feat: email verification

improvement: table handling in panel view

Author: mauricerenck

index.css

@@ -13,7 +13,9 @@
     'snippets' => require_once(__DIR__ . '/plugin/snippets.php'),
     'templates' => [
         'emails/newcomments' => __DIR__ . '/templates/emails/newComments.php',
-        'komment-response' => __DIR__ . '/templates/pages/response.php'
+        'emails/mailverification' => __DIR__ . '/templates/emails/mailverification.php',
+        'komment-response' => __DIR__ . '/templates/pages/response.php',
+        'comment-verified' => __DIR__ . '/templates/pages/comment-verified.php',
     ],
     'blueprints' => require_once(__DIR__ . '/plugin/blueprints.php'),
     'pageMethods' => require_once(__DIR__ . '/plugin/page-methods.php'),

index.js

@@ -0,0 +1,118 @@
+<?php
+
+namespace mauricerenck\Komments;
+
+use Kirby\Toolkit\Collection;
+
+class CommentVerification
+{
+
+    public function __construct(
+        private ?bool $verificationEnabled = null,
+        private ?bool $verificationTtl = null,
+        private ?bool $verificationSecret = null,
+        private ?bool $verificationAutoPublish = null,
+        private ?string $verificationDeletionMode = null,
+    ) {
+        $this->verificationEnabled = $verificationEnabled ?? option('mauricerenck.komments.spam.verification.enabled', false);
+        $this->verificationTtl = $verificationTtl ?? option('mauricerenck.komments.spam.verification.ttl', '48');
+        $this->verificationSecret = $verificationSecret ?? option('mauricerenck.komments.spam.verification.secret', false);
+        $this->verificationAutoPublish = $verificationAutoPublish ?? option('mauricerenck.komments.spam.verification.autoPublish', false);
+        $this->verificationDeletionMode = $verificationDeletionMode ?? option('mauricerenck.komments.spam.verification.deletionMode', 'spam');
+    }
+
+    public function isVerificationEnabled(): bool
+    {
+        if (!$this->verificationEnabled || !$this->verificationSecret) {
+            return false;
+        }
+
+        return true;
+    }
+
+    public function generateToken(string $email, string $commentId): string | false
+    {
+        $expiresAt = time() + $this->verificationTtl * 60 * 60;
+        $data = $email . '|' . $commentId . '|' . $expiresAt;
+        $hash = hash_hmac('sha256', $data, $this->verificationSecret);
+
+        $storage = StorageFactory::create();
+
+        $result = $storage->saveVerificationToken(
+            hash: $hash,
+            commentId: $commentId,
+            expiresAt: $expiresAt,
+        );
+
+        if (!$result) {
+            return false;
+        }
+
+        // Return token with expiration timestamp encoded
+        return $hash . '.' . base64_encode($expiresAt);
+    }
+
+    public function getVerificationUrl(string $email, string $commentId): string | false
+    {
+        $token = $this->generateToken(email: $email, commentId: $commentId);
+
+        if (!$token) {
+            return false;
+        }
+
+        return kirby()->url() . '/komments/verify-comment/' . $token;
+    }
+
+    public function verifyToken(string $token): string | bool
+    {
+        // Parse token and expiration
+        $parts = explode('.', $token);
+        if (count($parts) !== 2) {
+            return false;
+        }
+
+        [$hash, $encodedExpiration] = $parts;
+        $expiresAt = base64_decode($encodedExpiration);
+
+        // Check expiration
+        if (time() > $expiresAt) {
+            return false;
+        }
+
+        $storage = StorageFactory::create();
+        $tokenData = $storage->getVerificationToken(hash: $hash);
+
+        if (is_null($tokenData) || $tokenData->count() === 0) {
+            return false;
+        }
+
+        if ($tokenData->first()->expires_at() < time()) {
+            return false;
+        }
+
+        $updateValues = [];
+        $updateValues['status'] = ($this->verificationAutoPublish === true) ? 'PUBLISHED' : 'VERIFIED';
+
+        if ($this->verificationAutoPublish === true) {
+            $updateValues['published'] = true;
+        }
+
+        $storage->updateComment($tokenData->first()->comment_id(), $updateValues);
+        $storage->deleteVerificationToken($hash);
+        $storage->cleanupVerificationTokens($this->verificationDeletionMode);
+
+        return $tokenData->first()->comment_id();
+    }
+
+    public function cleanupTokens(): void
+    {
+        $storage = StorageFactory::create();
+        $storage->cleanupVerificationTokens($this->verificationDeletionMode);
+    }
+
+    public function getVerficationTokens(): Collection
+    {
+        $storage = StorageFactory::create();
+        return $storage->getVerificationTokens();
+    }
+}

index.php

@@ -39,7 +39,7 @@ public function insert(string $table, array $fields, array $values): bool
         try {
             $values = $this->convertValuesToSaveDbString($values);
             $query =
-                'INSERT INTO ' . $table . '(' . implode(',', $fields) . ') VALUES("' . implode('","', $values) . '")';
+                'INSERT INTO ' . $table . '(' . implode(',', $fields) . ') VALUES(\'' . implode('\',\'', $values) . '\')';
 
             $this->db->query($query);
 
@@ -61,13 +61,14 @@ public function update(string $table, array $fields, array $values, string $filt
                 ',',
                 array_map(
                     function ($field, $value) {
-                        return $field . '="' . $value . '"';
+                        return $field . '=\'' . $value . '\'';
                     },
                     $fields,
                     $values
                 )
             );
             $query .= ' ' . $filters;
+
             $this->db->query($query);
 
             return true;

lib/CommentVerification.php

@@ -25,17 +25,18 @@ public function deleteComment(string $id): mixed
         return $result;
     }
 
-    public function deleteCommentsInBatch(string $type): mixed
+    public function deleteCommentsInBatch(string $type, array $ids = []): mixed
     {
-        $result = $this->storage->deleteComments($type);
+        $result = $this->storage->deleteComments($type, $ids);
         return $result;
     }
 
+
     public function publishComment(string $id): mixed
     {
         $comment = $this->storage->getSingleComment($id);
         $newStatus = $comment->published()->isTrue() ? false : true;
-        $result = $this->storage->updateComment($id, ['published' => $newStatus]);
+        $result = $this->storage->updateComment($id, ['published' => $newStatus, 'status' => $newStatus ? 'PUBLISHED' : 'PENDING']);
 
         kirby()->trigger('komments.comment.published', ['comment' => $comment]);
 
@@ -69,6 +70,24 @@ public function flagComment(string $id, string $flag): mixed
         return false;
     }
 
+
+    public function flagCommentsInBatch(string $flag, array $ids = []): mixed
+    {
+        switch ($flag) {
+            case 'spamlevel':
+                $result = $this->storage->updateCommentsById($ids, ['spamlevel' => 100]);
+                return $result;
+            case 'verified':
+                $result = $this->storage->updateCommentsById($ids, ['verified' => true]);
+                return $result;
+            case 'published':
+                $result = $this->storage->updateCommentsById($ids, ['published' => true, 'status' => 'PUBLISHED']);
+                return $result;
+        }
+
+        return false;
+    }
+
     public function replyToComment(string $id, array $formData)
     {
 
@@ -90,6 +109,7 @@ public function replyToComment(string $id, array $formData)
             authorAvatar: $avatar,
             authorEmail: $author->email(),
             authorUrl: site()->url(),
+            status: $publishResult ? 'PUBLISHED' : 'PENDING',
             published: $publishResult,
             verified: true,
             spamlevel: 0,

lib/DatabaseAbstraction.php

@@ -9,8 +9,18 @@
 class KommentReceiver
 {
 
-    public function __construct(private ?array $autoPublish = null, private ?bool $autoPublishVerified = null, private ?bool $akismet = null, private ?string $akismetApiKey = null, private ?bool $debug = null, private ?array $spamKeywords = null, private ?array $spamPhrases = null)
-    {
+    public function __construct(
+        private ?array $autoPublish = null,
+        private ?bool $autoPublishVerified = null,
+        private ?bool $akismet = null,
+        private ?string $akismetApiKey = null,
+        private ?bool $debug = null,
+        private ?array $spamKeywords = null,
+        private ?array $spamPhrases = null,
+        private ?bool $verificationEnabled = null,
+        private ?bool $verificationTtl = null,
+        private ?bool $verificationSecret = null
+    ) {
         $this->autoPublish = $autoPublish ?? option('mauricerenck.komments.moderation.autoPublish', []);
         $this->autoPublishVerified = $autoPublishVerified ?? option('mauricerenck.komments.moderation.publish-verified', false);
         $this->akismet = $akismet ?? option('mauricerenck.komments.spam.akismet', false);
@@ -195,4 +205,32 @@ public function akismetCheck(array $fields, $page): int
             return 0;
         }
     }
+
+    public function sendVerificationMail(string $email, string $username, string $commentId): void
+    {
+
+        $verification = new CommentVerification();
+        if (!$verification->isVerificationEnabled()) {
+            return;
+        }
+
+        $verificationUrl = $verification->getVerificationUrl(email: $email, commentId: $commentId);
+
+        if (!$verificationUrl) {
+            return;
+        }
+
+        kirby()->email([
+            'from' => option('mauricerenck.komments.notifications.email.sender'),
+            'to' => $email,
+            'subject' => 'Verify your Comment',
+            'template' => 'mailverification',
+            'data' => [
+                'username' => $username,
+                'commentId' => $commentId,
+                'expireHours' => option('mauricerenck.komments.spam.verification.ttl'),
+                'verificationUrl' => $verificationUrl,
+            ],
+        ]);
+    }
 }

lib/KommentModeration.php

@@ -40,6 +40,7 @@ public function createComment(
         string $authorAvatar,
         ?string $authorEmail,
         string $authorUrl,
+        string $status,
         bool $published,
         bool $verified,
         int $spamlevel,
@@ -59,6 +60,7 @@ public function createComment(
             'authorAvatar' => $authorAvatar,
             'authorEmail' => $authorEmail,
             'authorUrl' => $authorUrl,
+            'status' => $status,
             'published' => $published,
             'verified' => $verified,
             'spamlevel' => $spamlevel,
@@ -70,4 +72,6 @@ public function createComment(
             'permalink' => '/@/comment/' . $id,
         ]);
     }
+
+    public function saveVerificationToken(string $hash, string $commentId, string $expiresAt): bool {}
 }

lib/KommentReceiver.php

@@ -172,6 +172,7 @@ public function convertToStructure(Obj|Collection|Structure $databaseResults): S
                 authorAvatar: $avatar,
                 authorEmail: $databaseResult->author_email,
                 authorUrl: $databaseResult->author_url,
+                status: $databaseResult->status,
                 published: $databaseResult->published,
                 verified: $databaseResult->verified,
                 spamlevel: $databaseResult->spamlevel,
@@ -197,4 +198,6 @@ public function saveToFile(string $fieldData, $page): void
             'kommentsInboxData' => $fieldData
         ]);
     }
+
+    public function saveVerificationToken(string $hash, string $commentId, string $expiresAt): bool {}
 }

lib/Storage.php

@@ -80,6 +80,7 @@ public function convertToStructure(Obj|Collection $databaseResults): Structure
                 authorAvatar: $databaseResult->author_avatar,
                 authorEmail: $databaseResult->author_email,
                 authorUrl: $databaseResult->author_url,
+                status: $databaseResult->status,
                 published: $databaseResult->published,
                 verified: $databaseResult->verified,
                 spamlevel: $databaseResult->spamlevel,
@@ -115,6 +116,7 @@ private function getCommentMock(array $comment = []): Obj
             'authorEmail' => '[email protected]',
             'authorUrl' => 'https://example.com',
             'published' => true,
+            'status' => 'PUBLISHED',
             'verified' => false,
             'spamlevel' => 0,
             'language' => null,
@@ -137,6 +139,7 @@ private function getCommentMock(array $comment = []): Obj
             'author_email' => $comment['authorEmail'],
             'author_url' => $comment['authorUrl'],
             'published' => $comment['published'],
+            'status' => $comment['status'],
             'verified' => $comment['verified'],
             'spamlevel' => $comment['spamlevel'],
             'language' => $comment['language'],
@@ -159,4 +162,6 @@ private function getCommentCollection(): Collection
 
         return new Collection($comments);
     }
+
+    public function saveVerificationToken(string $hash, string $commentId, string $expiresAt): bool {}
 }