Test CookieYes integration

assets/js/critical/_cookie.js

@@ -0,0 +1,48 @@
+/* eslint-disable no-undef, no-unused-vars */
+
+let _manager
+
+function loadScriptSync (src) {
+  const s = document.createElement('script')
+  s.src = src
+  s.type = 'text/javascript'
+  s.async = false
+  document.getElementsByTagName('head')[0].appendChild(s)
+}
+
+function hasConsent (category) {
+  if (typeof _manager !== 'undefined' && _manager !== null) {
+    return _manager.hasConsent(category)
+  } else {
+    console.log('no mgr defined: ' + category)
+    return false
+  }
+}
+
+function getLocalStorage (key, def, category) {
+  if (hasConsent(category)) {
+    return localStorage.getItem(key)
+  } else {
+    return def
+  }
+}
+
+function setLocalStorage (key, val, category) {
+  if (hasConsent(category)) {
+    localStorage.setItem(key, val)
+  }
+}
+
+function getSessionStorage (key, def, category) {
+  if (hasConsent(category)) {
+    return sessionStorage.getItem(key)
+  } else {
+    return def
+  }
+}
+
+function setSessionStorage (key, val, category) {
+  if (hasConsent(category)) {
+    sessionStorage.setItem(key, val)
+  }
+}

assets/js/critical/_cookie2.js

@@ -0,0 +1,35 @@
+// TODO: move to module
+
+/* eslint-disable no-undef, no-unused-vars */
+{{- if or site.Params.modules.cookieyes.force (not hugo.IsServer) -}}
+    {{ with site.Params.modules.cookieyes.id }}
+
+class CookieYesManager {
+  #consent
+
+  updateConsent () {
+    this.#consent = getCkyConsent()
+  }
+
+  constructor () {
+    loadScriptSync('https://cdn-cookieyes.com/client_data/{{ (. | urlize) }}/script.js')
+    this.updateConsent()
+  }
+
+  hasConsent (category) {
+    if (typeof this.#consent !== 'undefined' && this.#consent !== null) {
+      console.log('invoke cky consent: ' + category + this.#consent)
+      return true
+    } else {
+      console.log('cky consent undefined: ' + category)
+      return false
+    }
+  }
+}
+
+_manager = new CookieYesManager()
+
+    {{ else }}
+        {{ warnf "Cannot find CookieYes ID, check 'params.modules.cookieyes.id'" }}
+    {{ end }}
+{{ end }}

config/_default/params.toml

@@ -14,7 +14,7 @@
         transpiler = "dartsass"
 
 [debugging]
-    showJS = false
+    showJS = true
     showSCSS = false
     purgeHTMLComments = true
 
@@ -388,3 +388,10 @@
     wcag_contrast = "https://www.w3.org/TR/WCAG20/#visual-audio-contrast"
     webfonts_helper = "https://gwfh.mranftl.com"
     youtube = "https://youtube.com"
+
+[modules.cookieyes]
+    integration = "critical"
+    state = "immediate"
+    category = "necessary"
+    id = "a54b5553f349dd13bd225f8e"
+    force = true

config/_default/server.toml

@@ -6,7 +6,7 @@ for = '/**'
     X-XSS-Protection = "1; mode=block"
     Content-Security-Policy = """\
         default-src 'self'; \
-        script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; \
+        script-src 'self' https://cdn-cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com; \
         style-src 'self' https://fonts.googleapis.com https://www.youtube.com; \
         object-src 'none'; \
         base-uri 'self'; \

content/en/cookies.md

@@ -0,0 +1,44 @@
+---
+title: Cookie Policy
+description: Cookie policy of gethinode.com
+date: 2024-09-19
+layout: docs
+---
+<!-- markdownlint-disable MD036 -->
+*Effective Date 19-Sep-2024*
+
+## What are cookies?
+
+This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to manage the cookie settings.
+
+Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.
+
+## How do we use cookies?
+
+As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
+
+The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
+
+## Types of Cookies we use
+
+{{< cky-audit >}}
+
+## Manage cookie preferences
+
+{{< cky-banner >}}
+
+You can change your cookie preferences any time by clicking the above button. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away.
+
+In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.
+
+Chrome: https://support.google.com/accounts/answer/32050
+
+Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac
+
+Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US
+
+Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
+
+If you are using any other web browser, please visit your browser’s official support documents.
+
+*Cookie Policy generated by {{< link "https://www.cookieyes.com" >}}CookieYes - Cookie Policy Generator{{< /link >}}.*

content/en/docs/latest/configuration/cookie-consent.md

@@ -1,39 +1,39 @@
 ---
 title: Cookie consent (alpha release)
 description: Configure cookie consent to comply with regulatory requirements.
-date: 2024-09-18
+date: 2024-09-19
 layout: docs
 ---
 
 > [!IMPORTANT]
 > The materials on this website are purely informative and represent a personal view; they do not constitute legal or other professional advice. Consult your professional adviser for legal or other advice.
 
-{{< release version="v0.27.0-alpha8" >}}
+{{< release version="v0.27.0-alpha9" >}}
 
 > [!CAUTION]
 > The support for cookie consent is still in alpha-stage of development by the Hinode team. As a result, the implementation is subject to change.
 
-Regulations such as GDPR (in the EU and UK) and CCPA/CPRA (California) require consent from users about the use of cookies. Without prior consent, the website should refrain from storing or accessing any cookies, unless they are absolutely essential. Site owners should also be able to share proof of the consents (consent logging) on request of the authorities. Lastly, certain countries put restrictions on where to physically store the consent logs.
+Regulations such as GDPR (in the EU and UK) and CCPA/CPRA (California) require consent from users about the use of cookies. Without prior consent, the website should refrain from storing or accessing any cookies, unless they are absolutely essential. Site owners should also be able to share proof of the consents (consent logging) on request of the authorities. Lastly, certain countries put restrictions on where to geographically store the consent logs.
 
-Since release {{< release version="v0.27.0-alpha8" short="true" type="link" >}} Hinode provides support to simplify the integration with cookie consent managers. Cookie consent management itself is not offered by Hinode, but should be relatively easy to implement by integrating with a third-party solution. Review the next paragraphs to familiarize yourself with the available options and configurations.
+Since release {{< release version="v0.27.0-alpha9" short="true" type="link" >}} Hinode provides support to simplify the integration with cookie consent managers. Cookie consent management itself is not offered by Hinode, but should be relatively easy to implement by integrating with a third-party solution. Review the next paragraphs to familiarize yourself with the available options and configurations.
 
 ## Categorizing scripts
 
-Although the laws and regulations specifically mention cookies, strictly speaking, it are the scripts that actually create and interact with cookies. Assigning a Hinode script (or a script bundle) to a specific category informs users about their intent
+Modern websites typically use a combination of local storage, session storage, and cookies to collect and store data. Although the various laws and regulations are commonly referred to as cookie law, the legislation is applicable to all kinds of technologies that enable data collection and processing. In practice, we should look into the scripts that interact with these data storages. Assigning a Hinode script (or a script bundle) to a specific category informs users about their intent.
 
 ### Available categories
 
 > [!IMPORTANT]
 > The available categories and their descriptions are used for illustrative purposes only. It is the responsibility of the site administrator to assign scripts to the correct category.
 
-Hinodes supports the following categorization of cookies:
+Hinodes supports the following categorization of scripts and their intent:
 
 - **necessary** - Necessary cookies are linked to the site's essential features, which include secure log-in and customizable consent settings. There is no personally identifying information stored by these cookies.
 - **functional** - Functional cookies facilitate the performance of specific tasks, such as gathering user comments, disseminating the website's content on social media, and enabling additional third-party capabilities. Hinode uses functional cookies to store the user's preferred language and theme.
 - **analytics** - Cookies with analytical functions are employed to comprehend how users engage with the website. These cookies aid in the provision of data on metrics like number of visitors, bounce rate, source of traffic, etc. Hinode provides a module to integrate with Google Analytics out of the box.
 - **performance** - In order to provide users with a better user experience, performance cookies are employed to comprehend and evaluate the website's important performance indicators.
 - **advertisement** - Advertisement cookies are used to track the success of ad campaigns and show users personalized advertisements depending on the pages they have previously viewed.
-- **other** - Unassigned cookies are categorized as `other` by default. Any cookies used by these scripts should be reviewed and assigned to a specific category by the site administrator.
+- **other** - Unassigned scripts are categorized as `other` by default. Any cookies used by these scripts should be reviewed and assigned to a specific category by the site administrator. Hinode also assigns scripts to this category that do not necessarily interact with cookies at all.
 
 ### Assigning categories to Hinode modules
 
@@ -100,5 +100,8 @@ You can modify this template to your needs. For example, {{< link "cookieyes_scr
 
 ## Using API calls
 
-> [!NOTE]
-> This code is being implemented and will be released soon.
+Hinode uses several script to access and store the user's preferences, including the selected theme and language. Instead of assigning an entire script or script bundle to a category, you can also use predefined APIs. These APIs will give you fine-grained control on when to invoke a cookie consent check. Use the `get*` and `set*` functions to interact with the local storage and session storage respectively. The `hasConsent()` function is a placeholder that should be hooked to your cookie consent manager of choice.
+
+The available functions are defined in `/assets/js/critical/_cookie.js`:
+
+{{< file path="./_vendor/github.com/gethinode/hinode/assets/js/critical/_cookie.js" full="false" >}}

content/en/docs/latest/configuration/modules.md

@@ -1,7 +1,7 @@
 ---
 title: Modules
 description: Customize and extend Hinode with Hugo modules.
-date: 2024-09-18
+date: 2024-09-19
 layout: docs
 ---
 
@@ -50,7 +50,7 @@ The following table provides an overview of the available settings for each modu
 | excludeSCSS     | false | Excludes the module from the stylesheet processing pipeline. Use this setting to get more control of when and where to include the module's stylesheet. For example, the Bootstrap stylesheet is imported by the main stylesheet after initializing the theme variables, but before the custom component styles. |
 | disableTemplate | false         | Excludes all scripts files from processing as Hugo template. The scripts are bundled as-is instead. This only applies to optional modules. |
 | localize        | false         | {{< release version="v0.25.0" short="true" size="sm" inline="true" >}} Triggers the creation of a language-specific bundle file. The language code is appended as suffix to the base name. For example, the English version of `js/main.bundle.js` becomes `js/main.bundle.en.js`. |
-| category        | other         | {{< release version="v0.27.0-alpha8" short="true" size="sm" inline="true" >}} Assigns the module's scripts to a category used for cookie consent. Available values are `necessary`, `functional`, `analytics`, `performance`, `advertisement`, and `other`. See {{< link "cookie-consent" />}} for more details. |
+| category        | other         | {{< release version="v0.27.0-alpha9" short="true" size="sm" inline="true" >}} Assigns the module's scripts to a category used for cookie consent. Available values are `necessary`, `functional`, `analytics`, `performance`, `advertisement`, and `other`. See {{< link "cookie-consent" />}} for more details. |
 <!-- markdownlint-disable MD037 -->
 
 For example, Bootstrap uses the following configuration in its module configuration:

content/en/privacy.md

@@ -0,0 +1,47 @@
+---
+title: Privacy Policy
+description: Privacy policy of gethinode.com
+date: 2024-09-19
+layout: docs
+---
+<!-- markdownlint-disable MD036 -->
+*Effective Date 19-Sep-2024*
+
+This Privacy Policy describes the policies of gethinode.com on the collection, use and disclosure of your information that we collect when you use our website (https://gethinode.com, referred to as the “Service”). By accessing or using the Service, you are consenting to the collection, use and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the Service.
+
+We may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on the Service. The revised Policy will be effective 180 days from when the revised Policy is posted in the Service and your continued access or use of the Service after such time will constitute your acceptance of the revised Privacy Policy. We therefore recommend that you periodically review this page.
+
+## How we share your information
+
+We will not transfer your personal information to any third party without seeking your consent, except in limited circumstances as described
+below:
+
+- Analytics
+
+We require such third party’s to use the personal information we transfer to them only for the purpose for which it was transferred and not to retain it for longer than is required for fulfilling the said purpose.
+
+We may also disclose your personal information for the following: (1) to comply with applicable law, regulation, court order or other legal process; (2) to enforce your agreements with us, including this Privacy Policy; or (3) to respond to claims that your use of the Service violates any third-party rights. If the Service or our company is merged or acquired with another company, your information will be one of the assets that is transferred to the new owner.
+
+## Your rights
+
+Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask us to share (port) your personal information to another entity,withdraw any consent you provided to us to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. <!-- To exercise these rights, you can write to us at privacy@gethinode.com. We will respond to your request in accordance with applicable law. -->
+
+Do note that if you do not allow us to collect or process the required personal information or withdraw the consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.
+
+## Cookies etc.
+
+To learn more about how we use these and your choices in relation to these tracking technologies, please refer to our {{< link "cookies" >}}Cookie Policy{{< /link >}}.
+
+## Security
+
+The security of your information is important to us and we will use reasonable security measures to prevent the loss, misuse or unauthorized alteration of your information under our control. However, given the inherent risks, we cannot guarantee absolute security and consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.
+
+## Third party links & use of your information
+
+Our Service may contain links to other websites that are not operated by us. This Privacy Policy does not address the privacy policy and other practices of any third parties, including any third party operating any website or service that may be accessible via a link on the Service. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
+
+<!-- ## Grievance / Data Protection Officer
+
+If you have any queries or concerns about the processing of your information that is available with us, you may email us at privacy@gethinode.com. We will address your concerns in accordance with applicable law. -->
+
+*Privacy Policy generated with {{< link "https://www.cookieyes.com" >}}CookieYes{{< /link >}}.*

go.mod

@@ -4,7 +4,7 @@ go 1.20
 
 require (
 	github.com/airbnb/lottie-web v5.12.2+incompatible // indirect
-	github.com/gethinode/hinode v0.27.0-alpha8 // indirect
+	github.com/gethinode/hinode v0.27.0-alpha9 // indirect
 	github.com/gethinode/mod-bootstrap v1.3.1 // indirect
 	github.com/gethinode/mod-flexsearch/v2 v2.0.1 // indirect
 	github.com/gethinode/mod-fontawesome v1.10.0 // indirect