Nathan Vangheem - Building a Castle

published Oct 21, 2016

Talk by Nathan Vangheem at the Plone Conference 2016 in Boston.

I work at Wildcard, mostly on highly secure websites. I am on the Plone Security Team.

CastleCMS is an opinionated version of Plone. It packages all kinds of things up for Plone that we have been doing for security.

It is not a fork and it won't ever be. We want to work with the Plone community and want to continue to innovate with Plone. It gives us a place to innovate. Performance is important for us, and we have integrations like CloudFlare for that. ElasticSearch indexes all your content, with an asynchronous implementation of the search api. We heavily use Redis, using it as a cache that is shared between clients or threads. ZRS (Zope Replication Services) to share the load over databases. A lot of ReactJs. z3c.unconfigure for some adapters. And sometimes just monkey patches if there is no better way.

Security is integrated 2-factor authentication. Too many login attempts lock you out. The root Zope user can only login at the root of Zope, not in Plone.

Adding content is done slightly differently, and everything is Mosaic. No display menu, no default pages. All videos are compiled to a web compatible format asynchronously when uploaded. We have a Map tile for OpenStreetmap. Focal point image tile, where you can indicate what the main focus point of an image is, which is then using during image cropping. Social media tiles. All tiles are integrated with patternslib. We have a preview for different screen sizes.

We have a plugin for ElasticSearch to let the search results order be impacted by Google Analytics and social media popularity, for anonymous users.

You can audit what users have been doing. You can login as a different user. We have additional integrations with Google Analytics, archiving of content in S3, sms support, twitter. Recycle bin. Celery integration for asynchronous tasks like video conversion or pushing large files or moving lots of documents.

What is missing? Diazo (you could use it for theming, but we don't, and you don't need it for moving html content around), portlets and viewlets (just use tiles, also possibly inheriting from parent pages), default pages and display menu (we use Mosaic).

When stuff is not open sourced yet, bug me about it.

Roadmap: chat (rocketchat, ask Sam Fords about it), Mosaic enhancement, built-in A/B-testing, continue to refine the UI, more rich tiles, on the long term use plone.server.

We use React because it is better for small parts of the page. If you create a whole app, Angular2 would be better I think. We can fight.