.html' %}
{% include 'components/cookie_banner.html' %} {% include 'components/cookie_banner.html' %}
{% if messages %}
<section aria-label="Messages" class="max-w-7xl mx-auto px-6 py-2">
{% for message in messages %}
<p class="font-mono text-sm py-2 px-4 bg-brand-cyan/10 text-brand-cyan border border-brand-cyan/20 mb-2">{{ message }}</p>
{% endfor %}
</section>
{% endif %}
<main class="flex-grow w-full max-w-7xl mx-auto px-6 py-8">{% block content %}{% endblock %}</main> <main class="flex-grow w-full max-w-7xl mx-auto px-6 py-8">{% block content %}{% endblock %}</main>
{% include 'components/footer.html' %} {% include 'components/footer.html' %}
</body> </body>

156
templates/blog/article_page.html
View File

@@ -139,28 +139,148 @@
<!-- Comments --> <!-- Comments -->
{% if page.comments_enabled %} {% if page.comments_enabled %}
<section class="mt-16 pt-12 border-t border-zinc-200 dark:border-zinc-800"> <section class="mt-20 pt-16 border-t border-zinc-200 dark:border-zinc-800">
<div class="h-1 w-24 bg-gradient-to-r from-brand-cyan to-brand-pink mb-6"></div> <div class="flex items-baseline justify-between mb-10">
<h2 class="font-display font-bold text-3xl">Comments</h2> <h2 class="font-display font-bold text-4xl tracking-tight">Comments</h2>
<p class="mt-2 mb-6 font-mono text-xs uppercase tracking-wider text-zinc-500"> <span class="font-mono text-sm text-zinc-500 uppercase tracking-widest">{{ approved_comments|length }} response{{ approved_comments|length|pluralize }}</span>
{{ approved_comments|length }} public comment{{ approved_comments|length|pluralize }} </div>
</p>
{% if request.GET.commented %} {% if approved_comments %}
<div class="mb-6 rounded-md border border-brand-cyan/20 bg-brand-cyan/10 px-4 py-3 font-mono text-sm text-brand-cyan"> <div class="space-y-12 mb-16">
{% if request.GET.commented == "approved" %} {% for comment in approved_comments %}
Comment posted! <div class="group">
{% else %} <!-- Top-level Comment -->
Your comment has been posted and is awaiting moderation. <article id="comment-{{ comment.id }}" class="relative bg-brand-surfaceLight dark:bg-brand-surfaceDark border border-zinc-200 dark:border-zinc-800 p-6 sm:p-8 hover:border-brand-pink/30 transition-colors">
{% endif %} <div class="flex items-start gap-4 mb-4">
<div class="w-10 h-10 bg-gradient-to-tr from-brand-cyan to-brand-pink shrink-0 rounded-sm shadow-solid-dark/10 dark:shadow-solid-light/5"></div>
<div class="flex-1 min-w-0">
<div class="flex flex-wrap items-baseline gap-x-3 gap-y-1">
<span class="font-display font-bold text-base text-zinc-900 dark:text-zinc-100">{{ comment.author_name }}</span>
<time datetime="{{ comment.created_at|date:'c' }}" class="font-mono text-xs text-zinc-500 uppercase tracking-wider">{{ comment.created_at|date:"M j, Y" }}</time>
</div>
<div class="mt-3 prose prose-sm dark:prose-invert max-w-none text-zinc-700 dark:text-zinc-300 leading-relaxed">
{{ comment.body|linebreaks }}
</div>
</div>
</div>
<details class="group/details mt-6">
<summary class="list-none cursor-pointer flex items-center gap-2 font-mono text-xs font-bold uppercase tracking-widest text-zinc-500 hover:text-brand-pink transition-colors [&::-webkit-details-marker]:hidden">
<svg class="w-4 h-4 transition-transform group-open/details:-translate-y-0.5 group-open/details:translate-x-0.5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 10h10a8 8 0 018 8v2M3 10l6 6m-6-6l6-6" />
</svg>
<span class="group-open/details:hidden">Reply</span>
<span class="hidden group-open/details:inline text-brand-pink">Cancel Reply</span>
</summary>
<!-- Inline Reply Form -->
<div class="mt-8 pt-8 border-t border-zinc-100 dark:border-zinc-800 animate-in fade-in slide-in-from-top-2 duration-300">
<h4 class="font-display font-bold text-sm mb-4 uppercase tracking-wider">Reply to {{ comment.author_name }}</h4>
<form method="post" action="{% url 'comment_post' %}" class="space-y-4">
{% csrf_token %}
<input type="hidden" name="article_id" value="{{ page.id }}" />
<input type="hidden" name="parent_id" value="{{ comment.id }}" />
<div class="grid grid-cols-1 sm:grid-cols-2 gap-4">
<input type="text" name="author_name" required placeholder="Name *"
class="bg-zinc-50 dark:bg-zinc-900 border border-zinc-200 dark:border-zinc-800 px-4 py-2 font-mono text-sm focus:outline-none focus:border-brand-pink focus:ring-1 focus:ring-brand-pink transition-all" />
<input type="email" name="author_email" required placeholder="Email *"
class="bg-zinc-50 dark:bg-zinc-900 border border-zinc-200 dark:border-zinc-800 px-4 py-2 font-mono text-sm focus:outline-none focus:border-brand-pink focus:ring-1 focus:ring-brand-pink transition-all" />
</div>
<textarea name="body" required placeholder="Your reply..." rows="3"
class="w-full bg-zinc-50 dark:bg-zinc-900 border border-zinc-200 dark:border-zinc-800 px-4 py-2 font-mono text-sm focus:outline-none focus:border-brand-pink focus:ring-1 focus:ring-brand-pink transition-all resize-none"></textarea>
<input type="text" name="honeypot" hidden />
<div class="flex justify-end gap-3">
<button type="submit" data-testid="post-reply-btn" class="px-6 py-2 bg-brand-pink text-white font-display font-bold text-sm shadow-solid-dark hover:-translate-y-0.5 hover:shadow-solid-dark/80 transition-all active:translate-y-0">Post Reply</button>
</div>
</form>
</div>
</details>
</article>
<!-- Nested Replies -->
{% if comment.replies.all %}
<div class="relative ml-6 sm:ml-12 mt-4 space-y-4 pl-6 sm:pl-8 border-l-2 border-zinc-100 dark:border-zinc-800">
{% for reply in comment.replies.all %}
<article id="comment-{{ reply.id }}" class="bg-zinc-50/50 dark:bg-zinc-900/30 border border-zinc-100 dark:border-zinc-800 p-5 sm:p-6">
<div class="flex items-start gap-3 mb-3">
<div class="w-8 h-8 bg-gradient-to-tr from-brand-pink to-brand-cyan shrink-0 rounded-sm"></div>
<div class="flex-1 min-w-0">
<div class="flex flex-wrap items-baseline gap-x-2">
<span class="font-display font-bold text-sm text-zinc-900 dark:text-zinc-100">{{ reply.author_name }}</span>
<time datetime="{{ reply.created_at|date:'c' }}" class="font-mono text-[10px] text-zinc-400 uppercase tracking-wider">{{ reply.created_at|date:"M j, Y" }}</time>
</div>
<div class="mt-2 prose prose-sm dark:prose-invert max-w-none text-zinc-600 dark:text-zinc-400 leading-relaxed text-sm">
{{ reply.body|linebreaks }}
</div>
</div>
</div>
</article>
{% endfor %}
</div>
{% endif %}
</div>
{% endfor %}
</div>
{% else %}
<div class="bg-zinc-50 dark:bg-zinc-900/50 border-2 border-dashed border-zinc-200 dark:border-zinc-800 p-12 text-center mb-16">
<p class="font-mono text-sm text-zinc-500 uppercase tracking-widest">No comments yet. Be the first to join the conversation.</p>
</div> </div>
{% endif %} {% endif %}
{% include "comments/_comment_list.html" %} <!-- New Comment Form Section -->
<div id="comments-empty-state" class="mb-8 rounded-md border border-zinc-200 bg-zinc-50 p-4 text-center dark:border-zinc-800 dark:bg-zinc-900/40 {% if approved_comments %}hidden{% endif %}"> <div class="relative bg-zinc-900 text-white dark:bg-white dark:text-zinc-900 p-8 sm:p-12 shadow-solid-pink">
<p class="font-mono text-sm text-zinc-500">No comments yet. Be the first to comment.</p> <div class="max-w-2xl">
</div> <h3 class="font-display font-bold text-3xl mb-2">Join the conversation</h3>
<p class="font-mono text-sm text-zinc-400 dark:text-zinc-500 mb-10 uppercase tracking-widest">Add your fresh comment below</p>
{% include "comments/_comment_form.html" %} {% if comment_form and comment_form.errors %}
<div aria-label="Comment form errors" class="mb-8 p-4 bg-red-500/10 border border-red-500/20 font-mono text-sm text-red-400">
<div class="font-bold mb-2 uppercase tracking-widest text-xs">There were some errors:</div>
<ul class="list-disc list-inside">
{% if comment_form.non_field_errors %}
{% for error in comment_form.non_field_errors %}<li>{{ error }}</li>{% endfor %}
{% endif %}
{% for field in comment_form %}
{% if field.errors %}
{% for error in field.errors %}<li>{{ field.label }}: {{ error }}</li>{% endfor %}
{% endif %}
{% endfor %}
</ul>
</div>
{% endif %}
<form method="post" action="{% url 'comment_post' %}" data-comment-form class="space-y-6">
{% csrf_token %}
<input type="hidden" name="article_id" value="{{ page.id }}" />
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<div class="space-y-2">
<label class="block font-mono text-[10px] uppercase tracking-[0.2em] opacity-60">Full Name</label>
<input type="text" name="author_name" value="{% if comment_form %}{{ comment_form.author_name.value|default:'' }}{% endif %}" required
class="w-full bg-white/5 dark:bg-black/5 border-b-2 border-white/20 dark:border-black/20 px-0 py-2 font-mono text-sm focus:outline-none focus:border-brand-pink transition-colors" />
</div>
<div class="space-y-2">
<label class="block font-mono text-[10px] uppercase tracking-[0.2em] opacity-60">Email Address</label>
<input type="email" name="author_email" value="{% if comment_form %}{{ comment_form.author_email.value|default:'' }}{% endif %}" required
class="w-full bg-white/5 dark:bg-black/5 border-b-2 border-white/20 dark:border-black/20 px-0 py-2 font-mono text-sm focus:outline-none focus:border-brand-pink transition-colors" />
</div>
</div>
<div class="space-y-2">
<label class="block font-mono text-[10px] uppercase tracking-[0.2em] opacity-60">Your Thoughts</label>
<textarea name="body" required rows="5"
class="w-full bg-white/5 dark:bg-black/5 border-b-2 border-white/20 dark:border-black/20 px-0 py-2 font-mono text-sm focus:outline-none focus:border-brand-pink transition-colors resize-none">{% if comment_form %}{{ comment_form.body.value|default:'' }}{% endif %}</textarea>
</div>
<input type="text" name="honeypot" hidden />
<div class="pt-4">
<button type="submit" class="group relative inline-flex items-center gap-3 px-8 py-4 bg-brand-pink text-white font-display font-bold uppercase tracking-widest text-sm hover:-translate-y-1 transition-all active:translate-y-0">
<span>Post comment</span>
<svg class="w-4 h-4 transition-transform group-hover:translate-x-1" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M14 5l7 7m0 0l-7 7m7-7H3" />
</svg>
</button>
</div>
</form>
</div>
</div>
</section> </section>
{% endif %} {% endif %}
{% endblock %} {% endblock %}

38
templates/comments/_comment.html
View File

@@ -1,38 +0,0 @@
<div class="group">
<article
id="comment-{{ comment.id }}"
data-comment-item="true"
class="rounded-lg border border-zinc-200 bg-brand-surfaceLight p-5 shadow-sm transition-colors hover:border-zinc-300 dark:border-zinc-800 dark:bg-brand-surfaceDark dark:hover:border-zinc-700 sm:p-6"
>
<header class="mb-3 flex flex-wrap items-center gap-x-3 gap-y-1">
<span class="font-display text-base font-bold text-zinc-900 dark:text-zinc-100">{{ comment.author_name }}</span>
<time datetime="{{ comment.created_at|date:'c' }}" class="font-mono text-[11px] uppercase tracking-wider text-zinc-500">
{{ comment.created_at|date:"M j, Y" }}
</time>
</header>
<div class="prose prose-sm mt-2 max-w-none leading-relaxed text-zinc-700 dark:prose-invert dark:text-zinc-300">
{{ comment.body|linebreaks }}
</div>
<div class="mt-5 border-t border-zinc-100 pt-4 dark:border-zinc-800">
{% include "comments/_reactions.html" with comment=comment counts=comment.reaction_counts user_reacted=comment.user_reacted %}
<details class="group/details mt-3">
<summary class="list-none cursor-pointer font-mono text-xs font-bold uppercase tracking-wider text-zinc-500 transition-colors hover:text-brand-cyan [&::-webkit-details-marker]:hidden">
<span class="group-open/details:hidden">Reply</span>
<span class="hidden group-open/details:inline">Cancel reply</span>
</summary>
<div class="mt-4 rounded-md border border-zinc-200 bg-white p-4 dark:border-zinc-700 dark:bg-zinc-950">
{% include "comments/_reply_form.html" with page=page comment=comment %}
</div>
</details>
</div>
</article>
<div id="replies-for-{{ comment.id }}" class="replies-container mt-3 space-y-3 border-l-2 border-zinc-100 pl-4 sm:ml-8 sm:pl-6 dark:border-zinc-800">
{% for reply in comment.replies.all %}
{% include "comments/_reply.html" with reply=reply %}
{% endfor %}
</div>
</div>

98
templates/comments/_comment_form.html
View File

@@ -1,98 +0,0 @@
{% load static %}
<div id="comment-form-container" class="rounded-lg border border-zinc-200 bg-brand-surfaceLight p-6 shadow-sm dark:border-zinc-800 dark:bg-brand-surfaceDark sm:p-8">
<div class="max-w-3xl">
<h3 class="font-display text-2xl font-bold text-zinc-900 dark:text-zinc-100">Leave a comment</h3>
<p class="mt-1 font-mono text-xs uppercase tracking-wider text-zinc-500">
Keep it constructive. Your email will not be shown publicly.
</p>
{% if success_message %}
<div class="mt-5 rounded-md border border-brand-cyan/30 bg-brand-cyan/10 p-3 font-mono text-sm text-brand-cyan">
{{ success_message }}
</div>
{% endif %}
{% if comment_form.errors %}
<div aria-label="Comment form errors" class="mt-5 rounded-md border border-red-500/30 bg-red-500/10 p-4 font-mono text-sm text-red-500">
<div class="mb-2 text-xs font-bold uppercase tracking-wider">There were some errors:</div>
<ul class="list-disc list-inside space-y-1">
{% if comment_form.non_field_errors %}
{% for error in comment_form.non_field_errors %}<li>{{ error }}</li>{% endfor %}
{% endif %}
{% for field in comment_form %}
{% if field.errors %}
{% for error in field.errors %}<li>{{ field.label }}: {{ error }}</li>{% endfor %}
{% endif %}
{% endfor %}
</ul>
</div>
{% endif %}
<form
method="post"
action="{% url 'comment_post' %}"
data-comment-form
class="mt-6 space-y-5"
hx-post="{% url 'comment_post' %}"
hx-target="#comment-form-container"
hx-swap="outerHTML"
>
{% csrf_token %}
<input type="hidden" name="article_id" value="{{ page.id }}" />
<div class="grid grid-cols-1 gap-4 sm:grid-cols-2">
<div>
<label for="comment-author-name" class="mb-1 block font-mono text-xs font-semibold uppercase tracking-wider text-zinc-500">Name</label>
<input
id="comment-author-name"
type="text"
name="author_name"
value="{% if comment_form %}{{ comment_form.author_name.value|default:'' }}{% endif %}"
required
class="w-full rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm text-zinc-900 focus:border-brand-cyan focus:outline-none focus:ring-2 focus:ring-brand-cyan/30 dark:border-zinc-700 dark:bg-zinc-950 dark:text-zinc-100"
/>
</div>
<div>
<label for="comment-author-email" class="mb-1 block font-mono text-xs font-semibold uppercase tracking-wider text-zinc-500">Email</label>
<input
id="comment-author-email"
type="email"
name="author_email"
value="{% if comment_form %}{{ comment_form.author_email.value|default:'' }}{% endif %}"
required
class="w-full rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm text-zinc-900 focus:border-brand-cyan focus:outline-none focus:ring-2 focus:ring-brand-cyan/30 dark:border-zinc-700 dark:bg-zinc-950 dark:text-zinc-100"
/>
</div>
</div>
<div>
<label for="comment-body" class="mb-1 block font-mono text-xs font-semibold uppercase tracking-wider text-zinc-500">Comment</label>
<textarea
id="comment-body"
name="body"
required
rows="5"
class="w-full rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm text-zinc-900 focus:border-brand-cyan focus:outline-none focus:ring-2 focus:ring-brand-cyan/30 dark:border-zinc-700 dark:bg-zinc-950 dark:text-zinc-100"
>{% if comment_form %}{{ comment_form.body.value|default:'' }}{% endif %}</textarea>
</div>
<input type="text" name="honeypot" hidden />
{% if turnstile_site_key %}
<div class="cf-turnstile" data-sitekey="{{ turnstile_site_key }}" data-theme="auto"></div>
{% endif %}
<div class="pt-4">
<button
type="submit"
class="group relative inline-flex items-center gap-3 px-8 py-4 bg-brand-pink text-white font-display font-bold uppercase tracking-widest text-sm hover:-translate-y-1 transition-all active:translate-y-0"
>
<span>Post comment</span>
<svg class="w-4 h-4 transition-transform group-hover:translate-x-1" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M14 5l7 7m0 0l-7 7m7-7H3" />
</svg>
</button>
</div>
</form>
</div>
</div>

6
templates/comments/_comment_list.html
View File

@@ -1,6 +0,0 @@
<div id="comments-list" class="space-y-6 mb-8"
hx-get="{% url 'comment_poll' article_id=page.id %}" hx-trigger="every 30s" hx-swap="innerHTML">
{% for comment in approved_comments %}
{% include "comments/_comment.html" with comment=comment page=page %}
{% endfor %}
</div>

3
templates/comments/_comment_list_inner.html
View File

@@ -1,3 +0,0 @@
{% for comment in approved_comments %}
{% include "comments/_comment.html" with comment=comment page=page %}
{% endfor %}

3
templates/comments/_comment_success.html
View File

@@ -1,3 +0,0 @@
<div id="comment-notice" class="mb-4 p-3 font-mono text-sm bg-brand-cyan/10 text-brand-cyan border border-brand-cyan/20">
{{ message|default:"Your comment has been posted and is awaiting moderation." }}
</div>

12
templates/comments/_reactions.html
View File

@@ -1,12 +0,0 @@
<div class="flex gap-3 mt-3 items-center" id="reactions-{{ comment.id }}">
<button hx-post="{% url 'comment_react' comment.id %}" hx-target="#reactions-{{ comment.id }}" hx-swap="outerHTML"
hx-vals='{"reaction_type": "heart"}' class="flex items-center gap-1 font-mono text-xs {% if 'heart' in user_reacted %}text-brand-pink{% else %}text-zinc-400 hover:text-brand-pink{% endif %} transition-colors hover:scale-110 transition-transform">
<svg class="w-4 h-4" fill="{% if 'heart' in user_reacted %}currentColor{% else %}none{% endif %}" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" xmlns="http://www.w3.org/2000/svg"><path stroke-linecap="round" stroke-linejoin="round" d="M21 8.25c0-2.485-2.099-4.5-4.688-4.5-1.935 0-3.597 1.126-4.312 2.733-.715-1.607-2.377-2.733-4.313-2.733C5.1 3.75 3 5.765 3 8.25c0 7.22 9 12 9 12s9-4.78 9-12Z" /></svg>
<span>{{ counts.heart|default:"0" }}</span>
</button>
<button hx-post="{% url 'comment_react' comment.id %}" hx-target="#reactions-{{ comment.id }}" hx-swap="outerHTML"
hx-vals='{"reaction_type": "plus_one"}' class="flex items-center gap-1 font-mono text-xs {% if 'plus_one' in user_reacted %}text-brand-cyan{% else %}text-zinc-400 hover:text-brand-cyan{% endif %} transition-colors hover:scale-110 transition-transform">
<svg class="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" xmlns="http://www.w3.org/2000/svg"><path stroke-linecap="round" stroke-linejoin="round" d="M6.633 10.25c.806 0 1.533-.446 2.031-1.08a9.041 9.041 0 0 1 2.861-2.4c.723-.384 1.35-.956 1.653-1.715a4.498 4.498 0 0 0 .322-1.672V2.75a.75.75 0 0 1 .75-.75 2.25 2.25 0 0 1 2.25 2.25c0 1.152-.26 2.243-.723 3.218-.266.558.107 1.282.725 1.282m0 0h3.126c1.026 0 1.945.694 2.054 1.715.045.422.068.85.068 1.285a11.95 11.95 0 0 1-2.649 7.521c-.388.482-.987.729-1.605.729H13.48c-.483 0-.964-.078-1.423-.23l-3.114-1.04a4.501 4.501 0 0 0-1.423-.23H5.904m10.598-9.75H14.25M5.904 18.5c.083.205.173.405.27.602.197.4-.078.898-.523.898h-.908c-.889 0-1.713-.518-1.972-1.368a12 12 0 0 1-.521-3.507c0-1.553.295-3.036.831-4.398C3.387 9.953 4.167 9.5 5 9.5h1.053c.472 0 .745.556.5.96a8.958 8.958 0 0 0-1.302 4.665c0 1.194.232 2.333.654 3.375Z" /></svg>
<span>{{ counts.plus_one|default:"0" }}</span>
</button>
</div>

9
templates/comments/_reply.html
View File

@@ -1,9 +0,0 @@
<article id="comment-{{ reply.id }}" class="rounded-md border border-zinc-200 bg-zinc-50 p-4 dark:border-zinc-800 dark:bg-zinc-900/40">
<header class="mb-2 flex flex-wrap items-center gap-x-2 gap-y-1">
<span class="font-display text-sm font-bold text-zinc-900 dark:text-zinc-100">{{ reply.author_name }}</span>
<time datetime="{{ reply.created_at|date:'c' }}" class="font-mono text-[10px] uppercase tracking-wider text-zinc-500">{{ reply.created_at|date:"M j, Y" }}</time>
</header>
<div class="prose prose-sm max-w-none text-sm leading-relaxed text-zinc-700 dark:prose-invert dark:text-zinc-300">
{{ reply.body|linebreaks }}
</div>
</article>

77
templates/comments/_reply_form.html
View File

@@ -1,77 +0,0 @@
{% load static %}
<div id="reply-form-container-{{ comment.id }}">
<h4 class="mb-3 font-display text-sm font-bold uppercase tracking-wider text-zinc-700 dark:text-zinc-200">Reply to {{ comment.author_name }}</h4>
{% if reply_success_message %}
<div class="mb-4 rounded-md border border-brand-cyan/30 bg-brand-cyan/10 p-3 font-mono text-sm text-brand-cyan">
{{ reply_success_message }}
</div>
{% endif %}
{% if reply_form_errors %}
<div aria-label="Comment form errors" class="mb-4 rounded-md border border-red-500/30 bg-red-500/10 p-3 font-mono text-sm text-red-500">
<div class="mb-2 text-xs font-bold uppercase tracking-wider">Errors:</div>
<ul class="list-disc list-inside space-y-1">
{% for field, errors in reply_form_errors.items %}
{% for error in errors %}<li>{{ error }}</li>{% endfor %}
{% endfor %}
</ul>
</div>
{% endif %}
<form
method="post"
action="{% url 'comment_post' %}"
hx-post="{% url 'comment_post' %}"
hx-target="#reply-form-container-{{ comment.id }}"
hx-swap="outerHTML"
class="space-y-3"
>
{% csrf_token %}
<input type="hidden" name="article_id" value="{{ page.id }}" />
<input type="hidden" name="parent_id" value="{{ comment.id }}" />
<div class="grid grid-cols-1 gap-3 sm:grid-cols-2">
<input
type="text"
name="author_name"
required
placeholder="Name"
value="{% if reply_form %}{{ reply_form.author_name.value|default:'' }}{% endif %}"
class="w-full rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm text-zinc-900 focus:border-brand-cyan focus:outline-none focus:ring-2 focus:ring-brand-cyan/30 dark:border-zinc-700 dark:bg-zinc-950 dark:text-zinc-100"
/>
<input
type="email"
name="author_email"
required
placeholder="Email"
value="{% if reply_form %}{{ reply_form.author_email.value|default:'' }}{% endif %}"
class="w-full rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm text-zinc-900 focus:border-brand-cyan focus:outline-none focus:ring-2 focus:ring-brand-cyan/30 dark:border-zinc-700 dark:bg-zinc-950 dark:text-zinc-100"
/>
</div>
<textarea
name="body"
required
placeholder="Write your reply"
rows="3"
class="w-full rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm text-zinc-900 focus:border-brand-cyan focus:outline-none focus:ring-2 focus:ring-brand-cyan/30 dark:border-zinc-700 dark:bg-zinc-950 dark:text-zinc-100"
>{% if reply_form %}{{ reply_form.body.value|default:'' }}{% endif %}</textarea>
<input type="text" name="honeypot" hidden />
{% if turnstile_site_key %}
<div class="cf-turnstile" data-sitekey="{{ turnstile_site_key }}" data-theme="auto" data-size="flexible"></div>
{% endif %}
<div class="flex justify-start">
<button
type="submit"
data-testid="post-reply-btn"
class="px-6 py-2 bg-brand-pink text-white font-display font-bold text-sm shadow-solid-dark hover:-translate-y-0.5 hover:shadow-solid-dark/80 transition-all active:translate-y-0"
>
Post Reply
</button>
</div>
</form>
</div>

53
templates/comments/confirm_bulk_unapprove.html
View File

@@ -1,53 +0,0 @@
{% extends 'wagtailadmin/bulk_actions/confirmation/base.html' %}
{% load i18n wagtailusers_tags wagtailadmin_tags %}
{% block titletag %}
{% if items|length == 1 %}
{% blocktrans trimmed with snippet_type_name=model_opts.verbose_name %}Unapprove {{ snippet_type_name }}{% endblocktrans %} - {{ items.0.item }}
{% else %}
{% blocktrans trimmed with count=items|length|intcomma %}Unapprove {{ count }} comments{% endblocktrans %}
{% endif %}
{% endblock %}
{% block header %}
{% trans "Unapprove" as unapprove_str %}
{% if items|length == 1 %}
{% include "wagtailadmin/shared/header.html" with title=unapprove_str subtitle=items.0.item icon=header_icon only %}
{% else %}
{% include "wagtailadmin/shared/header.html" with title=unapprove_str subtitle=model_opts.verbose_name_plural|capfirst icon=header_icon only %}
{% endif %}
{% endblock header %}
{% block items_with_access %}
{% if items %}
{% if items|length == 1 %}
<p>{% blocktrans trimmed with snippet_type_name=model_opts.verbose_name %}Unapprove this {{ snippet_type_name }}?{% endblocktrans %}</p>
{% else %}
<p>{% blocktrans trimmed with count=items|length|intcomma %}Unapprove {{ count }} selected comments?{% endblocktrans %}</p>
<ul>
{% for snippet in items %}
<li><a href="{{ snippet.edit_url }}" target="_blank" rel="noreferrer">{{ snippet.item }}</a></li>
{% endfor %}
</ul>
{% endif %}
{% endif %}
{% endblock items_with_access %}
{% block items_with_no_access %}
{% if items_with_no_access|length == 1 %}
{% trans "You don't have permission to unapprove this comment" as no_access_msg %}
{% else %}
{% trans "You don't have permission to unapprove these comments" as no_access_msg %}
{% endif %}
{% include 'wagtailsnippets/bulk_actions/list_items_with_no_access.html' with items=items_with_no_access no_access_msg=no_access_msg %}
{% endblock items_with_no_access %}
{% block form_section %}
{% if items %}
{% trans "Yes, unapprove" as action_button_text %}
{% trans "No, go back" as no_action_button_text %}
{% include 'wagtailadmin/bulk_actions/confirmation/form.html' %}
{% else %}
{% include 'wagtailadmin/bulk_actions/confirmation/go_back.html' %}
{% endif %}
{% endblock form_section %}

67
templates/wagtailadmin/base.html
View File

@@ -1,67 +0,0 @@
{% extends "wagtailadmin/admin_base.html" %}
{% load wagtailadmin_tags wagtailcore_tags i18n %}
{% block furniture %}
<template data-wagtail-sidebar-branding-logo>{% block branding_logo %}{% endblock %}</template>
{% sidebar_props %}
<aside id="wagtail-sidebar" class="sidebar-loading" data-wagtail-sidebar aria-label="{% trans 'Sidebar' %}"></aside>
{% keyboard_shortcuts_dialog %}
<main class="content-wrapper w-overflow-x-hidden" id="main">
<div class="content">
{# Always show messages div so it can be appended to by JS #}
<div class="messages" role="status" data-controller="w-messages" data-action="w-messages:add@document->w-messages#add" data-w-messages-added-class="new" data-w-messages-show-class="appear" data-w-messages-show-delay-value="100" data-w-messages-auto-clear-value="8000">
<ul data-w-messages-target="container">
{% if messages %}
{% for message in messages %}
{% message_level_tag message as level_tag %}
<li class="{% message_tags message %}" data-server-rendered>
{% if level_tag == "error" %}
{% icon name="warning" classname="messages-icon" %}
{% elif message.extra_tags == "lock" %}
{% icon name="lock" classname="messages-icon" %}
{% elif message.extra_tags == "unlock" %}
{% icon name="lock-open" classname="messages-icon" %}
{% else %}
{% icon name=level_tag classname="messages-icon" %}
{% endif %}
{{ message }}
</li>
{% endfor %}
{% endif %}
</ul>
<template data-w-messages-target="template" data-type="success">
<li class="success">{% icon name="success" classname="messages-icon" %}<span></span></li>
</template>
<template data-w-messages-target="template" data-type="error">
<li class="error">{% icon name="warning" classname="messages-icon" %}<span></span></li>
</template>
<template data-w-messages-target="template" data-type="warning">
<li class="warning">{% icon name="warning" classname="messages-icon" %}<span></span></li>
</template>
</div>
{% comment %}
Wagtail's w-messages Stimulus controller only auto-clears messages
added dynamically via JavaScript (the add() method). Server-rendered
messages — the <li> elements above — have no connect() handler and
sit in the DOM forever. This script schedules their removal so they
auto-dismiss after the same timeout used for dynamic messages.
{% endcomment %}
<script>
(function () {
var items = document.querySelectorAll('[data-server-rendered]');
if (!items.length) return;
setTimeout(function () {
items.forEach(function (el) { el.remove(); });
var ul = document.querySelector('[data-w-messages-target="container"]');
if (ul && !ul.children.length) {
document.body.classList.remove('has-messages');
}
}, 8000);
})();
</script>
{% block content %}{% endblock %}
</div>
</main>
{% endblock %}

2
theme/static/css/styles.css
View File

File diff suppressed because one or more lines are too long