Develoraptor Blog

Login

Comments are here

Posted by

I've added comment support to this blog. Currently it's available via the web interface for mastodon users. It uses the mastodon API to authenticate a user similar to how OpenID works. The user info is then stored in a JWT in the user's cookie - the user info doesn't enter my database until they actually make a comment.

It's important to consider bad actors when accepting user input. All commenters are considered "untrusted" users by default, can only comment on posts less than a week old, and need to be accepted manually by me. I may add a "trusted user" type later on, but this I think is the bare minimum for a safe comments system.