diff --git a/.gitignore b/.gitignore index 82701fe..b5ef6d1 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /yarn-error.log .byebug_history +Gemfile.lock diff --git a/Gemfile b/Gemfile index dbecca7..3976e15 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem 'rails', '~> 5.1.4' gem 'mysql2', '0.4.9' # Use Puma as the app server gem 'friendly_id', '~> 5.1.0' - +gem 'faraday' gem 'puma', '~> 3.7' # Use SCSS for stylesheets gem 'sass-rails', '~> 5.0' diff --git a/app/assets/javascripts/contact_me.js b/app/assets/javascripts/contact_me.js index fb45df9..38cbeed 100644 --- a/app/assets/javascripts/contact_me.js +++ b/app/assets/javascripts/contact_me.js @@ -11,6 +11,7 @@ $(function() { var name = $("input#name").val(); var email = $("input#email").val(); var message = $("textarea#message").val(); + var recaptcha_confirm = $("#g-recaptcha-response").val(); var firstName = name; // For Success/Failure Message // Check for white space in name for Success/Fail message if (firstName.indexOf(' ') >= 0) { @@ -25,7 +26,8 @@ $(function() { data: { name: name, email: email, - message: message + message: message, + 'g-recaptcha-response': recaptcha_confirm }, cache: false, success: function() { @@ -34,7 +36,7 @@ $(function() { $('#success > .alert-success').html(""); $('#success > .alert-success') - .append("Wiadomość została wysłąna. "); + .append("Wiadomość została wysłana. "); $('#success > .alert-success') .append(''); //clear all fields diff --git a/app/assets/javascripts/whcookies.js b/app/assets/javascripts/whcookies.js new file mode 100644 index 0000000..e70e8a5 --- /dev/null +++ b/app/assets/javascripts/whcookies.js @@ -0,0 +1,40 @@ +/* + * Skrypt wyświetlający okienko z informacją o wykorzystaniu ciasteczek (cookies) + * + * Więcej informacji: http://webhelp.pl/artykuly/okienko-z-informacja-o-ciasteczkach-cookies/ + * + */ + +function WHCreateCookie(name, value, days) { + var date = new Date(); + date.setTime(date.getTime() + (days*24*60*60*1000)); + var expires = "; expires=" + date.toGMTString(); + document.cookie = name+"="+value+expires+"; path=/"; +} +function WHReadCookie(name) { + var nameEQ = name + "="; + var ca = document.cookie.split(';'); + for(var i=0; i < ca.length; i++) { + var c = ca[i]; + while (c.charAt(0) == ' ') c = c.substring(1, c.length); + if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length); + } + return null; +} + +window.onload = WHCheckCookies; + +function WHCheckCookies() { + if(WHReadCookie('cookies_accepted') != 'T') { + var message_container = document.createElement('div'); + message_container.id = 'cookies-message-container'; + var html_code = '
Ta strona używa ciasteczek (cookies), dzięki którym nasz serwis może działać lepiej. Dowiedz się więcejRozumiem
'; + message_container.innerHTML = html_code; + document.body.appendChild(message_container); + } +} + +function WHCloseCookiesWindow() { + WHCreateCookie('cookies_accepted', 'T', 365); + document.getElementById('cookies-message-container').removeChild(document.getElementById('cookies-message')); +} diff --git a/app/controllers/admin/article_controller.rb b/app/controllers/admin/article_controller.rb index 5860fd3..39ec831 100644 --- a/app/controllers/admin/article_controller.rb +++ b/app/controllers/admin/article_controller.rb @@ -11,23 +11,48 @@ class Admin::ArticleController < ApplicationController end def new - + @article = Article.new end def create - + @article = Article.new(articles_params) + if @article.save + respond_to do |format| + format.html {redirect_to action: 'index'} + format.js {@articles = Article.all} + end + else + render 'new' + end end def edit - + @article = Article.find(params[:id]) end def update - + @article = Article.find(params[:id]) + if @article.update_attributes(articles_params) + respond_to do |format| + format.html {redirect_to action: 'index'} + format.js {@articles = Article.all} + end + else + render 'edit' + end end def destroy + @article = Article.find(params[:id]) + unless @article.blank? + @article.destroy + end + redirect_to action: 'index' + end + protected + def articles_params + params.require(:article).permit(:name) end end diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb index b0aee9c..dc78abf 100644 --- a/app/controllers/site_controller.rb +++ b/app/controllers/site_controller.rb @@ -1,4 +1,5 @@ class SiteController < ApplicationController + #include RecaptchaVerifier def index @pages = PublishedPage.where('type_of != 3').order('priority ASC') @adm = Admin.all @@ -27,10 +28,16 @@ class SiteController < ApplicationController end def send_email - contact = {'name' => params[:name], 'message' => params[:message], 'email' => params[:email]} - ContactMailer.contact_email(contact).deliver_now - #return head(:bad_request) - head :ok + # reCaptcha secret: 6LeaskIUAAAAACcF5jFmO2l7GRzNAKESmzdcxB1k + if RecaptchaVerifier.verify(params["g-recaptcha-response"], request.ip) + contact = {'name' => params[:name], 'message' => params[:message], 'email' => params[:email]} + ContactMailer.contact_email(contact).deliver_now + head :ok + else + return head(:bad_request) + end + + end diff --git a/app/models/all_page.rb b/app/models/all_page.rb index d4787d1..df2ea4b 100644 --- a/app/models/all_page.rb +++ b/app/models/all_page.rb @@ -5,6 +5,7 @@ class AllPage < ApplicationRecord belongs_to :article, optional: true has_one :published_page before_destroy :b_destroy + PAGE_TYPES = { 1 => 'Strona zwykła', 2 => 'Strona z listą wpisów', diff --git a/app/models/article.rb b/app/models/article.rb index 9871d1d..c59b3bd 100644 --- a/app/models/article.rb +++ b/app/models/article.rb @@ -1,6 +1,7 @@ class Article < ApplicationRecord has_many :all_pages has_many :published_pages + validates :name, presence: true, uniqueness: true def all_page_articles AllPage.where('article_id = ? AND type_of = 3 AND published = 1', self.id).order('updated_at DESC') diff --git a/app/services/recaptcha_verifier.rb b/app/services/recaptcha_verifier.rb new file mode 100644 index 0000000..66384ef --- /dev/null +++ b/app/services/recaptcha_verifier.rb @@ -0,0 +1,22 @@ +class RecaptchaVerifier + def self.verify(response, remote_ip, recaptcha_client=GoogleRecaptcha) + new(response, remote_ip, recaptcha_client).verify + end + + def initialize(response, remote_ip, recaptcha_client) + @recaptcha_response = response + @remote_ip = remote_ip + @recaptcha_client = recaptcha_client.new + end + + def verify + return false unless recaptcha_response + recaptcha_client.verify_recaptcha(response: recaptcha_response, remoteip: remote_ip) + rescue + false + end + + private + + attr_reader :recaptcha_client, :recaptcha_response, :remote_ip +end diff --git a/app/views/admin/article/_articles.html.erb b/app/views/admin/article/_articles.html.erb index dc878e7..d24160e 100644 --- a/app/views/admin/article/_articles.html.erb +++ b/app/views/admin/article/_articles.html.erb @@ -20,7 +20,7 @@ <%= raw('' + ap.published_page_articles.size.to_s + '') %> <%= ap.updated_at %> - <%= link_to raw(' Edycja'), {controller: '/admin/article', action: 'edit', id: ap.id}, class: 'btn btn-xs btn-info' %> + <%= link_to raw(' Edycja'), {controller: '/admin/article', action: 'edit', id: ap.id}, class: 'btn btn-xs btn-info', remote: true %> <%= link_to raw(' Usuń'), {controller: '/admin/article', action: 'destroy', id: ap.id}, class: "btn btn-danger btn-xs", method: :delete, data: { confirm: 'Czy na pewno usunąć?' } %> diff --git a/app/views/admin/article/_edit.html.erb b/app/views/admin/article/_edit.html.erb new file mode 100644 index 0000000..85a0ad1 --- /dev/null +++ b/app/views/admin/article/_edit.html.erb @@ -0,0 +1,14 @@ +
+
+
+
+

Edycja Grupy Wpisów

+
+
+ <%= form_tag({controller: '/admin/article', action: :update, id: @article.id}, method: :put, id:'article_form_id', authenticity_token: true, remote: true) do %> + <%= render 'form' %> + <% end %> +
+ +
+
diff --git a/app/views/admin/article/_form.html.erb b/app/views/admin/article/_form.html.erb new file mode 100644 index 0000000..94a13d0 --- /dev/null +++ b/app/views/admin/article/_form.html.erb @@ -0,0 +1,14 @@ +<%= stylesheet_link_tag 'select2' %> +
+ <% if @article.errors.any? %> + <%= raw errors_to_html(@article.errors) %> + <% end %> +
+ + <%= text_field :article, :name, class: "form-control", placeholder: 'Nazwa' %> +
+
+ <%= submit_tag 'Zapisz', class: "btn btn-primary" %> +
+ +
diff --git a/app/views/admin/article/_new.html.erb b/app/views/admin/article/_new.html.erb new file mode 100644 index 0000000..e524862 --- /dev/null +++ b/app/views/admin/article/_new.html.erb @@ -0,0 +1,14 @@ +
+
+
+
+

Nowa Grupa Wpisów

+
+
+ <%= form_tag({controller: '/admin/article', action: :create}, id: 'article_form_id', authenticity_token: true, remote: true) do %> + <%= render 'form' %> + <% end %> +
+ +
+
diff --git a/app/views/admin/article/create.js.erb b/app/views/admin/article/create.js.erb new file mode 100644 index 0000000..8af7f89 --- /dev/null +++ b/app/views/admin/article/create.js.erb @@ -0,0 +1,6 @@ +<% if @article.errors.any? %> + $("#articles_form").html("<%= escape_javascript(render('new')) %>"); +<% else %> + $("#articles_form").html(""); + $("#articles_list").html("<%= escape_javascript(render('articles')) %>"); +<% end %> diff --git a/app/views/admin/article/edit.html.erb b/app/views/admin/article/edit.html.erb index e69de29..96ba353 100644 --- a/app/views/admin/article/edit.html.erb +++ b/app/views/admin/article/edit.html.erb @@ -0,0 +1 @@ +<%= render 'edit' %> diff --git a/app/views/admin/article/edit.js.erb b/app/views/admin/article/edit.js.erb new file mode 100644 index 0000000..1f9bd3f --- /dev/null +++ b/app/views/admin/article/edit.js.erb @@ -0,0 +1 @@ +$("#articles_form").html("<%= escape_javascript(render('edit')) %>"); diff --git a/app/views/admin/article/index.html.erb b/app/views/admin/article/index.html.erb index 6b89612..6f27481 100644 --- a/app/views/admin/article/index.html.erb +++ b/app/views/admin/article/index.html.erb @@ -3,11 +3,14 @@

Grupy Wpisów

-
<%= link_to 'Dodaj', '/admin/article/new', class: 'btn btn-block btn-primary btn-sm' %> +
<%= link_to 'Dodaj', '/admin/article/new', class: 'btn btn-block btn-primary btn-sm', remote: true %>
- <%= render 'articles' %> +
+
+ <%= render 'articles' %> +
diff --git a/app/views/admin/article/new.html.erb b/app/views/admin/article/new.html.erb index e69de29..41230ac 100644 --- a/app/views/admin/article/new.html.erb +++ b/app/views/admin/article/new.html.erb @@ -0,0 +1 @@ +<%= render 'new' %> diff --git a/app/views/admin/article/new.js.erb b/app/views/admin/article/new.js.erb new file mode 100644 index 0000000..8350ae7 --- /dev/null +++ b/app/views/admin/article/new.js.erb @@ -0,0 +1 @@ +$("#articles_form").html("<%= escape_javascript(render('new')) %>"); diff --git a/app/views/admin/article/update.js.erb b/app/views/admin/article/update.js.erb new file mode 100644 index 0000000..0e0902d --- /dev/null +++ b/app/views/admin/article/update.js.erb @@ -0,0 +1,6 @@ +<% if @article.errors.any? %> + $("#articles_form").html("<%= escape_javascript(render('edit')) %>"); +<% else %> + $("#articles_form").html(""); + $("#articles_list").html("<%= escape_javascript(render('articles')) %>"); +<% end %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 0c70308..db29ea0 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -8,7 +8,8 @@ <%= stylesheet_link_tag 'creative' %> - <%= javascript_include_tag 'application', 'jquery', 'data-turbolinks-track': 'reload' %> + <%= javascript_include_tag 'application', 'jquery', 'whcookies', 'data-turbolinks-track': 'reload' %> + <%= yield :header_scripts %> diff --git a/app/views/site/kontakt.html.erb b/app/views/site/kontakt.html.erb index f2fa770..2bf9411 100644 --- a/app/views/site/kontakt.html.erb +++ b/app/views/site/kontakt.html.erb @@ -1,4 +1,7 @@ +<% content_for :header_scripts do %> + +<% end %>
@@ -40,6 +43,7 @@

+

@@ -49,6 +53,14 @@
-<% content_for :footer_scripts do %> -<%= javascript_include_tag 'jqBootstrapValidation', 'contact_me' %> +<%= javascript_tag do %> + var onRecaptchaElementLoad = function() { + grecaptcha.render('recaptcha', { + 'sitekey' : '<%= j ENV["REACAPTCHA_SITE_KEY"]%>', + 'hl': 'pl' + }); + }; +<% end %> +<% content_for :footer_scripts do %> + <%= javascript_include_tag 'jqBootstrapValidation', 'contact_me' %> <% end %> diff --git a/config/application.rb b/config/application.rb index 274d69a..d880a47 100644 --- a/config/application.rb +++ b/config/application.rb @@ -10,9 +10,15 @@ module SimpleCms class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. config.load_defaults 5.1 - + # config.autoload_paths << "#{Rails.root}/lib" + config.eager_load_paths << "#{Rails.root}/lib" config.assets.paths << Rails.root.join('app', 'assets', 'fonts') config.assets.precompile += %w( .svg .eot .woff .ttf .otf .woff2 ) + config = YAML.load(File.read(File.expand_path('../application.yml', __FILE__))) + config.merge! config.fetch(Rails.env, {}) + config.each do |key, value| + ENV[key] = value.to_s unless value.kind_of? Hash + end # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers # -- all .rb files in that directory are automatically loaded. diff --git a/config/application.yml b/config/application.yml new file mode 100644 index 0000000..50510be --- /dev/null +++ b/config/application.yml @@ -0,0 +1,7 @@ +development: + REACAPTCHA_SITE_KEY: '6LeaskIUAAAAAMQ0pQRi0Xye2M0YtJ1gh_Ufl_P3' + RECAPTCHA_SECRET_KEY: '6LeaskIUAAAAACcF5jFmO2l7GRzNAKESmzdcxB1k' + +production: + REACAPTCHA_SITE_KEY: '6LeaskIUAAAAAMQ0pQRi0Xye2M0YtJ1gh_Ufl_P3' + RECAPTCHA_SECRET_KEY: '6LeaskIUAAAAACcF5jFmO2l7GRzNAKESmzdcxB1k' diff --git a/config/environments/development.rb b/config/environments/development.rb index b965b80..e67e861 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -27,8 +27,6 @@ Rails.application.configure do end # Don't care if the mailer can't send. - config.action_mailer.raise_delivery_errors = false - config.action_mailer.perform_caching = false config.action_mailer.delivery_method = :smtp diff --git a/config/environments/production.rb b/config/environments/production.rb index 52fda5c..ca1f643 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -34,7 +34,21 @@ Rails.application.configure do # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.action_controller.asset_host = 'http://assets.example.com' + config.action_mailer.perform_caching = false + config.action_mailer.delivery_method = :smtp + config.action_mailer.smtp_settings = { + address: 'smtp.gmail.com', + port: 587, + domain: 'example.com', + user_name: 'kontakt.ubezpieczenie@gmail.com', + password: 'qazxsw123', + authentication: 'plain', + enable_starttls_auto: true + } + config.action_mailer.perform_deliveries = true + config.action_mailer.raise_delivery_errors = true + config.action_mailer.default_options = {from: 'kontakt.ubezpieczenie@gmail.com'} # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX @@ -102,5 +116,5 @@ Rails.application.configure do else false end -} +} end diff --git a/config/initializers/friendly_id.rb b/config/initializers/friendly_id.rb index f064f1e..c4ab118 100644 --- a/config/initializers/friendly_id.rb +++ b/config/initializers/friendly_id.rb @@ -69,11 +69,11 @@ FriendlyId.defaults do |config| # FriendlyId adds to your model. The change below makes FriendlyId 5.0 behave # more like 4.0. # - # config.use Module.new { - # def should_generate_new_friendly_id? - # slug.blank? || _changed? - # end - # } + config.use Module.new { + def should_generate_new_friendly_id? + slug.blank? || title_changed? + end + } # # FriendlyId uses Rails's `parameterize` method to generate slugs, but for # languages that don't use the Roman alphabet, that's not usually sufficient. diff --git a/lib/google_recaptcha.rb b/lib/google_recaptcha.rb new file mode 100644 index 0000000..9cd50fe --- /dev/null +++ b/lib/google_recaptcha.rb @@ -0,0 +1,27 @@ +class GoogleRecaptcha + BASE_URL = "https://www.google.com/".freeze + VERIFY_URL = "recaptcha/api/siteverify".freeze + + def initialize + @client = Faraday.new(BASE_URL) + end + + def verify_recaptcha(params) + response = perform_verify_request(params) + success?(response) + end + + def success?(response) + JSON.parse(response.body)["success"] + end + + private + + attr_reader :client + + def perform_verify_request(params) + client.post(VERIFY_URL) do |req| + req.params = params.merge({secret: ENV["RECAPTCHA_SECRET_KEY"]}) + end + end +end