Kontakt, Cookies, articles

.gitignore

@@ -17,3 +17,4 @@
 /yarn-error.log
 
 .byebug_history
+Gemfile.lock

Gemfile

@@ -12,7 +12,7 @@ gem 'rails', '~> 5.1.4'
 gem 'mysql2', '0.4.9'
 # Use Puma as the app server
 gem 'friendly_id', '~> 5.1.0'
-
+gem 'faraday'
 gem 'puma', '~> 3.7'
 # Use SCSS for stylesheets
 gem 'sass-rails', '~> 5.0'

app/assets/javascripts/contact_me.js

@@ -11,6 +11,7 @@ $(function() {
       var name = $("input#name").val();
       var email = $("input#email").val();
       var message = $("textarea#message").val();
+      var recaptcha_confirm = $("#g-recaptcha-response").val();
       var firstName = name; // For Success/Failure Message
       // Check for white space in name for Success/Fail message
       if (firstName.indexOf(' ') >= 0) {
@@ -25,7 +26,8 @@ $(function() {
         data: {
           name: name,
           email: email,
-          message: message
+          message: message,
+          'g-recaptcha-response': recaptcha_confirm
         },
         cache: false,
         success: function() {
@@ -34,7 +36,7 @@ $(function() {
           $('#success > .alert-success').html("<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;")
             .append("</button>");
           $('#success > .alert-success')
-            .append("<strong>Wiadomość została wysłąna. </strong>");
+            .append("<strong>Wiadomość została wysłana. </strong>");
           $('#success > .alert-success')
             .append('</div>');
           //clear all fields

app/assets/javascripts/whcookies.js

@@ -0,0 +1,40 @@
+/*
+ * Skrypt wyświetlający okienko z informacją o wykorzystaniu ciasteczek (cookies)
+ *
+ * Więcej informacji: http://webhelp.pl/artykuly/okienko-z-informacja-o-ciasteczkach-cookies/
+ *
+ */
+
+function WHCreateCookie(name, value, days) {
+    var date = new Date();
+    date.setTime(date.getTime() + (days*24*60*60*1000));
+    var expires = "; expires=" + date.toGMTString();
+	document.cookie = name+"="+value+expires+"; path=/";
+}
+function WHReadCookie(name) {
+	var nameEQ = name + "=";
+	var ca = document.cookie.split(';');
+	for(var i=0; i < ca.length; i++) {
+		var c = ca[i];
+		while (c.charAt(0) == ' ') c = c.substring(1, c.length);
+		if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
+	}
+	return null;
+}
+
+window.onload = WHCheckCookies;
+
+function WHCheckCookies() {
+    if(WHReadCookie('cookies_accepted') != 'T') {
+        var message_container = document.createElement('div');
+        message_container.id = 'cookies-message-container';
+        var html_code = '<div id="cookies-message" style="padding: 10px 0px; font-size: 14px; line-height: 22px; border-bottom: 1px solid rgb(211, 208, 208); border-top: 1px solid rgb(211, 208, 208); text-align: center; position: absolute; bottom: 0px; background-color: #efefef; width: 100%; z-index: 999;">Ta strona używa ciasteczek (cookies), dzięki którym nasz serwis może działać lepiej. <a href="http://wszystkoociasteczkach.pl" target="_blank">Dowiedz się więcej</a><a href="javascript:WHCloseCookiesWindow();" id="accept-cookies-checkbox" name="accept-cookies" style="background-color: #00AFBF; padding: 5px 10px; color: #FFF; border-radius: 4px; -moz-border-radius: 4px; -webkit-border-radius: 4px; display: inline-block; margin-left: 10px; text-decoration: none; cursor: pointer;">Rozumiem</a></div>';
+        message_container.innerHTML = html_code;
+        document.body.appendChild(message_container);
+    }
+}
+
+function WHCloseCookiesWindow() {
+    WHCreateCookie('cookies_accepted', 'T', 365);
+    document.getElementById('cookies-message-container').removeChild(document.getElementById('cookies-message'));
+}

app/controllers/admin/article_controller.rb

@@ -11,23 +11,48 @@ class Admin::ArticleController < ApplicationController
   end
 
   def new
-
+    @article = Article.new
   end
 
   def create
-
+    @article = Article.new(articles_params)
+    if @article.save
+      respond_to do |format|
+        format.html {redirect_to action: 'index'}
+        format.js {@articles = Article.all}
+      end
+    else
+      render 'new'
+    end
   end
 
   def edit
-
+    @article = Article.find(params[:id])
   end
 
   def update
-
+    @article = Article.find(params[:id])
+    if @article.update_attributes(articles_params)
+      respond_to do |format|
+        format.html {redirect_to action: 'index'}
+        format.js {@articles = Article.all}
+      end
+    else
+      render 'edit'
+    end
   end
 
   def destroy
+    @article = Article.find(params[:id])
+    unless @article.blank?
+      @article.destroy
+    end
+    redirect_to action: 'index'
+  end
 
+  protected
+  def articles_params
+    params.require(:article).permit(:name)
   end
 
 end

app/controllers/site_controller.rb

@@ -1,4 +1,5 @@
 class SiteController < ApplicationController
+  #include RecaptchaVerifier
   def index
     @pages = PublishedPage.where('type_of != 3').order('priority ASC')
     @adm = Admin.all
@@ -27,10 +28,16 @@ class SiteController < ApplicationController
   end
 
   def send_email
-    contact = {'name' => params[:name], 'message' => params[:message], 'email' => params[:email]}
-    ContactMailer.contact_email(contact).deliver_now
-    #return head(:bad_request)
-    head :ok
+    # reCaptcha secret: 6LeaskIUAAAAACcF5jFmO2l7GRzNAKESmzdcxB1k
+    if RecaptchaVerifier.verify(params["g-recaptcha-response"], request.ip)
+      contact = {'name' => params[:name], 'message' => params[:message], 'email' => params[:email]}
+      ContactMailer.contact_email(contact).deliver_now
+      head :ok
+    else
+      return head(:bad_request)
+    end
+
+
   end
 
 

app/models/all_page.rb

@@ -5,6 +5,7 @@ class AllPage < ApplicationRecord
   belongs_to :article, optional: true
   has_one :published_page
   before_destroy :b_destroy
+  
   PAGE_TYPES = {
     1 => 'Strona zwykła',
     2 => 'Strona z listą wpisów',

app/models/article.rb

@@ -1,6 +1,7 @@
 class Article < ApplicationRecord
   has_many :all_pages
   has_many :published_pages
+  validates :name, presence: true, uniqueness: true
 
   def all_page_articles
       AllPage.where('article_id = ? AND type_of = 3 AND published = 1', self.id).order('updated_at DESC')

app/services/recaptcha_verifier.rb

@@ -0,0 +1,22 @@
+class RecaptchaVerifier
+  def self.verify(response, remote_ip, recaptcha_client=GoogleRecaptcha)
+    new(response, remote_ip, recaptcha_client).verify
+  end
+
+  def initialize(response, remote_ip, recaptcha_client)
+    @recaptcha_response = response
+    @remote_ip          = remote_ip
+    @recaptcha_client   = recaptcha_client.new
+  end
+
+  def verify
+    return false unless recaptcha_response
+    recaptcha_client.verify_recaptcha(response: recaptcha_response, remoteip: remote_ip)
+  rescue
+    false
+  end
+
+  private
+
+  attr_reader :recaptcha_client, :recaptcha_response, :remote_ip
+end  

app/views/admin/article/_articles.html.erb

@@ -20,7 +20,7 @@
         <td><%= raw('<span class="badge bg-green">' + ap.published_page_articles.size.to_s + '</span>') %></td>
         <td><%= ap.updated_at %></td>
         <td>
-          <%= link_to raw('<i class="fa fa-edit"></i> Edycja'), {controller: '/admin/article', action: 'edit', id: ap.id}, class: 'btn btn-xs btn-info' %>
+          <%= link_to raw('<i class="fa fa-edit"></i> Edycja'), {controller: '/admin/article', action: 'edit', id: ap.id}, class: 'btn btn-xs btn-info', remote: true %>
           <%= link_to raw('<i class="fa fa-trash"></i> Usuń'), {controller: '/admin/article', action: 'destroy', id: ap.id}, class: "btn btn-danger btn-xs", method: :delete, data: { confirm: 'Czy na pewno usunąć?' } %>
         </td>
       </tr>

app/views/admin/article/_edit.html.erb

@@ -0,0 +1,14 @@
+<div class="row">
+  <div class="col-md-12">
+    <div class="box box-info box-solid">
+      <div class="box-header with-border">
+        <h3 class="box-title">Edycja Grupy Wpisów</h3>
+      </div>
+      <div id="article_form">
+        <%= form_tag({controller: '/admin/article', action: :update, id: @article.id}, method: :put, id:'article_form_id', authenticity_token: true, remote: true) do %>
+            <%= render 'form' %>
+        <% end %>
+      </div>
+
+  </div>
+</div>

app/views/admin/article/_form.html.erb

@@ -0,0 +1,14 @@
+<%= stylesheet_link_tag  'select2' %>
+<div class="box-body">
+  <% if @article.errors.any? %>
+    <%= raw errors_to_html(@article.errors) %>
+  <% end %>
+  <div class="form-group">
+    <label>Nazwa</label>
+    <%= text_field :article, :name, class: "form-control", placeholder: 'Nazwa' %>
+  </div>
+  <div class="box-footer">
+    <%= submit_tag 'Zapisz', class: "btn btn-primary" %>
+  </div>
+
+</div>

app/views/admin/article/_new.html.erb

@@ -0,0 +1,14 @@
+<div class="row">
+  <div class="col-md-12">
+    <div class="box box-primary box-solid">
+      <div class="box-header with-border">
+        <h3 class="box-title">Nowa Grupa Wpisów</h3>
+      </div>
+      <div id="article_form">
+        <%= form_tag({controller: '/admin/article', action: :create}, id: 'article_form_id', authenticity_token: true, remote: true) do %>
+            <%= render 'form' %>
+        <% end %>
+      </div>
+
+  </div>
+</div>

app/views/admin/article/create.js.erb

@@ -0,0 +1,6 @@
+<% if @article.errors.any? %>
+  $("#articles_form").html("<%= escape_javascript(render('new')) %>");
+<% else %>
+  $("#articles_form").html("");
+  $("#articles_list").html("<%= escape_javascript(render('articles')) %>");
+<% end %>

app/views/admin/article/edit.html.erb

@@ -0,0 +1 @@
+<%= render 'edit' %>

app/views/admin/article/edit.js.erb

@@ -0,0 +1 @@
+$("#articles_form").html("<%= escape_javascript(render('edit')) %>");

app/views/admin/article/index.html.erb

@@ -3,11 +3,14 @@
     <div class="box">
       <div class="box-header with-border">
         <h3 class="box-title">Grupy Wpisów</h3>
-        <div class="box-tools"><%= link_to 'Dodaj', '/admin/article/new', class: 'btn btn-block btn-primary btn-sm' %>
+        <div class="box-tools"><%= link_to 'Dodaj', '/admin/article/new', class: 'btn btn-block btn-primary btn-sm', remote: true %>
       </div>
                 <!-- /.box-header -->
       <div class="box-body">
-        <%= render 'articles' %>
+        <div id="articles_form"></div>
+        <div id="articles_list">
+          <%= render 'articles' %>
+        </div>
       </div>
   </div>
 </div>

app/views/admin/article/new.html.erb

@@ -0,0 +1 @@
+<%= render 'new' %>

app/views/admin/article/new.js.erb

@@ -0,0 +1 @@
+$("#articles_form").html("<%= escape_javascript(render('new')) %>");

app/views/admin/article/update.js.erb

@@ -0,0 +1,6 @@
+<% if @article.errors.any? %>
+  $("#articles_form").html("<%= escape_javascript(render('edit')) %>");
+<% else %>
+  $("#articles_form").html("");
+  $("#articles_list").html("<%= escape_javascript(render('articles')) %>");
+<% end %>

app/views/layouts/application.html.erb

@@ -8,7 +8,8 @@
     <link href='https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800' rel='stylesheet' type='text/css'>
     <link href='https://fonts.googleapis.com/css?family=Merriweather:400,300,300italic,400italic,700,700italic,900,900italic' rel='stylesheet' type='text/css'>
     <%= stylesheet_link_tag  'creative' %>
-    <%= javascript_include_tag 'application', 'jquery', 'data-turbolinks-track': 'reload' %>
+    <%= javascript_include_tag 'application', 'jquery', 'whcookies', 'data-turbolinks-track': 'reload' %>
+    <%= yield :header_scripts %>
   </head>
 
   <body>

app/views/site/kontakt.html.erb

@@ -1,4 +1,7 @@
 <!-- Page Header -->
+<% content_for :header_scripts do %>
+  <script src='https://www.google.com/recaptcha/api.js?onload=onRecaptchaElementLoad&render=explicit' async defer></script>
+<% end %>
 <header class="contacthead" style="background-image: url('/assets/header.jpg')">
   <div class="overlay"></div>
   <div class="container">
@@ -40,6 +43,7 @@
             <p class="help-block text-danger"></p>
           </div>
         </div>
+        <div id="recaptcha"></div>
         <br>
         <div id="success"></div>
         <div class="form-group">
@@ -49,6 +53,14 @@
     </div>
   </div>
 </div>
-<% content_for :footer_scripts do %>
-<%= javascript_include_tag  'jqBootstrapValidation', 'contact_me' %>
+<%= javascript_tag do %>
+  var onRecaptchaElementLoad = function() {
+    grecaptcha.render('recaptcha', {
+      'sitekey' : '<%= j ENV["REACAPTCHA_SITE_KEY"]%>',
+      'hl': 'pl'
+    });
+  };
+<% end %>
+<% content_for :footer_scripts do %>
+  <%= javascript_include_tag  'jqBootstrapValidation', 'contact_me' %>
 <% end %>

config/application.rb

@@ -10,9 +10,15 @@ module SimpleCms
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
     config.load_defaults 5.1
-
+    # config.autoload_paths << "#{Rails.root}/lib"
+    config.eager_load_paths << "#{Rails.root}/lib"
     config.assets.paths << Rails.root.join('app', 'assets', 'fonts')
     config.assets.precompile += %w( .svg .eot .woff .ttf .otf .woff2 )
+    config = YAML.load(File.read(File.expand_path('../application.yml', __FILE__)))
+    config.merge! config.fetch(Rails.env, {})
+    config.each do |key, value|
+        ENV[key] = value.to_s unless value.kind_of? Hash
+    end
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.

config/application.yml

@@ -0,0 +1,7 @@
+development:
+  REACAPTCHA_SITE_KEY: '6LeaskIUAAAAAMQ0pQRi0Xye2M0YtJ1gh_Ufl_P3'
+  RECAPTCHA_SECRET_KEY: '6LeaskIUAAAAACcF5jFmO2l7GRzNAKESmzdcxB1k'
+
+production:
+  REACAPTCHA_SITE_KEY: '6LeaskIUAAAAAMQ0pQRi0Xye2M0YtJ1gh_Ufl_P3'
+  RECAPTCHA_SECRET_KEY: '6LeaskIUAAAAACcF5jFmO2l7GRzNAKESmzdcxB1k'

config/environments/development.rb

@@ -27,8 +27,6 @@ Rails.application.configure do
   end
 
   # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
-
   config.action_mailer.perform_caching = false
 
   config.action_mailer.delivery_method = :smtp

config/environments/production.rb

@@ -34,7 +34,21 @@ Rails.application.configure do
 
   # Enable serving of images, stylesheets, and JavaScripts from an asset server.
   # config.action_controller.asset_host = 'http://assets.example.com'
+  config.action_mailer.perform_caching = false
 
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = {
+    address:              'smtp.gmail.com',
+    port:                 587,
+    domain:               'example.com',
+    user_name:            'kontakt.ubezpieczenie@gmail.com',
+    password:             'qazxsw123',
+    authentication:       'plain',
+    enable_starttls_auto: true
+  }
+  config.action_mailer.perform_deliveries = true
+  config.action_mailer.raise_delivery_errors = true
+  config.action_mailer.default_options = {from: 'kontakt.ubezpieczenie@gmail.com'}
   # Specifies the header that your server uses for sending files.
   # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
@@ -102,5 +116,5 @@ Rails.application.configure do
   else
     false
   end
-}  
+}
 end

config/initializers/friendly_id.rb

@@ -69,11 +69,11 @@ FriendlyId.defaults do |config|
   # FriendlyId adds to your model. The change below makes FriendlyId 5.0 behave
   # more like 4.0.
   #
-  # config.use Module.new {
-  #   def should_generate_new_friendly_id?
-  #     slug.blank? || <your_column_name_here>_changed?
-  #   end
-  # }
+   config.use Module.new {
+     def should_generate_new_friendly_id?
+       slug.blank? || title_changed?
+     end
+  }
   #
   # FriendlyId uses Rails's `parameterize` method to generate slugs, but for
   # languages that don't use the Roman alphabet, that's not usually sufficient.

lib/google_recaptcha.rb

@@ -0,0 +1,27 @@
+class GoogleRecaptcha
+  BASE_URL   = "https://www.google.com/".freeze
+  VERIFY_URL = "recaptcha/api/siteverify".freeze
+
+  def initialize
+    @client = Faraday.new(BASE_URL)
+  end
+
+  def verify_recaptcha(params)
+    response = perform_verify_request(params)
+    success?(response)
+  end
+
+  def success?(response)
+    JSON.parse(response.body)["success"]
+  end
+
+  private
+
+  attr_reader :client
+
+  def perform_verify_request(params)
+    client.post(VERIFY_URL) do |req|
+      req.params = params.merge({secret: ENV["RECAPTCHA_SECRET_KEY"]})
+    end
+  end
+end