| 335 | @xhr |
| 336 | @requires(str, "uri") |
| 337 | def new(self, environ, request, uri): |
| 338 | data = request.json |
| 339 | |
| 340 | for field in set(data.keys()) - API.ACCEPT: |
| 341 | data.pop(field) |
| 342 | |
| 343 | for key in ("author", "email", "website", "parent"): |
| 344 | data.setdefault(key, None) |
| 345 | |
| 346 | valid, reason = API.verify(data) |
| 347 | if not valid: |
| 348 | return BadRequest(reason) |
| 349 | |
| 350 | for field in ("author", "email"): |
| 351 | if data.get(field) is not None: |
| 352 | data[field] = escape(data[field], quote=False) |
| 353 | |
| 354 | if data.get("website") is not None: |
| 355 | data["website"] = escape(data["website"], quote=True) |
| 356 | |
| 357 | if data.get("website"): |
| 358 | data["website"] = normalize(data["website"]) |
| 359 | |
| 360 | data["mode"] = 2 if self.moderated else 1 |
| 361 | data["remote_addr"] = self._remote_addr(request) |
| 362 | |
| 363 | with self.isso.lock: |
| 364 | if uri not in self.threads: |
| 365 | if not data.get("title"): |
| 366 | with http.curl("GET", local("origin"), uri) as resp: |
| 367 | if resp and resp.status == 200: |
| 368 | uri, title = parse.thread(resp.read(), id=uri) |
| 369 | else: |
| 370 | return BadRequest( |
| 371 | f"Cannot create new thread: URI {uri} is not accessible and no title was provided. Please provide a title parameter in your request." |
| 372 | ) |
| 373 | else: |
| 374 | title = data["title"] |
| 375 | |
| 376 | thread = self.threads.new(uri, title) |
| 377 | self.signal("comments.new:new-thread", thread) |
| 378 | else: |
| 379 | thread = self.threads[uri] |
| 380 | |
| 381 | # notify extensions that the new comment is about to save |
| 382 | self.signal("comments.new:before-save", thread, data) |
| 383 | |
| 384 | valid, reason = self.guard.validate(uri, data) |
| 385 | if not valid: |
| 386 | self.signal("comments.new:guard", reason) |
| 387 | raise Forbidden(reason) |
| 388 | |
| 389 | with self.isso.lock: |
| 390 | # if email-based auto-moderation enabled, check for previously approved author |
| 391 | # right before approval. |
| 392 | if self.approve_if_email_previously_approved and self.comments.is_previously_approved_author(data["email"]): |
| 393 | data["mode"] = 1 |
| 394 | |