aboutsummaryrefslogtreecommitdiff
path: root/content/posts/2022-12-30-comments.smd
diff options
context:
space:
mode:
Diffstat (limited to 'content/posts/2022-12-30-comments.smd')
-rw-r--r--content/posts/2022-12-30-comments.smd17
1 files changed, 17 insertions, 0 deletions
diff --git a/content/posts/2022-12-30-comments.smd b/content/posts/2022-12-30-comments.smd
new file mode 100644
index 0000000..e6aa9b8
--- /dev/null
+++ b/content/posts/2022-12-30-comments.smd
@@ -0,0 +1,17 @@
+---
+.title = "Comments",
+.author = "Martin Ashby",
+.date = @date("2022-12-30T17:53:00Z"),
+.layout = "single.shtml",
+.custom = {"comments": true},
+---
+
+I've added an extremely basic, probably insecure, comments form to my blog site. I've built it in Rust for practice. Code is [here](https://code.mfashby.net/martin/mfashby.net/src/branch/main/comments).
+
+It uses [askama](https://docs.rs/askama/latest/askama/) templates, [axum](https://docs.rs/axum/latest/axum/) web framework, [sqlx](https://docs.rs/sqlx/latest/sqlx/) for database access, and postgres database.
+
+Askama offers compile-time validation of templates since it actually compiles the template to code, and sqlx does compile-time checking of SQL queries and generation of ad-hoc structs for convenience when reading data. These were both very efficient at catching coding errors I made. Axum is an async web framework from the same developers as tokio, the Rust aync runtime. So far it seems easy to use. I already had postgres running on my pi for some other server software, and I've extensive experience with it at work, so it was an easy choice.
+
+It runs on my raspberry pi, and it cross-compiles from my x86_64 desktop or my aarch64 laptop. The former was fiddly since at least one crate dependency (ring) includes some C code, so an appropriate C cross compiler must be installed and supplied to cargo/rustc at build time.
+
+At the moment it doesn't include CSRF protection, and the capcha is basic. It also doesn't notify me when new comments are added. These are future features I might add. It also stores comments keyed by the URL of the page they are made on. This is flexible; no additional configuration is required to enable comments on posts, but also fragile: if a post moves for some reason, I'll lose the comments until I update them on the database. Since I don't usually move posts, I can live with this for now.