Pommento - Secure comment service using pangea

Hussain ShaikhHussain Shaikh
4 min read

Table of contents

Introduction

github repo - https://github.com/hussainshaikh12/pommento

youtube - https://youtu.be/foHdaPlQCyI

Pommento is a comment service platform that not only revolutionizes how comments enrich your content but also ensures unparalleled security. Seamlessly integrating Pangea's cutting-edge security features, Pommento elevates commenting to a realm of safety and reliability like never before.

Your content isn't just open to comments; it's shielded by Pangea's security arsenal. Features like Embargo, Redact, and comprehensive IP, URL, Domain, and User Intel empower Pommento to safeguard your discussions and interactions. Security isn't an afterthought; it's ingrained in every conversation.

Project Overview

1. Comment Service Redefined

Pommento isn't just about adding comments; it's a versatile toolset empowering you to enrich your sites with dynamic conversations.

The home page after login

After logging in you get to see the sites page where all your sites are listed. Here you can get the code to embed the comments into your website and you can also view all the recent comments on a particular website.

2. Embed Comments

Approved comments seamlessly integrate into your website. Utilize an intuitive embedding mechanism to showcase accepted comments, fostering an interactive and vibrant atmosphere across your digital presence. Empower your audience to engage directly with your content, turning passive viewers into active participants.

3. Privacy First Approach

Your control is paramount. Pommento places you in the driver's seat, ensuring privacy and moderation are at your fingertips. Access and review every comment before it goes live on your website.

Every comment should be approved and with your approval, comments seamlessly integrate into your site, giving you complete authority over the content displayed.

4. Fortified Security with Pangea Integration

Pommento's collaboration with Pangea brings a fortress of security features to your fingertips. Gain invaluable insights into comment details and user information, leveraging Pangea's Embargo, Redact, and comprehensive IP, URL, Domain, and User Intel functionalities. Safeguard your platform against malicious intent, ensuring only genuine, trustworthy interactions on your website.

5. Elevated Access with Stripe for Payments

For Pro users, Pommento offers an unparalleled opportunity. Unlock limitless potential by creating unlimited websites and enabling an infinite flow of comments. With Stripe integration, upgrade to Pro to harness the full capabilities of Pommento without constraints, amplifying your reach and impact across your digital footprint.

Development Process

1. Getting started with a base saas project

I made use of https://github.com/ernestofgonzalez/djangorocket and built on top of it adding a lot of customizations and removing a lot of extra boilerplate.

2. Project directory

.
├── manage.py
├── pommento
│   ├── asgi.py
│   ├── auth
│   ├── billing
│   ├── context_processors.py
│   ├── core
│   ├── __init__.py
│   ├── model_loaders.py
│   ├── __pycache__
│   ├── settings.py
│   ├── urls.py
│   ├── utils
│   ├── views.py
│   └── wsgi.py

This is a reduced version of my project directory. Here i have three main apps

  1. auth - For authentication and also google Oauth

  2. billing - All stripe related stuff

  3. core - The core functionality of pommento app

3. Tech stack

  1. Django

  2. Alpine.js

  3. Tailwind

  4. Htmx

  5. Stripe

Use of Pangea services

  1. Redact

    The redact service is used to detect profanity in the text and redact it.

  2. Url intel and domain intel

    If the text contains any urls and domains then they are extracted from the text and their reputation is tested using pangea services. Based on the api response the status of the url and domain is diplayed beside it. If any of them is malicious then the comment status turns to malicious

  3. User intel and ip intel

    User intel is used to test the user email and verify whether it had been breached before. If it has been breached then the count of breaches is diplayed beside it.

    Ip intel is used to identify the reputation of the user ip.

  4. Embargo

    The United States imposes sanctions on countries that violate its interests.

    This prohibits all transactions, including imports and exports, without a license authorization from those countries. Using the ip address and the embargo api we identify whether the ip is from an embargo country.

  5. Secure audit log

Audit logs record the occurrence of an event, the time at which it occurred, the responsible user or service. Using this we can track the login and registration of the users for enhanced safety.

Conclusion

After a lot of brainstorming, I finally came to the conclusion that i will make this project. This really felt as real world use case of the pangea api and also a cool app that actually could be used somewhere. So this motivated me more to push and build this cool project. It was a fun way to learn and practice my project building skills. I learnt a lot during the process about pangea and how their different services work.

Resources

https://pangea.cloud/docs/tutorials/django/

https://github.com/pangeacyber/pangea-python/tree/main/examples

https://github.com/ernestofgonzalez/djangorocket

https://kutty.netlify.app/

72
Subscribe to my newsletter

Read articles from Hussain Shaikh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

pangeaPangeaSecurathon

Written by

Hussain Shaikh
Hussain Shaikh