Remark42 uses boltdb (embedded key/value database) files under
STORE_BOLT_PATH for storing data. Each site stored in a separate boltbd file.
In order to migrate/move Remark42 to another host boltbd files as well as avatars directory
AVATAR_FS_PATH should be transferred. Optionally, boltdb can be used to store avatars as well.
Automatic backup process runs every 24 hours and exports all content in json-like format to
Authentication implemented with
go-pkgz/auth stored in a cookie. It uses HttpOnly, secure cookies.
All heavy REST calls cached internally in LRU cache limited by
User's activity throttled globally (up to 1000 simultaneous requests) and limited locally (per user, usually up to 10 req/sec). Request timeout set to 60 seconds.
Admin authentication (
--admin-password set) allows hitting Remark42 API without social login and with admin privileges. Adds basic-auth for username: admin, password:
User can vote for the comment multiple times but only to change the vote. Double-voting not allowed.
User can edit comments in 5 minutes (configurable) window after creation.
User ID hashed and prefixed by oauth provider name to avoid collisions and potential abuse.
All avatars resized and cached locally to prevent rate limiters from oauth providers, part of
Images can be proxied (
IMAGE_PROXY_HTTP2HTTPS=true) to prevent mixed
http/https. All images can be proxied and saved (
IMAGE_PROXY_CACHE_EXTERNAL=true) instead of serving from original location. Beware, images which are posted with this parameter enabled will be served from proxy even after it will be disabled.
Docker build uses publicly available base images.