Doug Elkin

Software Engineer

About Preaction CMS


Thoughout 2018-2022, I worked on a project I called Preaction CMS, and decsribed it as a "barebones, extendable CMS built on top of simple JavaScript libraries."


"Simple" could probably be more accurately described as a hodgepodge of the most predictable javascript libraries that one might choose to build a CMS in the year 2018.


Specifically: Node, Express, Sequelize, SQLite, React, Bootstrap, Axios, SASS, Webpack, Jest, ESLint, Prettier. It is also using the Quill editor for WYSIWYG editing.


It has some great features:


  • SSR by default
  • Cached responses with automatic warming
  • Optional Google Analytics
  • EXIF data removal for image uploads
  • Sitemap.xml generation
  • Socket.io-induced automatic page reloading
  • WYSIWYG editing
  • Extensions for both backend and frontend
  • Path-specific settings
  • Redirect management
  • Feature parity between desktop and mobile
  • Support for non-empty root path
  • Unit tests on both backend and frontend
  • Database backups for every write operation, and a restore feature as well
  • It's also an SPA, and it selectively reloads only the parts of the page that need to change when you navigate


Backend extensions are as simple as writing an express middleware function with the (request, response, next) signature. Frontend extensions are just React components that accept some standard props, and there is also an extension API for the administrative side of your extension. Custom S/CSS style overrides can be done at compile-time, or placed in a static location and using an extension block type to add the style block to your page header.


Keeping in mind that there's nothing keeping you from writing an extension that does something insecure, it's reasonably secure by default. It uses bcrypt password hashing, CSRF protection, Randomized admin PW by default, signed cookies with a randomized default cookie secret. Support for SAMESITE=secure. It also has a read-only mode, which disables all admin-required and CSRF-protected middleware.


It achieves good performance using SSR and pre-warmed cached responses by default. For the frontend javascript, the main bundle delivered to users is just 133 KB gzipped. Accessing the administrator functions will give you bundles which amount to to less than 100 KB of additional gzipped javascript.


I've used this in the past as a technical foundation to build knowledgebase websites for higher ed institutions. The extensibility allowed me to build a template site using CRM-derived data to serve potentially thousands of client-specific sites all running from the same lightweight instance.


This website, https://dougelkin.com, is a live instance of Preaction CMS. You can find the source on Github.


Building a CMS from scratch is not exactly something I want to do again, but I have found joy in this project. Follow me on Fosstodon to stay up-to-date on my thoughts about this.


~ Doug