Commenting system in nodejs and javascript
Branch: master
Clone or download
fiddur Merge pull request #26 from fiddur/snyk-fix-33db910d
[Snyk Update] New fixes for 2 vulnerable dependency paths
Latest commit c5f2c66 Jun 15, 2018

Some comments

Build Status Coverage Status

Some comments is stand-alone commenting microservice that you could attach by including javascript.

This was initially constructed because Ghost has no built in commenting functionality and I don't want ads funded commenting, nor tie it to one specific social platform.

Commenters can authenticate via 3rd party authentication like openid, google, facebook etc, or comment anonymously.


  • External authentication.
  • Plugged into any page with javascript.
  • E-mail notification to commenters (with unsubscribe-link).
  • Anonymous commenting, if configured to allow.

Client usage

Get your site ID on http://somecomment.domain/sites/ (running your own node or using my example at

Make sure you added your site (with Site.add(server, domain)) at installation /sites/ and get your site_id.

Where you want to enable commenting, add something like (replacing site id and url):

<div class="comments" id="comments"></div>
<script src="http://somecomment.domain/node_modules/markdown/lib/markdown.js"></script>
<script src="http://somecomment.domain/node_modules/q/q.js"></script>
<script src="http://somecomment.domain/client.js"></script>
  SomeComments('http://somecomment.domain/').displayByPage({{site_id}}, '{{url}}', 'comments')

The url should be the pages canonical URL and will be used in notification e-mails.

And, add the css:

<link href="http://somecomment.domain/comments.css" rel="stylesheet" />

Install (server)

Some comments requires Node v4 or higher! I suggest using nvm.

git clone
cd some-comments
npm install
cp config.js.example config.js # Edit to configure…
npm install -g grunt-cli       # if you don't already have it…
grunt migrate:up
node index.js

To run in production I suggest using forever.


Configuration is done in config.js, or by filename sent in as an argument like node index.js myalternativeconfigpath.js.


Used for symmetric encryption of JSON Web Tokens.

secret: 'aRandomString',


State protocol, domain and port. If you use a proxy, this should be the proxies values; used for URLs in redirect etc.

baseUrl: '',


These are the ways the user can authenticat. Some Comments have no authentication of it's own, but relies solely on other systems.


To allow anonymous commenting, include anonymous in authenticators. It could be as {}, but you could also configure default displayName (default: 'Anonymous') and default avatar (could be a URL or gravatar(method) where method is one of the defaults in Gravatar; defaults to gravatar(monsterid).

When commenting anonymously, you will get an automatically created user. Further comments will be as that user until your session ends.

Dynamic OpenID Connect (NOT older OpenID 2.0 or less)

To use Dynamic OpenID, simply include openidconnect with an empty array:

authenticators: {
  openidconnect: []

If you add objects in the array (see below), Dynamic Registration will still be available.

OpenID Connect without Dynamic (e.g. Google)

For OpenID Connect endpoints that haven't implemented Dynamic Client Registration, you need to supply API credentials. For example:

authenticators: {
  openidconnect: [
      title:            'Google',
      shortName:        'google',
      authorizationURL: '',
      tokenURL:         '',
      userInfoURL:      '',
      clientID:         'get your own',
      clientSecret:     'get your own',
      icon:             '',

For Google, you get your API credentials at the Developers Console. Add an Oauth Client, with redirect URIs in the form: http(s)://<shortName>/callback. The shortName is a URL fragment and is needed to separate the callback URIs for each openidconnect issuer.

Note: It's only the icon that is displayed in the login list on default login frame.


authenticators: {
  facebook: [
      clientId:     'get your own',
      clientSecret: 'get your own',

Callback URI will be http(s)://domain/auth/facebook/callback.


Anything that Knex supports.

To use a backend, simply install it:

npm install sqlite3

…and use it in your config:

database: {
  client: 'sqlite3',
  connection: {
    filename: "/var/lib/some-comments.db"

…and run the migrations:

grunt migrate:up

E-mail notifications

email: {
  address: '',
  transport: {
    host: '',
    port: 25,
    auth: {
      user: 'username',
      pass: 'password',

address is the outgoing address used for notifications.

By default, transport is your SMTP settings. It will be sent directly to nodemailer.createTransport, so it can use what Nodemailer can use. To use a a non-builtin transport, you could for example npm install nodemailer-sendmail-transport and in config put transport: require('nodemailer-sendmail-transport')(options).


  • Comment on issue to let others know you started implementing something. Discuss data & code design on the issue.
  • Use gitflow branching model - make pull requests toward the develop branch.
  • Use jscs for code formatting.
  • Skip unnecessary semicolons.
  • Use ES6 const, =>, prefer async/await before explicit promises.
  • Make sure new code is tested both with relevant unit tests and integration tests.
  • Make sure there are working migrations from older versions.
  • See TODO for refactorings waiting to happen…



Upgrade from 0.3:

  1. Update config (database format changed to Knex)
  2. node migrate0.3.0-0.4.0.js
  • #19: Edit/delete own comments.
  • Changing ORM again (using objection.js, but thinking about ditching that and only using knex).
  • Using Bluebird for promises.
  • Required node >= 4 - This is a microservice, does not need to be compatible with old interpreters!

Use with caution; I haven't tested the Dynamic OpenID Connect authentication in this version.


Upgrade from 0.2: grunt migrate:up

  • #4: Subscribing site admin to new pages.
  • Nicer looking OpenID Connect input.
  • More verbose test-page.
  • Bugfix: oidcIdentifiers had wrong table name.


There is no automatic upgrade from 0.1 to 0.2

To updgrade, you need to create the new tables with migration scripts, and transfer the data accordingly. The new db-structure needs data that isn't available in 0.1.

  • Using node-orm2 to get simple models, support different backends and handle migrations.
  • Sending notifications of new comments with Nodemailer.
  • Using canonical URL to identify pages.
  • Adding configurations: secret, email.
  • Changed configuration connector into authenticator.
  • Changed configuration server into baseUrl.
  • Added anonymous commenting.


Working simple version.

  • OpenID Connect authentication
  • Simple commenting testing endpoint: /test
  • Endpoint to get logged in users info: /users/me
  • Some configuration documentation.
  • Better code separation using factories, started using express router.

Still no email notification…

License (GNU AGPLv3)

Copyright (C) 2015 Fredrik Liljegren

Some Comments is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.