
Staticman: user-generated content for static sites - benburwell
https://staticman.net/
======
higon
Wanted to try out a bit. But approving a permission request for "read/write
all the Github PRIVATE repository" and "read/WRITE all the my info." is
alarmingly risky...

And this site itself is not even open-sourced? hmmm.

~~~
eduardoboucas
I admit that sucks a bit, but unfortunately the GitHub API doesn't offer per-
repository scopes. I'll have to think of a better way, maybe Staticman could
be a bot that you give access to on a specific repo.

~~~
DaGardner
Or just send pull requests, if a user doesn't want to grant push access (this
can also be used as comment moderation)

------
kristopolous
The definition of 'static' here I think may be a little different. It appears
you are repurposing technologies to effectively be a database which aren't
considered a database (at least in this context) in order to dynamically
generate content in the users browser on the fly.

So templated dynamic html from a "database" is a fine architecture, but not
what most people I think would call "static".

A "static" system would be more like Doxygen where the content is "compiled"
into straight html/css pages

------
jfim
So now we've come full circle to what Movable Type did over a decade ago
(static generation based on contents stored in a database)?

~~~
reubano
Did those software support user content such as comments? Also, from my
understanding, this project relies on flat files and not a db. So you could
essentially eliminate the need for any http requests.

~~~
jfim
Movable Type supported user comments as well as trackbacks and pingbacks.

------
reilly3000
This definitely looks malicious. Is the business model controlling everybody's
repos??

~~~
eduardoboucas
Not really my plan, no. Sorry it looks malicious to you.

------
fenollp
Is it possible to OAuth on GitHub from the static site, have a nice form there
that creates a pull request on this repo, then travis validates it?

Makes up for Wiki, comments, user login, …

------
reubano
I love the idea. I'm a fan of static sites but always dreaded having to rely
on disqus and the like. Any chance you plan to open source this?

~~~
brbsix
If you don't prefer a third-party comments system for whatever, you can always
host your own and insert it in your static site the same as you would with
Disqus. I was considering doing this for a while and found React has a pretty
good tutorial
[https://facebook.github.io/react/docs/tutorial.html](https://facebook.github.io/react/docs/tutorial.html)

~~~
reubano
Pretty nifty! Do you decide to go down this route?

~~~
brbsix
Nope. Tempting as it was, I just ended up using Disqus. :)

------
metachris
Spam detection of some sort would be a necessity.

~~~
eduardoboucas
Agree! Definitely something I need to look into. Thanks.

------
venning
This throws an invalid SSL cert warning on Android Chrome.

NET::ERR_CERT_AUTHORITY_INVALID

~~~
hperl
Their certificate is signed by a trusted CA, but they forgot to ship the
intermediate certificate.

I always test my domains with Quals SSL server test:

[https://www.ssllabs.com/ssltest/analyze.html?d=staticman.net](https://www.ssllabs.com/ssltest/analyze.html?d=staticman.net)

There are a couple of other issues with their SSL setup. I also recommend
Mozilla's SSL config generator:

[https://mozilla.github.io/server-side-tls/ssl-config-
generat...](https://mozilla.github.io/server-side-tls/ssl-config-generator/)

~~~
eduardoboucas
My bad. Will look into this. Thanks!

