aboutsummaryrefslogtreecommitdiff
path: root/content/posts/2022-12-30-comments.smd
blob: e6aa9b83e13afd49f5180110c5853c66ece07a08 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
.title = "Comments",
.author = "Martin Ashby",
.date = @date("2022-12-30T17:53:00Z"),
.layout = "single.shtml",
.custom = {"comments": true},
---

I've added an extremely basic, probably insecure, comments form to my blog site. I've built it in Rust for practice. Code is [here](https://code.mfashby.net/martin/mfashby.net/src/branch/main/comments).

It uses [askama](https://docs.rs/askama/latest/askama/) templates, [axum](https://docs.rs/axum/latest/axum/) web framework, [sqlx](https://docs.rs/sqlx/latest/sqlx/) for database access, and postgres database. 

Askama offers compile-time validation of templates since it actually compiles the template to code, and sqlx does compile-time checking of SQL queries and generation of ad-hoc structs for convenience when reading data. These were both very efficient at catching coding errors I made. Axum is an async web framework from the same developers as tokio, the Rust aync runtime. So far it seems easy to use. I already had postgres running on my pi for some other server software, and I've extensive experience with it at work, so it was an easy choice.

It runs on my raspberry pi, and it cross-compiles from my x86_64 desktop or my aarch64 laptop. The former was fiddly since at least one crate dependency (ring) includes some C code, so an appropriate C cross compiler must be installed and supplied to cargo/rustc at build time.

At the moment it doesn't include CSRF protection, and the capcha is basic. It also doesn't notify me when new comments are added. These are future features I might add. It also stores comments keyed by the URL of the page they are made on. This is flexible; no additional configuration is required to enable comments on posts, but also fragile: if a post moves for some reason, I'll lose the comments  until I update them on the database. Since I don't usually move posts, I can live with this for now.