Refactoring. Client has no global names anymore, and no inline scripts

client/index.js

@@ -1,3 +1,6 @@
+/* Executed after page loading */
+(function () {
+
 class JeanCloudContactFormNotifier {
     constructor (theme, messageContainer) {
         /* Choose the theme */
@@ -112,7 +115,6 @@ function jeanCloudContactFormIntercept (formId, notifier) {
     }
 }
 
-(function () {
     /* Get the current js file location */
     const path = (document.currentScript.src[-1] == '/' ? document.currentScript.src : document.currentScript.src.replace(/\/[^\/]*$/, ''))
     
@@ -125,6 +127,15 @@ function jeanCloudContactFormIntercept (formId, notifier) {
     link.integrity   = 'sha384-D12RSMaIURTgZZljhdQqYlQzgEfXvOFwtiqzkWnNcDbKFwMWXcmsCRFO5BNii0MB'
     // cat style.css | openssl dgst -sha384 -binary | openssl base64 -A
     document.head.appendChild(link);
-})()
+
+    /* Load the targeted forms */
+    var configs = document.getElementsByClassName('contact-form-config')
+    for (var i=0; i<configs.length; i++) {
+        var formId = configs[i].getAttribute('form-id')
+        var theme  = configs[i].getAttribute('notify-theme')
+        jeanCloudContactFormIntercept(formId, new JeanCloudContactFormNotifier(theme))
+    }
 
     var contactMailerPageLoadedTime = Date.now()
+})()
+

client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jean-cloud-contact-mailer-client",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "description": "",
   "main": "index.js",
   "scripts": {

main.py

@@ -28,23 +28,6 @@ class StripPathMiddleware(object):
         e['PATH_INFO'] = e['PATH_INFO'].rstrip('/')
         return self.a(e, h)
 
-class EnableCors(object):
-    name = 'enable_cors'
-    api = 2
-
-    def apply(self, fn, context):
-        def _enable_cors(*args, **kwargs):
-            # set CORS headers
-            response.headers['Access-Control-Allow-Origin'] = '*'
-            response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
-            response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
-
-            if bottle.request.method != 'OPTIONS':
-                # actual request; reply with the actual response
-                return fn(*args, **kwargs)
-
-        return _enable_cors
-
 app = application = bottle.Bottle(catchall=False)
 
 ##################################################### Configuration ############################################
@@ -239,7 +222,7 @@ def login(request):
     Privileges : 0=admin 1=loggedIn 1000=guest
     """
     if 'admin_pass' in request.forms and request.forms['admin_pass'] == admin_password:
-        return {'_privilege':0}
+        return {'_privilege':0, '_id':'-1'}
     if 'token' in request.forms:
         token = request.forms.getunicode('token')
         try:
@@ -248,9 +231,9 @@ def login(request):
             return user
         except IndexError as e:
             pass
-        except pymongo.errors.ServerSelectionTimeoutError as e:
-            response.status = 500
-            return 'La base de donnée n’est pas accessible'
+        #except pymongo.errors.ServerSelectionTimeoutError as e:
+        #    response.status = 500
+        #    return {'_error': True} # anonymous
 
     return {'_privilege': 1000} # anonymous
 
@@ -284,6 +267,8 @@ def create_form ():
         return resp('error', 'Le champs « adresse » est requis')
 
     user = login(request)
+    print('post form')
+    print(user)
     if user['_privilege'] > 1:
         response.status = 400
         return resp('error', 'Privilèges insufisants')
@@ -331,7 +316,7 @@ def list_forms ():
 
 @app.delete('/form/<token>')
 def delete_form(token):
-    # If admin or form owner
+    # TODO If admin or form owner
     user = login(request)
     if user['_privilege'] > 1:
         response.status = 400
@@ -420,10 +405,7 @@ def delete_user (username):
         return resp('error', 'La base de donnée n’est pas accessible')
 
 
-
 ##################################################### app startup ############################################
-if __name__ == '__main__':
-    app.install(EnableCors())
-    bottle.run(app=StripPathMiddleware(app), host=listen_address, port=listen_port, debug=True)
-else:
 prod_app = StripPathMiddleware(app)
+if __name__ == '__main__':
+    bottle.run(app=prod_app, host=listen_address, port=listen_port, debug=True)

test.html

@@ -6,9 +6,9 @@
 </head>
 <body>
 <div id="contact-mailer-message"></div>
-<form action="http://localhost:8080/submit" method="POST" id="contact-mailer-form">
+<form action="/api/submit" method="POST" id="contact-mailer-form">
     <noscript>Les protections anti-spam, nécéssitent l’utilisation de javascript. Rien d’intrusif normalement.</noscript>
-    <input type="hidden" name="token" value="PK8gQHDx9VoJ7yuEhbj5iCZkcUOAqTYlRSN14XFtdfr3LBs0zn" />
+    <input type="hidden" name="token" value="5NwE8KOzhinBLVloZrvfb71WJeQ6sXc4xgC0AqFPDHGMjIdmUk" />
     <div>
       <label for="nom">Votre nom&nbsp;:</label>
       <input type="text" name="nom" required="required"/>
@@ -27,11 +27,10 @@
     </div>
     <div>
       <label for="objet">Votre message&nbsp;:</label>
-      <textarea name="message" required="required"></textarea>
+      <textarea name="message"></textarea>
     </div>
     <input type="submit" />
 </form>
-<script src="./client/index.js"></script>
-<script> jeanCloudContactFormIntercept ('contact-mailer-form', new JeanCloudContactFormNotifier()) </script>
+<script class="contact-form-config" form-id="contact-mailer-form" notify-theme="dark" src="./client/index.js"></script>
 </body>
 </html>

test_env.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# docker run -it --rm --network host mongo
+# nginx -c "$(pwd)"/nginx.conf -g "pid '$(pwd)/nginx.pid';"
+# . venv/bin/activate ; python3 main.py