Log in Sign up

Restricted/Dynamic content through the template?

Not a developer, programmer or anything, but I thought something may be possible if I'm not misunderstanding how Blot works or missing anything...

Since everything is public as rendered from the template on the server, could it be possible to use a system of conditional templates or template-based functions based on metadata of the file to restrict access to a page or show context-depending data (like user information)? I mean, coding a script with a call to some authorization service or similar API in a template, a script that would be conditionally used either as part of a page included in another template or doing something like having a template for a whole page to show only private content, that would be used depending on the presence of some metadata or not used if such metadata is not present?

For example, using a whole-page template or part of a template for conditional/private information to be shown as part of the rendered page if an "access" metadata field is not false or has a certain value.

Would it be possible? Would whatever is rendering the template receive data from an API and could it be done in a secure way (like with an HTTP-only cookie restricted to the same domain if hosting the API on a subdomain), without anything being exposed in any way? Or is it impossible or insecure?


a year ago, 3 replies   developers   Edit question

It's not possible to do this properly on the back-end given the way Blot's template engine is structured. There's no way to conditionally render pages based on say cookies. Blot will return the same page given the same URL.

However you could implement content restrictions on the front-end superficially, perhaps using something like octauthent

Answered a year ago · Edit answer

I wonder if Hype (formerly Pico) does what you're looking for @ https://help.hype.co/hc/en-us/articles/8786955752851-Installing-Hype-on-your-website? They do charge with a free basic tier.

I've kept an eye on them because one of my other sites is non-Wordpress and it was a viable way to still paywall articles.

Ray

Answered a year ago · Edit answer

Thank you for the replies. Some clarifications:

I didn't mean returning different whole pages based on cookies and URL, but mostly having the template render different things from the received data combined with some metadata. Just like I remembering doing with only internal data in some multilingual blog with Blot some time ago where I used a master template dynamically including different page templates depending on a language tag in the metadata. Anyway, I understand from your reply that it's not possible with something like data from API calls.

I've tested Octauthent and other similar services which protect superficially as you said or don't do it in a really safe way (cookies not being anything of: http-only, secure or same-site). I'd rather use Cloudflare access tools for that, which don't present those problems, but I was just hoping a more... integrated solution could also work.

Answered a year ago · Edit answer