✒️ A place to organize my thoughts about free self-hosted comments for static pages
❗ Not production ready ❌
It should be free as in both
- free speech
- free soda
I love static websites. Especially when they don't require JS for their core functionality. I must be a weirdo right ❓ 👽
Here are some rants people love to hate 😃
You don't really need Javascript and it's daddy about Jquery
And the really great Luke Smith's soy dev video rants here and here
But I digress 😑
A portable and free way of managing comments for static sites without privacy compromising external plugins (ie disqus) or need to pay and maintain server/vm's, such as heroku or other (paid) ones.
What's the catch? You (just might) need an http form that is in your control! Oh and a seperate email address! Both are pretty easy to find in this day and age!
My initial thoughts is to use:
- keepass for storing the email account username/password and use the KeePassRPC (the keepassrpc js client is heavily coupled with the kee extension, needs some work).
- curl to downlod the emails containing the comments (filter based on email sender/subject)
- a tool to sanitize comments with npm and save them to a staging folder as markdown files.
- npm to include the markdown comments into their relevant articles when building/deploying website.
My thoughts of doing this is with hugo & npm & ....
It could be offered as a docker image, as well.
The ideal system/utility should be in two parts.
The first part html/css/js comment ui form (as hugo partial)an html form that users would submit their comments with, for a given static site article
-
It would use vanilla js to post the json response by making a simple http post using fetch, or by a nojs http form submit post from the browser. It would require a form url to email service for such.
-
Sending an email (without using any smtp server) from the browser to the email's destination smtp server. We don't really care if it lands in the spam folder. Use of fingerprinting ip/browser/device/etc to prevent abuse when receiving/filtering, that would be auto discarded if the received message is not abusive - This would require disclaimer and research on how to be Data Protection Regulation Compliant - . This way we don't need the "cloud"/someone else computer for receiving the comments (Would adopt a syntax like this).
The second part (sh script/nodejs):
Or better called the script/utility, that should:
- query email creds(user/pass) from an open keepass instance or other secure place.
- login to an email box, search & download emails, containing the comments from received email, or http posted forms
- sanitize comment and post with hugo or the static site builder of your choice
The second part, should be further seperated into two "subsystems":
-
The fetching part that downloads the posted comments from an imap email account and puts them into a staging folder. You move the approved comments from the staging folder to a folder called accepted.
-
The site rebuilding & deploying/uploading: When you run the command to build your website, the comments from the acccepted folder, should get included and built in the relevant post. Additionally you could have sth like a cron job to rebuild the website with any new accepted comments automatically!
It can be done asynchronously. So you do not need to give up privacy, convenience, or money and attention making sure backend servers and subcriptions are up and running! yay! 😃
The great part in this concept, is that you can choose the email client of your choice. Setting up your comments this way could make you arch & os independent.
Hugo/Whatever static builder site Config settings:
- email: [email protected] Use some privacy email forwarding service here such as 33mail
- method: form-post-plain, service-template (custom-template, Cloudflare-Workers-MailChannels, wordpress, google-forms, wix, hubspot, formsubmit, mailthis, JotForms, Majestic Forms, Postmail-Invotes, etc .... ), email-submit
- pgp-key: your pgp/gpg key to encrypt the commenter's email. If pgp-key is ommited the commenter's email address will be sha512sum hashed. Use of OpenPGPJs
Adnotium Yaml Config settings (interface):
runCondition: shell-async, node-async
email address: [email protected]
email/imap message handling setting: read, unread, comments, receive-purge
imap-server: imap.somedomain.tld The imap server domain.
This eventually will be dropped and resolved via https://autoconfig.thunderbird.net/v1.1/gmail.com The resulting domain could be saved to a file for the fetch shell script fetch_email_comments.sh
incoming-comments: the dir location to save the comments
accepted-comments: the dir location you move the comments you approve.
The accepted comment (by-default) should be deleted (both from staging area and from the receiver's email server) after it has been built into the site.
SMTP Server in Node Deprecated
Sending emails without server dig gmail.com MX
Microsoft Test SMTP Server with telnet
SMTP Abbreviated list of Commands
IBM Documentation SMTP command example
IBM Documentation SMTP List of Commands
IMB Documentation exit command
Executing external commands for searching specific e-mails (with awk/sed) in node