The django-fluent-comments module enhances the default appearance of the django_comments or django.contrib.comments application to be directly usable in web sites. The features are:
- Ajax-based preview and posting of comments
- Configurable form layouts using django-crispy-forms and settings to exclude fields.
- Comment moderation, using Akismet integration and auto-closing after N days.
- E-mail notification to the site managers of new comments.
- Optional threaded comments support via django-threadedcomments.
The application is designed to be plug&play; installing it should already give a better comment layout.
First install the module and django_comments, preferably in a virtual environment:
pip install django-fluent-comments
To use comments, the following settings are required:
INSTALLED_APPS += (
'fluent_comments', # must be before django_comments
'crispy_forms',
'django_comments',
'django.contrib.sites',
)
CRISPY_TEMPLATE_PACK = 'bootstrap3'
COMMENTS_APP = 'fluent_comments'
Note
For older Django versions (up till 1.7), you can also use django.contrib.comments in the INSTALLED_APPS
. This packages uses either of those packages, depending on what is installed.
Add the following in urls.py
:
urlpatterns += patterns('',
url(r'^blog/comments/', include('fluent_comments.urls')),
)
Provide a template that displays the comments for the object
and includes the required static files:
{% load comments static %}
<link rel="stylesheet" type="text/css" href="{% static 'fluent_comments/css/ajaxcomments.css' %}" />
<script type="text/javascript" src="{% static 'fluent_comments/js/ajaxcomments.js' %}"></script>
{% render_comment_list for object %}
{% render_comment_form for object %}
The database can be created afterwards:
./manage.py migrate
./manage.py runserver
The templates which django_comments renders use a single base template for all layouts. This template is empty by default since it's only serves as a placeholder. To complete the configuration of the comments module, create a comments/base.html
file that maps the template blocks onto your website base template. For example:
{% extends "mysite/base.html" %}{% load i18n %}
{% block headtitle %}{% block title %}{% trans "Responses for page" %}{% endblock %}{% endblock %}
{% block main %}
<div id="comments-wrapper">
{% block content %}{% endblock %}
</div>
{% endblock %}
In this example, the base template has a headtitle
and main
block, which contain the content
and title
blocks that django_comments needs to see. This application also outputs an extrahead
block for a meta-refresh tag. The extrahead
block can be included in the site base template directly, so it doesn't have to be included in the comments/base.html
file.
Form layouts generally differ across web sites, hence this application doesn't dictate a specific form layout. Instead, this application uses django-crispy-forms which allows configuration of the form appearance.
The defaults are set to Bootstrap 3 layouts, but can be changed.
By choosing a different form class, the form layout can be redefined at once:
The default is:
FLUENT_COMMENTS_FORM_CLASS = 'fluent_comments.forms.FluentCommentForm'
FLUENT_COMMENTS_FORM_CSS_CLASS = 'comments-form form-horizontal'
FLUENT_COMMENTS_LABEL_CSS_CLASS = 'col-sm-2'
FLUENT_COMMENTS_FIELD_CSS_CLASS = 'col-sm-10'
You can replace the labels with placeholders using:
FLUENT_COMMENTS_FORM_CLASS = 'fluent_comments.forms.CompactLabelsCommentForm'
Or place some fields at a single row:
FLUENT_COMMENTS_FORM_CLASS = 'fluent_comments.forms.CompactCommentForm'
# Optional settings for the compact style:
FLUENT_COMMENTS_COMPACT_FIELDS = ('name', 'email', 'url')
FLUENT_COMMENTS_COMPACT_GRID_SIZE = 12
FLUENT_COMMENTS_COMPACT_COLUMN_CSS_CLASS = "col-sm-{size}"
The default is:
FLUENT_COMMENTS_FIELD_ORDER = ('name', 'email', 'url', 'comment')
For a more modern look, consider placing the comment first:
FLUENT_COMMENTS_FIELD_ORDER = ('comment', 'name', 'email', 'url')
Form fields can be hidden using the following settings:
FLUENT_COMMENTS_EXCLUDE_FIELDS = ('name', 'email', 'url')
When django-threadedcomments in used, the title
field can also be removed.
When the settings above don't provide the layout you need, you can define a custom form class entirely:
from fluent_comments.forms import CompactLabelsCommentForm
class CommentForm(CompactLabelsCommentForm):
"""
The comment form to use
"""
def __init__(self, *args, **kwargs):
super(CommentForm, self).__init__(*args, **kwargs)
self.fields['url'].label = "Website" # Changed the label
And use that class in the FLUENT_COMMENTS_FORM_CLASS
setting. The helper
attribute defines how the layout is constructed by django-crispy-forms, and should be redefined the change the field ordering or appearance.
By default, the forms can be rendered with 2 well known CSS frameworks:
- Bootstrap The default template pack. The popular simple and flexible HTML, CSS, and Javascript for user interfaces from Twitter.
- Uni-form Nice looking, well structured, highly customizable, accessible and usable forms.
The CRISPY_TEMPLATE_PACK
setting can be used to switch between both layouts. For more information, see the django-crispy-forms documentation.
Both CSS frameworks have a wide range of themes available, which should give a good head-start to have a good form layout. In fact, we would encourage to adopt django-crispy-forms for all your applications to have a consistent layout across all your Django forms.
If your form CSS framework is not supported, you can create a template pack for it and submit a pull request to the django-crispy-forms authors for inclusion.
Comment moderation can be enabled for the specific models using:
from fluent_comments.moderation import moderate_model
from myblog.models import BlogPost
moderate_model(BlogPost,
publication_date_field='publication_date',
enable_comments_field='enable_comments',
)
This code can be placed in a models.py
file. The provided field names are optional. By providing the field names, the comments can be auto-moderated or auto-closed after a number of days since the publication date.
The following settings are available for comment moderation:
AKISMET_API_KEY = "your-api-key"
AKISMET_BLOG_URL = "http://example.com" # Optional, to override auto detection
AKISMET_IS_TEST = False # Enable to make test runs
FLUENT_CONTENTS_USE_AKISMET = True # Enabled by default when AKISMET_API_KEY is set.
FLUENT_COMMENTS_CLOSE_AFTER_DAYS = None # Auto-close comments after N days
FLUENT_COMMENTS_MODERATE_AFTER_DAYS = None # Auto-moderate comments after N days.
FLUENT_COMMENTS_AKISMET_ACTION = 'soft_delete' # What action to take for spam results.
To use Akismet moderation, make sure the AKISMET_API_KEY
setting is defined.
The FLUENT_COMMENTS_AKISMET_ACTION
setting can be one of these values:
auto
chooses betweenmoderate
,soft_delete
anddelete
based on the spam score.moderate
will always mark the comment for moderation.soft_delete
will mark the comment as removed, but it can still be seen.delete
will outright reject posting the comment and respond with a HTTP 400 Bad Request.
By default, the MANAGERS
of a Django site will receive an e-mail notification of new comments. This feature can be enabled or disabled using:
FLUENT_COMMENTS_USE_EMAIL_NOTIFICATION = True
The template comments/comment_notification_email.txt
is used to generate the e-mail message.
There is build-in support for django-threadedcomments in this module. It can be enabled using the following settings:
INSTALLED_APPS += (
'threadedcomments',
)
COMMENTS_APP = 'fluent_comments'
The templates and admin interface adapt themselves automatically to show the threaded comments.
This package stores the remote IP of the visitor in the model, and passes it to Akismet. The IP Address is read from the REMOTE_ADDR
meta field. In case your site is behind a HTTP proxy (e.g. using Gunicorn or a load balancer), this would make all comments appear to be posted from the load balancer IP.
The best and most secure way to fix this, is using WsgiUnproxy middleware in your wsgi.py
:
from django.core.wsgi import get_wsgi_application
from django.conf import settings
from wsgiunproxy import unproxy
application = get_wsgi_application()
application = unproxy(trusted_proxies=settings.TRUSTED_X_FORWARDED_FOR_IPS)(application)
In your settings.py
, you can define which hosts may pass the X-Forwarded-For
header in the HTTP request. For example:
TRUSTED_X_FORWARDED_FOR_IPS = (
'11.22.33.44',
'192.168.0.1',
)
Comment support needs to consider the General Data Protection Regulation (GDPR) when when you serve European customers. Any personal data (email address, IP-address) should only be stored as long as this is truely needed, and it must be clear whom it's shared with. See: https://premium.wpmudev.org/blog/gdpr-compliance/
The Django comments model also stores the email address and IP-address of the commenter, which counts as personal information a user should give consent for. Consider running a background task that removes the IP-address or email address after a certain period.
When using Akismet, the comment data and IP-address is passed to the servers of Akismet.
In case you update templates to display user avatars using Gravatar, this this also provides privacy-sensitive information to a third party. It effectively makes your user's e-mailaddresses public. While encoded as MD5, they can be easily reverse engineered to real user accounts. See:
- https://meta.stackexchange.com/questions/21117/is-using-gravatar-a-security-risk
- https://webapps.stackexchange.com/questions/9973/is-it-safe-to-use-gravatar/30605#30605
- http://onemansblog.com/2007/02/02/protect-your-privacy-delete-internet-usage-tracks/comment-page-1/#comment-46204
- https://www.wordfence.com/blog/2016/12/gravatar-advisory-protect-email-address-identity/
This module is designed to be generic, and easy to plug into your site. In case there is anything you didn't like about it, or think it's not flexible enough, please let us know. We'd love to improve it!
If you have any other valuable contribution, suggestion or idea, please let us know as well because we will look into it. Pull requests are welcome too. :-)