Custom solution that provides a comments section to every page of the Wiki.
The frontend is generated by a script which is included at the bottom of every Quartz page. Leveraging the existing MongoDB service, comments are processed by a NodeJS backend and stored in Mongo.
Backend
https://github.com/one137/comments-api
There are three endpoints: healthCheck, getComments and addComment.
Comments sent from the frontend are processed in the following way:
- spam check
- input validation
- sanitization
- markdown parsing (using
marked) - html sanitization (using
jsdom+dompurify) - insertion into MongoDB
Further “security” is given by the use of CORS, endpoint rate limiters and useProxy + Cloudflare’s CF-Connecting-IP.
Fancy logging is done through debug with some logs sent over to Telegram.
Container
The backend is deployed as a containerized service.
Stack config: https://github.com/one137/dockerhost-stacks/blob/main/stacks/70-comments-api.yml
Frontend
https://github.com/one137/web/blob/main/comments.js
injectCommentsSection, fetchComments and fetchComments are the three main functions.
The only difficulty is having the comments section properly appearing on page changes, including when using the browser’s back/forward history button, due to the SPA nature of Quartz.