Developing my Website

Development

So this is the first post to this blog... I hope it works. Well actually I have tested it quite extensively so I don't think it will break and everything is being backed up too so it should be fine no matter what.

Blog Devlog

So this is the first real post to my blog, and in it I'm going to talk a little about the code for the blog itself. Originally all I wanted was a homepage, but I was thinking about what to put on it and eventually realized that what I really wanted was a very basic blog system that would let me post and update blog posts. So I went to github and looked for an engine that looked good to me, but I couldn't find anything that satisfied all of my requirements. All of the blog engines were either too complicated and/or WYSIWYG (like WordPress), or didn't have an online editor, or allowed multiple accounts and a lot of other things I really didn't want or need. So I decided it wouldn't be all that difficult to make a blog exactly the way I wanted, so I started working

Goals

My goals for the project were simple:

  • Allow posting and editing articles.
  • Track view counts.
  • Use an article as the front page.
  • A way to authenticate myself so I could post but no one else could.
  • Use (unsafe) markdown for articles, so that I can do fancy formatting like that, or even stuff like inline html.
  • Have an online editor with a live preview.

Of these I have actually managed to archive them all (at least to a very basic extent), but as I was working I discovered that there were a couple of thing that would really be nice that I'm working on now that the basic site's up and running:

  • [x] Main page with a few nicities like an article list and my social links at the top.
  • [x] Hidden / Private posts.
  • [ ] Post history view.
  • [ ] Search page / tags (currently implemented WIP).

Tech stack

This is gonna get a bit technical.

So I started out with my (current) standard web stack, Rust + Warp for the backend, and TypeScript + React for the frontend. This setup works well for me as I've used every piece of it before and it's all my current favorite tools for their respective jobs. TypeScript, and well, JavaScript in general are not my cup of tea, in fact they are among my least-favorite languages right above Java. But considering I've yet to find a good way to use Rust for the frontend (because I do like React's paradigm, not so much the implementation or language), I just go with the better of the two evils, which for me is TypeScript as it at least gives me some level of safety when using JS. For the database I'm using SQLite3 relational database with Rusqlite and R2D2 for working with concurrency. I'm using SQLite instead of something bigger like MySQL or PostgreSQL simply because it's easier, specifically for testing where I don't need a container to run the database the whole time. Then, for the frontend markdown rendering I'm using Marked instead of remark because it is far simpler, and looks just as modular & powerful. Lastly (this is only visible for me) I'm using Monaco (the editor inside VSCode) for the text editor. Even though I don't use VSCode myself (I prefer a command line text editor called JOE, or for a GUI/IDE Sublime or a JetBrains editor), it's still a solid editor and is the best I could find for in-browser ( Ace looked good but didn't support multi-caret editing). You can see any other dependencies on the Gitlab page here if you're curious, but I tried to cover the important once here.

Security

After initially writing this it occurred to me that I did not get to touch on the security of this, specifically how does the login work? Well the answer is that I really didn't think much about it and that's because I'm pretty confident that everything is simple enough to be secure by default. Specifically, the password system simply checks the given password against the master password and it does that check for every request making a change to the database. In theory this could be vulnerable to a time based decoding attack, but I don't think anyone will care enough to develop one. The main reason I don't see this as important isn't because of the actually security, but rather the lack of harm that can be caused even if security is breached. The worst someone who took complete control over the webserver could do is freely modify or delete the database, but I have daily backups and anything else that they might do would be fruitless due to running as an unprivileged user in a docker container.

Status

Well as you can see it's working great now, albeit somewhat limited, and I can seemingly use it just fine. There's obviously a lot to do still (see TODO.md in the repo, also things like fixing the edit window CSS, article previews and other misc things.) But over all I'm happy with it so far. You can host one yourself if you want, it has a working dockerfile but I might post build/development instructions sometime soon, but if you know how to do rust & JavaScript then honestly you should be fine figuring it out on your own. As I didn't write this while I was making it (I mean it didn't exist then), I don't really have any progress updates or story yet, but it's a very simple project so I don't think that would be interesting anyways.

I'll obviously be updating this in the future as I work on the blog further, but for now, that's all so bye bye!

Update 1

Well I've updated it now to fix some basic UI things, not much interesting though.

Update 2

I've actually added hidden posts now, and I tried to add a spellcheck which is mostly working but the dictionary that I have doesn't have certain variation of some words, which makes it rather useless so far.

I've also been running into an issue with specifically the docker container where going to URLs specifically (like /article/7) doesn't work and returns 405 method not allowed instead. I'm not sure why this only affects the docker container but my guess is that it's simply that the server is compiled in release mode but I haven't tested this theory yet, I'm going to look into it (and fixing the spell check) tomorrow.

Update 3

The spell check is working now, I ended up combining 3 dictionaries from Hunspell with the unix list of words I had on my local computer (from the aspell command), and some custom words and technology- related words to get everything that I wanted in there. I also figured out the issue with the URLs (like going to /article/7 directly), which turned out to be a simple case where I forgot to use the right path for in the docker container in one place (See this commit.)

Update 4

I've added a ton more little things now, private and hidden posts, fixed the "search" page, updated the homepage to look better on smaller screens, optimized assets (and enabled cache), added pronouns to the homepage, and finally did a few things to improve the Google Lighthouse score.