A simple and private comment system, runs on Cloudflare Workers.

• No login
• No cookie
• No browser fingerprinting (if you don't think the hashed IP is a fingerprint)

This monorepo contains three packages:

• server: Backend API built with Hono for Cloudflare Workers
• client: Frontend widget, outputs ESM and UMD bundles
• shared: Common TypeScript types and utilities

• HMAC_SECRET_KEY - A random string used for HMAC token generation. Select a long and strong random string.
• CORS_ORIGIN - The allowed origin for CORS requests.

For development, create a .dev.vars file in the server/ directory:

# .dev.vars

HMAC_SECRET_KEY=your-very-long-and-secure-random-string-here
CORS_ORIGIN=*

For production, use Cloudflare Workers Environment Variables or Secret.

# Install dependencies
pnpm install

# Build shared types (required before starting client/server)
pnpm build:shared

# Start development servers
pnpm dev

# Client development
cd client
pnpm dev

# Server development
cd server
pnpm dev

# Shared types development (watch mode)
cd shared
pnpm dev

# Build all packages
pnpm build

# Or build individually
pnpm build:shared  # Build shared types first
pnpm build:client  # Build client library

After building, the client package outputs two formats in client/dist/:

• ES Module: yangchun-comment.es.js
• UMD: yangchun-comment.umd.js

Take ESM for example

import { initYangchunComment } from './path/to/yangchun-comment.es.js';

initYangchunComment('ycc-app', {
  post: window.location.pathname,
  apiUrl: 'https://your-api-url.com/',
});

# Deploy server to Cloudflare Workers
cd server
pnpm deploy

• Using PoW (proof of work) to replace IP-based bot attack prevention to reduce the impact on different users with the same IP address, and further eliminate the need to store IP hash values on the backend server (storing hashed IPs may be considered a lightweight user tracking method)